Malware Analysis Report

2025-01-02 15:02

Sample ID 201112-eh4136a3ws
Target 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
Tags
cerber evasion persistence ransomware spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1

Threat Level: Known bad

The file 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1 was found to be: Known bad.

Malicious Activity Summary

cerber evasion persistence ransomware spyware trojan

Cerber

Adds policy Run key to start application

Executes dropped EXE

Modifies extensions of user files

Deletes itself

Drops startup file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

JavaScript code in executable

Checks whether UAC is enabled

Looks up external IP address via web service

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Runs ping.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies Control Panel

Modifies Internet Explorer settings

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-11-12 14:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-11-12 14:08

Reported

2020-11-12 14:54

Platform

win7v20201028

Max time kernel

151s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\UnprotectDisconnect.tiff C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\DisplaySwitch.lnk C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\DisplaySwitch.lnk C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A

Reads user/profile data of web browsers

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\DisplaySwitch = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\DisplaySwitch = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\DisplaySwitch = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\DisplaySwitch = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp8334.bmp" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote-PipelineConfig.xml C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote.ini C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\DisplaySwitch.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BBB84641-24FE-11EB-8534-42BBC6EE9B6F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000033044fc40189d459fe40d0e3dcc9b6600000000020000000000106600000001000020000000e243b5a68255d241e43843274c08171423e1ee39bfd80e6ddf4c385f4f933dc2000000000e8000000002000020000000914afef26f98905162801461f4dad40d7d9ae15a2e93c6b4e7505071012ccb02200000003e546f99a7392722ac5c90a766008499da414c8fefbdaf95a0b0d1d870b98cce4000000003e30ecede7c7758c00ce9c785a7becf315786b5094649426c8859871d6bcd3993756179b93a30741e96a0ccec51bce49b8f76efa581b75ecce8eb48d97d7128 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1048bc800bb9d601 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BAF2B421-24FE-11EB-8534-42BBC6EE9B6F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000033044fc40189d459fe40d0e3dcc9b66000000000200000000001066000000010000200000001694f7af7597f43f5e78ab05aaa602e32dc3c5b3f4e0b35166e1b142380cad9b000000000e800000000200002000000081c1223cd001ba7da51b9632cf6da686945a4867b3976e15a29281567f090e01900000001aa5c8c16d54707c288328fabad9b9bf7fe67c9ab3d36331500b84b81478efe9c2a980d8b0cc2474bc795dd2bc089cbbb73e57ed62071c8561df88c65ce141b4b77c386cbfb0b3d1a576d3878820956d84283a9c8f91806a9623f0a0c14a6275bda10dce5cf19cf1011a9123e847314171c77a37468c0dac19121c1031d66ef17295d7f3586bc0637786e512b33d551d4000000037a1a461c4521c55f0a312ff51c7e420e3d25dfd57591dca97cc0bc1125d2f4d4b73934492ddbcb36c38c48650e8a2cc64449721ad0abc6dcb81bb1dde76fded C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 288 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 288 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 288 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 288 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 288 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Windows\SysWOW64\cmd.exe
PID 2044 wrote to memory of 1408 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2044 wrote to memory of 1408 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2044 wrote to memory of 1408 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2044 wrote to memory of 1408 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2044 wrote to memory of 1616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2044 wrote to memory of 1616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2044 wrote to memory of 1616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2044 wrote to memory of 1616 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1612 wrote to memory of 1352 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 1612 wrote to memory of 1352 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 1612 wrote to memory of 1352 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 1612 wrote to memory of 1352 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 1612 wrote to memory of 2004 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 1612 wrote to memory of 2004 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 1612 wrote to memory of 2004 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 1612 wrote to memory of 2004 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe
PID 2020 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2020 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2020 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2020 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2020 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\NOTEPAD.EXE
PID 2020 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\NOTEPAD.EXE
PID 2020 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\NOTEPAD.EXE
PID 2020 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\NOTEPAD.EXE
PID 1728 wrote to memory of 1340 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1728 wrote to memory of 1340 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1728 wrote to memory of 1340 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1728 wrote to memory of 1340 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 1672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 1672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 1672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 856 wrote to memory of 1672 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2020 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\System32\WScript.exe
PID 2020 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\System32\WScript.exe
PID 2020 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\System32\WScript.exe
PID 2020 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\System32\WScript.exe
PID 2020 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\cmd.exe
PID 2020 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\cmd.exe
PID 2020 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\cmd.exe
PID 2020 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe C:\Windows\system32\cmd.exe
PID 1408 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1408 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1408 wrote to memory of 2016 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1408 wrote to memory of 2152 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1408 wrote to memory of 2152 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1408 wrote to memory of 2152 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe

