Malware Analysis Report

2025-01-02 15:06

Sample ID 201106-ymprz7t686
Target 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
Tags
cerber evasion persistence ransomware spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4

Threat Level: Known bad

The file 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4 was found to be: Known bad.

Malicious Activity Summary

cerber evasion persistence ransomware spyware trojan

Cerber

Adds policy Run key to start application

Modifies extensions of user files

Executes dropped EXE

Drops startup file

Reads user/profile data of web browsers

Deletes itself

Loads dropped DLL

Checks computer location settings

Looks up external IP address via web service

JavaScript code in executable

Checks whether UAC is enabled

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of UnmapMainImage

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Runs ping.exe

Kills process with taskkill

Modifies Control Panel

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-11-06 11:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-11-06 11:47

Reported

2020-11-06 14:55

Platform

win7v20201028

Max time kernel

151s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\EnterJoin.tiff C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Users\Admin\Pictures\BackupCheckpoint.tiff C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Users\Admin\Pictures\CompressBlock.tiff C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Users\Admin\Pictures\DenyTrace.tiff C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\syskey.lnk C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\syskey.lnk C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

Reads user/profile data of web browsers

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\syskey = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\syskey = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\syskey = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\syskey = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp5FA.bmp" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote-PipelineConfig.xml C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote.ini C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\syskey.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DC0B9BB1-2047-11EB-B6F4-EAC4A56BD8AE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB923591-2047-11EB-B6F4-EAC4A56BD8AE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000033044fc40189d459fe40d0e3dcc9b6600000000020000000000106600000001000020000000a1930d6a5f4b123035172971b3d25e89bf313c49ea9163ca3d7cfad0d320cc76000000000e8000000002000020000000e321e8411a252e0a2bc1012b70d4672b533494112426ef9867fde764c4a43e60900000006a4525ac22ca7d32f62aa1f9a8dff6ce5bd679be66864b6cc098313b45ddda5749206b3a157ace374b6c7f777a51e7da6e077e64bc72a872b690557408c6e03bdc37eac08372e34e0e5cdf685b8d4a19ac91330ae015feb707ecb540a10882a1345aa6e78e8eb95f9102089baa252dad5b11d437edb3ef87b888a589c26a4b057157e53cb641d4a340a5ffa42bd930c2400000001d285d83d90aab6f6311e9a12119008bee4d2a0d066a3e40ea149c1429adf56d0c5d13c4254c649a69c56549e8872a060c9b827f2e250e5fd66c495090a8f1b0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407893a054b4d601 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000033044fc40189d459fe40d0e3dcc9b6600000000020000000000106600000001000020000000e0ae708ce3fa4ff4498ce9cdbc667c459a4cf8f5f6f2fc003097cf33802c369c000000000e8000000002000020000000b7fa03352b5e0d3c859f5b2cd017c682ae4f79077c2ee33fdb3f4210b2acc49920000000a2ebab24992e0153128a06069b89c04c7c99b4428c5c275ed9948e1ec5506ddd40000000bcee3e006408e404785f161784a33b2695639f5492d10b0a298c7c21ff2dd840a0b2aec4a77002f6d54fc1f5af5202c35e654d8408d02cccfbe21a77d51ec5db C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1916 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1916 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1916 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1916 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1916 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Windows\SysWOW64\cmd.exe
PID 1916 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Windows\SysWOW64\cmd.exe
PID 1916 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Windows\SysWOW64\cmd.exe
PID 1916 wrote to memory of 1980 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Windows\SysWOW64\cmd.exe
PID 1980 wrote to memory of 1324 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1980 wrote to memory of 1324 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1980 wrote to memory of 1324 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1980 wrote to memory of 1324 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1980 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1980 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1980 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1980 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1044 wrote to memory of 1656 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1044 wrote to memory of 1656 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1044 wrote to memory of 1656 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1044 wrote to memory of 1656 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1416 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1416 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1416 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1416 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1416 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\NOTEPAD.EXE
PID 1416 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\NOTEPAD.EXE
PID 1416 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\NOTEPAD.EXE
PID 1416 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\NOTEPAD.EXE
PID 1716 wrote to memory of 360 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1716 wrote to memory of 360 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1716 wrote to memory of 360 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1716 wrote to memory of 360 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1328 wrote to memory of 1688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1328 wrote to memory of 1688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1328 wrote to memory of 1688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1328 wrote to memory of 1688 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1416 wrote to memory of 108 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\System32\WScript.exe
PID 1416 wrote to memory of 108 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\System32\WScript.exe
PID 1416 wrote to memory of 108 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\System32\WScript.exe
PID 1416 wrote to memory of 108 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\System32\WScript.exe
PID 1044 wrote to memory of 1104 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1044 wrote to memory of 1104 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1044 wrote to memory of 1104 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1044 wrote to memory of 1104 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe
PID 1416 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe C:\Windows\system32\cmd.exe
PID 2064 wrote to memory of 2100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2064 wrote to memory of 2100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2064 wrote to memory of 2100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2064 wrote to memory of 2196 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 2064 wrote to memory of 2196 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 2064 wrote to memory of 2196 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe

"C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe"

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

"C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\system32\taskeng.exe

taskeng.exe {7BDAC3B0-8CB8-4AE2-BF88-779CFADFE822} S-1-5-21-293278959-2699126792-324916226-1000:TUICJFPF\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:275457 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x460

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "syskey.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "syskey.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 ip-api.com udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 go.microsoft.com udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 104.24.104.254:443 chain.so tcp
N/A 104.24.104.254:443 chain.so tcp
N/A 8.8.8.8:53 sochain.com udp
N/A 172.67.69.167:443 sochain.com tcp
N/A 172.67.69.167:443 sochain.com tcp
N/A 8.8.8.8:53 crl.verisign.com udp

Files

\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

memory/1416-1-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

memory/1980-3-0x0000000000000000-mapping.dmp

memory/1324-4-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

memory/1820-6-0x000007FEF7D20000-0x000007FEF7F9A000-memory.dmp

memory/1832-7-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\syskey.lnk

MD5 f15c979f7b73f9e6fd5e04daee2ffe29
SHA1 f858861dfb3439165e69accc564660668e73883e
SHA256 c07c0746d5615ef5c9ee41c467bf98cf72c8acf8c97c7e1c58cf0e6a891b4e0f
SHA512 6a16fc8d921182f16f20a7122d0a7e4561b5ca0b4ecb30c643d053cf7e5503c8cbbd7e4d65009004c4122bc08341b849fe766b6bbe524f3917dc5b7361f58e4b

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

memory/1656-9-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

memory/1716-12-0x0000000000000000-mapping.dmp

memory/1992-13-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

MD5 d2f660933b8dee7e1bdf53767bbef0e3
SHA1 29954471247dd19c5a62b641fe6ca02d5f20839d
SHA256 35e4fb3c01e37835060fa6dc0956a3e74b72a8b690683d83360a61a38179718c
SHA512 a5ec8c5ff6c3e435309ad01f57df885f2245c38ce4ea59d3e578ba31762283e047d23569c5a6b74a67626672c71caa2a48ab2da03a49356a9b75cfe810568c99

memory/360-15-0x0000000000000000-mapping.dmp

memory/1688-16-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB923591-2047-11EB-B6F4-EAC4A56BD8AE}.dat

MD5 197198fa4db77cb261e8b3cf74eb1e7f
SHA1 f469e9f1cf19ba2a12c88bc5c93ba6e7ae620175
SHA256 7dee53ce5e29f8faa1237b5a582985b32eea5434e8dd3781b03606560208f73d
SHA512 81280b88c69ca3d9bc5ef90855884a4892486f0c58309d7a4f0de412891043089b3ef0b541c03c6a31f136a050837e7ea0623a15d1c86bc0f680837da5029cf3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC0B9BB1-2047-11EB-B6F4-EAC4A56BD8AE}.dat

MD5 52a611cdb4676b40291e5ac799e5af85
SHA1 82e2b36fdd4466ff0d8f00ae189c8f54e25e1d9e
SHA256 25c46fb579256d7dd2f48648b7b0afaa2421c54691ba516f10e6d3910368fb3c
SHA512 2a932db2da961f13fd2eb8b19945779da95777afeb40c477d4d9b0930380853b3ee0934bdbb9daddbe7647fcd5d15e21d96ff6831b25d38e924b7643bb51eb71

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

MD5 974ba59a164a7be9e8477f4f55f5402f
SHA1 4f9ea36f7b1562b464e792b30cfd29f229497cce
SHA256 aae689521b7c4a2be053ab39d076f58d6f44ec772c61bd52e0a98d3cb5b9f7eb
SHA512 eb02800526871b6be81acd599f6522f40646cbbd0eca097251b0e5fcd312aaeebe4f1ca376444bc8ea44316be64d34c1ab05dc77abefec12a4355fee02402419