"C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe"

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

"C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\system32\taskeng.exe

taskeng.exe {FA0910E9-BE19-4BC2-97F2-15103AE9C7C3} S-1-5-21-293278959-2699126792-324916226-1000:TUICJFPF\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x5a0

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "DisplaySwitch.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "DisplaySwitch.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 ip-api.com udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 go.microsoft.com udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 172.67.157.138:443 chain.so tcp
N/A 172.67.157.138:443 chain.so tcp
N/A 8.8.8.8:53 sochain.com udp
N/A 172.67.69.167:443 sochain.com tcp
N/A 172.67.69.167:443 sochain.com tcp
N/A 8.8.8.8:53 crl.verisign.com udp

Files

\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

memory/2020-1-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

memory/2044-3-0x0000000000000000-mapping.dmp

memory/1408-4-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

memory/1800-6-0x000007FEF7140000-0x000007FEF73BA000-memory.dmp

memory/1616-7-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\DisplaySwitch.lnk

MD5 78c6ab6ed59ee20f688a0f081b7a6380
SHA1 9e499cc893f8caee54703b06d611598194eaddab
SHA256 404f2dc85e42fa36680208f653b1d3f22aeb3d0b2f4a445069f6b4a408ec3f01
SHA512 57ac6860c4e282ecdbe84429376641f36d93faff75d8104e2c743161921ee3f9b28a5381762bd97cced5e95b3ae5627beceac657689443d1733c474d137dda2d

memory/1352-9-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

memory/2004-11-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\DisplaySwitch.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

memory/1728-14-0x0000000000000000-mapping.dmp

memory/1580-15-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

MD5 4594fdf686df4f4e18bb20ab7b39f42b
SHA1 c08e9b998d5d1fc4fdda3b07ca8f6694798b70f1
SHA256 0eb8f0e4897170bc03cd9cea9351f8bdf3e575f7fbf5ae7910b1ff80df1cb23b
SHA512 b6e711f4e967ef5af446b782c5dc4bb2e7045f8779a1094bf208cae53fc8295f3a32534e92d9fc850bcb5b60d0a208cbe22d8ace702cb84045305855b122610b

memory/1340-17-0x0000000000000000-mapping.dmp

memory/1672-18-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BAF2B421-24FE-11EB-8534-42BBC6EE9B6F}.dat

MD5 7504259f6063171326b27b0ee8054b2f
SHA1 cf31887094d3994423d47d3413d45878dba4062d
SHA256 4bf8e326bd52e117c37f28d482bb777300177f45b487d0ec3a06dbd1c3d95f49
SHA512 867801d4d385c818c6ff424f75b440abb35d71e4f7f5a1003c9c0a093742b59f72c2d1aecd7dbd77040f3b1507d6b148d32695f331b7e51dc2ee2303f88f8f55

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

MD5 f5ce29a66b073883d198b837eb6aebcc
SHA1 9717f647223b79a7c974b6b6708115f14e906f0e
SHA256 71db71575557ed2e49d22d00610c4b4dc0c2c81d85b8cebbfdfb414d0610ffdb
SHA512 7da29e367153cbd805dad0438556a4c91952a1863ccadaca4e0fd0c8a138af5309076088d98bfdfe2c0ca3ac4a1b1183c96ca2258ae32d0b977d743f553d218f

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.url

MD5 a05ca86a0fbe62b90e863eebe75cfa16
SHA1 3ddc052cba8456a1b303ac4ab75b694be1b9c4e6
SHA256 929354af50bb670b7356cc3d96df133f122f4f013173410fd6eda04d1b73c959
SHA512 044f7f202bd8223773e14183e2e46c49b9c41a2e2640c1b155ea00988b4ee2fd20c4ae0ef485cd9d821bf4bc2c91c733b89f0541e57cbd3ccd0e41a30d375963

memory/1096-23-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

memory/1408-25-0x0000000000000000-mapping.dmp

memory/2016-26-0x0000000000000000-mapping.dmp

memory/2152-30-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-11-12 14:08

Reported

2020-11-12 14:54

Platform

win10v20201028

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ndadmin.lnk C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ndadmin.lnk C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A