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.url

MD5 3568eef3a9d6aa1253957e6285ff466c
SHA1 b8ea97b378e6271d8e31878ba89e2249f8fd3a75
SHA256 e706dc48aa9a00012e360344a293392802f9882612a6c8f125367e1969610b5a
SHA512 826e8063e04f43b934c77298fedc287f7ad55e84df65dd706112cd088022a0bef8ff278317359b74be2110dcfc061f79b2beeb5bbbde84f9edd431c488f7ceac

memory/108-21-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

memory/1104-23-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\syskey.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

memory/2064-28-0x0000000000000000-mapping.dmp

memory/2100-29-0x0000000000000000-mapping.dmp

memory/2196-30-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-11-06 11:47

Reported

2020-11-06 14:55

Platform

win10v20201028

Max time kernel

149s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\AssertUndo.tiff C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
File opened for modification C:\Users\Admin\Pictures\CheckpointImport.tiff C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\UIMgrBroker.lnk C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\UIMgrBroker.lnk C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A

Reads user/profile data of web browsers

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\UIMgrBroker = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\UIMgrBroker = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\UIMgrBroker = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\UIMgrBroker = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp3BC2.bmp" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\UIMgrBroker.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Colors C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 60fd46464cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileCountryCode = "US" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{6AC4E563-C2B7-43D4-BA2C-71291261B66B}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1022d3334cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1c6c994d4cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000dc515f3e2e195b8c2ecf52d92189dae064c76605a2c80793db9043b231d4638e2436f855558c0b8fb0155009bdb65b3249c4989a7bf5fde8d105 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 438a78334cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "311487800" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = bd44e4374cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 20ba22987eb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersio = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000057ca9d54bf5b114bb1038bce28f8108c4f5656c6e387f09e1c0f139f682548607ede827944bf34f2e9f8286a91b7fc8e9c3683a49e858f1c76352273d5533a2bd373a5afcc9fe33e57775899e1aa946ccdd909fca663fc30ded7 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\5FF1348C80820F2A98 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\Enabled = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d02f5d464cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesVersion = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{11FE1772-658C-4D7C-9B1E-A6F26430F77B} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "5" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B = 03000000010000001400000083da05a9886f7658be73acf0a4930c0f99b92f011400000001000000140000003656896549cb5b9b2f3cac4216504d91b933d79104000000010000001000000062455357dd57cb80c32ab295743cccc00f00000001000000200000006811c6215f18c75fdbe32cf56bd66248562a7fa3ba459cfee338745061e583941900000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d705c000000010000000400000000100000180000000100000010000000bb048f1838395f6fc3a1f3d2b7e976542000000001000000dc060000308206d8308204c0a003020102020a613fb718000000000004300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131313031383232353531395a170d3236313031383233303531395a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f66742053656375726520536572766572204341203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100d00bc0a4a81981e236e5e2aae5f3b2155875beb4e549f1e084f9bb0d64ef85c18155b8f3e7f16d40553dce8b6ad18493f5757c5ba4d47410ca32f323d3aeeecf9e0458c2d947cbd17c004148711b01671718afc6fe73037ee4ef439cef01712a1f81264377985457739d552bf09e8e7d060eac1b54f326f7f82308228b9e061d3738fd72d2cae563c19a5a7db26db352a96ee9aeb5fc8b36f99efaf61c581b9756a511e5b752dbbbe9f054bfb4ff2c6cb85d26cea00ad7df93ed7fddacf12c731ad9193755badd22788ea1d49b09f807223171b094aee0b0e726445790819715ce61ec65e24bf185521632f8b578aa7ecd4dec8321a4a89bbe9a6a04e0a31ccd56186cfd6b2f423ee237f272abd07873727bdeec0058e52130a3083a99ef9fc3f77a169665b5c381aff4397049aff6a9f66a0038f9b40819e01a35a55676225f6af269ae3ead58464db854f68941441e72b1bc122753d2c1ffb2cd50981eb5f4bbb6c28239d9ac1bf23b27846ab0c6260bd73a10e7b3db7cd356ac534c0bfa3b313774d8592bf9007919067bfd1c1d42d4410d2f050ed56b4923ffcfcdf87a82cfda3c2ddfe8d8120418ba1e8877b8981f1007bbc8057e0b09bf6bdde34e5bb0f9c784a63bca4c9f5b6229f7c7a2a89588702ce5c13f3c52234f409ac33185832fbf29f11d508f219607ceeff280c2447d9b62ef2fc37789ab454d533e0279d30203010001a382014b30820147301006092b06010401823715010403020100301d0603551d0e041604143656896549cb5b9b2f3cac4216504d91b933d791301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014722d3a02319043b914054ee1eaa7c731d1238934305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f436572417574323031315f323031315f30335f32322e63726c305e06082b0601050507010104523050304e06082b060105050730028642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f436572417574323031315f323031315f30335f32322e637274300d06092a864886f70d01010b0500038202010041c861c1f55b9e3e9131f1b0c6bf0901b49db69074d709dba62e0d9fc8e7763446af0760894c81b33cd5f4123575c273a5f54d848ccba45dafbf92f617085742957265057679adeed1bab82e54a35107ac68eb210ce32581c2cd2af2c3ffcfc2bd49189ac7f084c5f914bc6b95e596efb342d253d54aa012c4ae12765309560e9df7d3a6498850f28a2c9720a2be4e78ef0565b74ba11688de31c70842247ca47b9e9dbc60005e6297e393fca7fe5b7b25dfe4537f4bbee63ef0db0179421c6e856c7db64430fba5379293b2a5ee20ad3f53d5c9f4286b57c1f81d6ab7562ab627811ca62d9fe7f4d0318397a82ab6acbe1b41f5e4895f56fbda5ad35e7d5594107e5357f44a3d402ac8bd679f84e110eefdda6b158249fc461dff4506749c4214edc539d3b3cd0b832790435192f24482ae6e9a1517b219fac7456c98017bbf37a9b088a492bc3838e01de47c97981a2e5fef3865b7352fbd7f4f21fac48cd26f06f94935eadf200f25aaea60ab2c1f4b89fcb7fa5c54904b3ea2284f6ce45265c1fd901c8582886ee9a655dd21287945b014e50acce65fc4bbdb6134699fac2638f7c1294108152e4ca0f7f90c3ede5fab08092d83acac348362f4c949428925b56eb247c5b339a0b1201b2cb18e046fa530491cd046e9405bf4ad6ebadb824a87124a80094ddbdf76b9055b1be0bb20705f0025c7d30efa16ad7b229e7108 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\Md5FileCheck = 9fa75725855604a758366c6a1d9f0311 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000cd1d46535db9a5ffb7e28532b672d8a0a59e37f4e18685c5228a09bc5e4c24f3b4a10fb0a6cd0afcd9c591534a1dc66b4db22c93dd3be8b6f88d C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileVersion = "10" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "311508982" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c22938334cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{2AFB5867-301F-4FED-BCEF-E8F1B0B5AAF6}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = c0baa32a9dd2d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7ee3d9374cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000ee854ff9f84495c55cf2a3243b2388fa16e19aa38fc354dc1dc8c03921b65fe00df7f9ee5710d5bf9331b40da689587c294d6611319f3ab453d48160bab1a12fc9a56449af24191a29949af9cd818c1f0f0694ef6c948ec89d9540f2fd8db069c4b142b27422bdec713c596233aa442e2a2c25394542fda8f42b98cde7ead3530e3aa7ba99a8c2e9f8488ffcdba33f0232df8e442d49351b55b7d93868695f48975f1dba4f58f4bdbbda9cb5b50e4859093f5ccf50496d05b757ff2e73a84d5929423c8144d0c5fcbf11dab54d8a83b7036c7fd4bbe1f9e0e12ca0fb6e48f57297010fd893b1e5a0120d0e1696b6d8d80b861136e5b36ec314575a2987e969982ebe8bd1399c1c1818eee89c0f345e3422ad7a37f75e26f573f6e8bad82bbc3098970ee8c82f21e687d3ece440a3aa8d3701bbbfc682b115c52af2b9b4ae8d5e01ae1af2340c9dcddbdea4d5aaa28f9901a2a479c9bf6dd59e13a4128c12a76ce021e7df3ed1df933d2e4f6508d307af0fb02eb8e0b5143746d2ddc255f857463d12534bac1f4b4a5be31ead66d5b589704bf12e6304b36d06d1e8210cd1d848a0a890fe72f3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "311455808" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\5FF1348C80820F2A98 = 0300000001000000140000005ff1348c80820f2a988d0c0c7abea0ea394b5e6c040000000100000010000000fd42404f68fae3f0d490e8d19d08ab1d0f00000001000000200000005546bb2210de2560292e6f4610af4ffbdb453f9bf9983e62942c35959e16038d140000000100000014000000b3b30880146b0eb235e8e136e7d15c9c4847f5f3190000000100000010000000e142e209d34bfb2eac257eb76a2b61e15c0000000100000004000000000800001800000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d702000000001000000e5050000308205e1308203c9a0030201020213330000016fd585f24b93e88a0700000000016f300d06092a864886f70d01010b0500307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420536563757265205365727665722043412032303131301e170d3139313231323030303333315a170d3231303331323030303333315a3081a3310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e310d300b060355040b130442696e67311b301906035504031312494520496e737472756d656e746174696f6e3121301f06092a864886f70d010901161271666265406d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