Reads user/profile data of web browsers

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\ndadmin = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ndadmin = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\ndadmin = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\ndadmin = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp1D0E.bmp" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\ndadmin.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Colors C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2fb5290c04b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000eb48cc480330e143a59649958c0e8b901ba3066a67f1c36e90e22b94147b8493926d79e708628ed3ab20a47da06490e503d5fd239b0f4ce7ca60 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1991e40b04b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileVersion = "10" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileCountryCode = "US" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "5" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = ee547b1104b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "311967571" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesVersion = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\Md5FileCheck = 9fa75725855604a758366c6a1d9f0311 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "312014374" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000087e7ec352fc47402bd8b6e4918243d1f7f924d4c5093976dccac77b4120c0db3d4e96b83805d019d92ddd0a2a5c91f8010c1dc2a1ea730fa8290a7108900352be02c09c55834ceee487a272aee94232ce6802f3453084a2fac8d3a05aea94defbd509e708367916630ff5c2770a4ef9073715f5a6ad68e8f8543aa093428a7a227f6747c4e189b7ed90d41f23819659e1b3346d37231645d045242a21b9bcdd64ebc7eeb98659c1c3a45d06636139d2df0656ded3f39c724665af3c48023bed040436167737045c29e45f72baeb17fb42aa98fefc40e6f1610fb4ed13de141adae2b86eaa457b18e53afa7d7d5152a49529e380f8ad08f2a25d5811554f3a0cbc714dc7b6e3ce50c79213cec2c5e0df8cbe3a26ea89f701f228857e7eb7a7887c19e3ff79f3d7cd5863c691343ac70690e1acf32e99bd43d94b3464787965c46286a38ea437cc6ff3aa11ccb891e1ed068e2a7a3f6e487f2aff8731a5f6806d61916a27c49187262fcee04a8cbd68036d6da0260cf9a5a39b7f6daed060ef81814437c6dfb307ba17ac5ff1f05f3fb0c59a446a0bcdd0bd0d719953fff8688b6f9a68f3d2582 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{25938B26-9B9E-4AE2-9145-9AE00AF92BC0}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = f0b4d348edb9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\5FF1348C80820F2A98 = 0300000001000000140000005ff1348c80820f2a988d0c0c7abea0ea394b5e6c040000000100000010000000fd42404f68fae3f0d490e8d19d08ab1d0f00000001000000200000005546bb2210de2560292e6f4610af4ffbdb453f9bf9983e62942c35959e16038d140000000100000014000000b3b30880146b0eb235e8e136e7d15c9c4847f5f3190000000100000010000000e142e209d34bfb2eac257eb76a2b61e15c0000000100000004000000000800001800000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d702000000001000000e5050000308205e1308203c9a0030201020213330000016fd585f24b93e88a0700000000016f300d06092a864886f70d01010b0500307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420536563757265205365727665722043412032303131301e170d3139313231323030303333315a170d3231303331323030303333315a3081a3310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e310d300b060355040b130442696e67311b301906035504031312494520496e737472756d656e746174696f6e3121301f06092a864886f70d010901161271666265406d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cfb24782c35c66c63688c01ed857df9a4330b81628c86831de4d577f8cb2155b880ee41953a18ac28de644bacfa97558ec6f522490f103b7fa0092430f8e0ba55c36dd91f6f1f91baec6eb3581d89133141e1580e02ec2445e5380b178f92f81e97193be8be1223d36e5f2be070a3db6ac17987ea3b42d15994c73a10e64794da4660a5d875e179c567bb06ecfd7cbf4c1ee4fe453284e72877d746a3e178788a1bd540ba9250a931a11105bb98f1b2b757fa6c5ade16e7cc1d1628fedb716018526f5b56630b54cd5f75f938e9b4a956609cc441aac84a10a101f6429b6fceb9434a41b24f0ca9781bf72b010f14bd13dc5d996b6ed6c4d53156969dd04f7390203010001a38201303082012c300e0603551d0f0101ff0404030204f030150603551d25040e300c060a2b0601040182374c0c01301d0603551d0e04160414b3b30880146b0eb235e8e136