cfb24782c35c66c63688c01ed857df9a4330b81628c86831de4d577f8cb2155b880ee41953a18ac28de644bacfa97558ec6f522490f103b7fa0092430f8e0ba55c36dd91f6f1f91baec6eb3581d89133141e1580e02ec2445e5380b178f92f81e97193be8be1223d36e5f2be070a3db6ac17987ea3b42d15994c73a10e64794da4660a5d875e179c567bb06ecfd7cbf4c1ee4fe453284e72877d746a3e178788a1bd540ba9250a931a11105bb98f1b2b757fa6c5ade16e7cc1d1628fedb716018526f5b56630b54cd5f75f938e9b4a956609cc441aac84a10a101f6429b6fceb9434a41b24f0ca9781bf72b010f14bd13dc5d996b6ed6c4d53156969dd04f7390203010001a38201303082012c300e0603551d0f0101ff0404030204f030150603551d25040e300c060a2b0601040182374c0c01301d0603551d0e04160414b3b30880146b0eb235e8e136e7d15c9c4847f5f3301f0603551d230418301680143656896549cb5b9b2f3cac4216504d91b933d79130530603551d1f044c304a3048a046a0448642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f4d69635365635365724341323031315f323031312d31302d31382e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63657274732f4d69635365635365724341323031315f323031312d31302d31382e637274300c0603551d130101ff04023000300d06092a864886f70d01010b0500038202010064d81278e224099c122690412271d5f2d92ae1c00f7135d64f63663ccc0588826bf24cc6cffa0d6666b7e3f989825dd1021fd1bdc6a9d4a492c0f46198534382204d8668b0f3c8d85f9f614f7fff47e391a4fdc89dba1b423f1d2a8d4986ff42bac032a21224b246b03ffef26e7da49d3ef381ff9d669cda0234445bff395be1b70627f013ccde692280d75d690b4f4c5e3a123b379bd30bdc6cf1af0c69d97eb0aa4f580eb4e876465b2c62514a612a3971f6bc6ace33f569e0cbcbd5498caf2af949952c310221a382d0a7fbc4594b0bfe96a1c81d26639b249beea28179ead8377bf70e9a09596997af2b405c5425a1e5e6e46b065016901b7cd120e2389d47924b1f834955135461f7592c9487e3910bf0de382ad5906dd8c46b321b176698caaec19d1ee10aa6679981d8f2f5c40d69240a7075ce4341305d2bbd082e03c81c41baeb557b41904482ae88d0566f339ab517ae2f84223d567f9ec734c1c5a2be39aa24c49930b6428bbe2fa300f2369e1c8cc554c14010f1ee518afa32e4bf0a15cb251d37791338f5ade8ced4b67ca5fc56320c2c2973f9b13e250dabe4a373580becf787afd552c6b293dfc7bfb1f67739c64df74ae3d373e2db9c27090fe15e58591824e4f150602af628917a6d1353919cd0a8489596f97070833a98b34c2d3a0ebafda2f81096533b773c5914d7f05e66cb17af2bcd11ad517440b5 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "ttm1dzc" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 752cfa324cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e4ffd5374cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d51c4a464cb4d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "311439214" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3408 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe
PID 3408 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe
PID 3408 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe
PID 3408 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Windows\SysWOW64\cmd.exe
PID 3408 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Windows\SysWOW64\cmd.exe
PID 3408 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe C:\Windows\SysWOW64\cmd.exe
PID 2928 wrote to memory of 4012 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2928 wrote to memory of 4012 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2928 wrote to memory of 4012 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2928 wrote to memory of 1412 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2928 wrote to memory of 1412 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2928 wrote to memory of 1412 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2600 wrote to memory of 648 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe C:\Windows\system32\NOTEPAD.EXE
PID 2600 wrote to memory of 648 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe C:\Windows\system32\NOTEPAD.EXE
PID 2600 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe C:\Windows\System32\WScript.exe
PID 2600 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe C:\Windows\System32\WScript.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 792 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2600 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe C:\Windows\system32\cmd.exe
PID 2600 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe C:\Windows\system32\cmd.exe
PID 4528 wrote to memory of 4572 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4528 wrote to memory of 4572 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4528 wrote to memory of 4620 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 4528 wrote to memory of 4620 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1548 wrote to memory of 4244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1548 wrote to memory of 4244 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe

"C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe"

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe

"C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x358

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "UIMgrBroker.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "UIMgrBroker.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
N/A 52.109.12.18:443 tcp
N/A 8.8.8.8:53 ip-api.com udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 104.20.21.251:80 api.blockcypher.com tcp
N/A 104.20.21.251:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 104.24.104.254:443 chain.so tcp
N/A 104.24.104.254:443 chain.so tcp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 8.8.8.8:53 iecvlist.microsoft.com udp
N/A 72.21.81.200:443 iecvlist.microsoft.com tcp
N/A 8.8.8.8:53 ieonline.microsoft.com udp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 8.8.8.8:53 go.microsoft.com udp
N/A 69.192.69.99:443 go.microsoft.com tcp
N/A 69.192.69.99:443 go.microsoft.com tcp
N/A 8.8.8.8:53 www.microsoft.com udp
N/A 8.8.8.8:53 www.bing.com udp
N/A 204.79.197.200:443 www.bing.com tcp
N/A 204.79.197.200:443 www.bing.com tcp

Files

memory/2600-0-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

memory/2928-3-0x0000000000000000-mapping.dmp

memory/4012-4-0x0000000000000000-mapping.dmp

memory/1412-5-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\UIMgrBroker.lnk

MD5 3b9646821e094f3f0b96aa27dbc5b997
SHA1 c50259a141bc1871f83608a3bc178149a3fee813
SHA256 de05c682efbb419238c9f21d378bdd53901860a8fd1215eb31b801ee7dd3ca4b
SHA512 04208509b59bd82d3bc3b2689a02a3b0a6fd5cf08c9d2893e6b31bf53ab17eaa70a868f1ed0122561d301b07a2464e0c8cd2c3fd36dc9416245fb78499737398

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\UIMgrBroker.exe

MD5 f88352a6d3b2004925005c4994805d92
SHA1 659df551db4342ab5896c0092d3a6487ebf5c229
SHA256 824ab34b2a34ccc9ef69f5fa851ba7ec87042443ecaeb6a573f43f9c944f43a4
SHA512 5ce286bd1ea36de8980bcc4c6c8f293c12fa6c5c577761c8b91bc256caa569a631fda7599d86dfdd40b66efe61be75b4b7877ef4d4bd8bf786ee119082953cda

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

MD5 87aeb635442f2e53d3fe1f72a0cd305d
SHA1 bc20c9fccc8804f8eb7cfeaedf85e7689162012f
SHA256 6e3f931e3bfd9a143fb04d0ce1c50ab53ea747b6b7742a416abfec7c6b676171
SHA512 7ef053b65f6d2220d85b727850145c7e029fcff54032b8950ac015ff3171a70f12e962c194fcb1df2479cb53ce78e58e761410352150761a5f1941f6d5e59435

memory/648-9-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

MD5 e2cf84777a497d346aa2d574c8f89fc5
SHA1 0137c9a218dc4e3ff859bc7f3f5e89b0149bacd8
SHA256 40423ad77dd7b5128e5b6b54fe0f0ea1f0fd77f5459843e1d4b9b40cb0e3fd1a
SHA512 1d7fead5a5fb7c02aa3bd8f062c0e5fbea939e7c32b3a0da8b1c327f827742497436277197dfbd73e4bc61577b8d23d48b91105fae5375e4598905769605bc46

memory/4156-29-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

memory/4528-43-0x0000000000000000-mapping.dmp

memory/4572-44-0x0000000000000000-mapping.dmp

memory/4620-45-0x0000000000000000-mapping.dmp