e7d15c9c4847f5f3301f0603551d230418301680143656896549cb5b9b2f3cac4216504d91b933d79130530603551d1f044c304a3048a046a0448642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f4d69635365635365724341323031315f323031312d31302d31382e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63657274732f4d69635365635365724341323031315f323031312d31302d31382e637274300c0603551d130101ff04023000300d06092a864886f70d01010b0500038202010064d81278e224099c122690412271d5f2d92ae1c00f7135d64f63663ccc0588826bf24cc6cffa0d6666b7e3f989825dd1021fd1bdc6a9d4a492c0f46198534382204d8668b0f3c8d85f9f614f7fff47e391a4fdc89dba1b423f1d2a8d4986ff42bac032a21224b246b03ffef26e7da49d3ef381ff9d669cda0234445bff395be1b70627f013ccde692280d75d690b4f4c5e3a123b379bd30bdc6cf1af0c69d97eb0aa4f580eb4e876465b2c62514a612a3971f6bc6ace33f569e0cbcbd5498caf2af949952c310221a382d0a7fbc4594b0bfe96a1c81d26639b249beea28179ead8377bf70e9a09596997af2b405c5425a1e5e6e46b065016901b7cd120e2389d47924b1f834955135461f7592c9487e3910bf0de382ad5906dd8c46b321b176698caaec19d1ee10aa6679981d8f2f5c40d69240a7075ce4341305d2bbd082e03c81c41baeb557b41904482ae88d0566f339ab517ae2f84223d567f9ec734c1c5a2be39aa24c49930b6428bbe2fa300f2369e1c8cc554c14010f1ee518afa32e4bf0a15cb251d37791338f5ade8ced4b67ca5fc56320c2c2973f9b13e250dabe4a373580becf787afd552c6b293dfc7bfb1f67739c64df74ae3d373e2db9c27090fe15e58591824e4f150602af628917a6d1353919cd0a8489596f97070833a98b34c2d3a0ebafda2f81096533b773c5914d7f05e66cb17af2bcd11ad517440b5 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{9CF157A4-EEDD-4314-A559-6BBAD7341AF5} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\5FF1348C80820F2A98 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "312015665" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2db3031f04b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 40e9e51e04b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\Enabled = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersio = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B = 03000000010000001400000083da05a9886f7658be73acf0a4930c0f99b92f011400000001000000140000003656896549cb5b9b2f3cac4216504d91b933d79104000000010000001000000062455357dd57cb80c32ab295743cccc00f00000001000000200000006811c6215f18c75fdbe32cf56bd66248562a7fa3ba459cfee338745061e583941900000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d705c000000010000000400000000100000180000000100000010000000bb048f1838395f6fc3a1f3d2b7e976542000000001000000dc060000308206d8308204c0a003020102020a613fb718000000000004300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131313031383232353531395a170d3236313031383233303531395a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f66742053656375726520536572766572204341203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100d00bc0a4a81981e236e5e2aae5f3b2155875beb4e549f1e084f9bb0d64ef85c18155b8f3e7f16d40553dce8b6ad18493f5757c5ba4d47410ca32f323d3aeeecf9e0458c2d947cbd17c004148711b01671718afc6fe73037ee4ef439cef01712a1f81264377985457739d552bf09e8e7d060eac1b54f326f7f82308228b9e061d3738fd72d2cae563c19a5a7db26db352a96ee9aeb5fc8b36f99efaf61c581b9756a511e5b752dbbbe9f054bfb4ff2c6cb85d26cea00ad7df93ed7fddacf12c731ad9193755badd22788ea1d49b09f807223171b094aee0b0e726445790819715ce61ec65e24bf185521632f8b578aa7ecd4dec8321a4a89bbe9a6a04e0a31ccd56186cfd6b2f423ee237f272abd07873727bdeec0058e52130a3083a99ef9fc3f77a169665b5c381aff4397049aff6a9f66a0038f9b40819e01a35a55676225f6af269ae3ead58464db854f68941441e72b1bc122753d2c1ffb2cd50981eb5f4bbb6c28239d9ac1bf23b27846ab0c6260bd73a10e7b3db7cd356ac534c0bfa3b313774d8592bf9007919067bfd1c1d42d4410d2f050ed56b4923ffcfcdf87a82cfda3c2ddfe8d8120418ba1e8877b8981f1007bbc8057e0b09bf6bdde34e5bb0f9c784a63bca4c9f5b6229f7c7a2a89588702ce5c13f3c52234f409ac33185832fbf29f11d508f219607ceeff280c2447d9b62ef2fc37789ab454d533e0279d30203010001a382014b30820147301006092b06010401823715010403020100301d0603551d0e041604143656896549cb5b9b2f3cac4216504d91b933d791301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014722d3a02319043b914054ee1eaa7c731d1238934305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f436572417574323031315f323031315f30335f32322e63726c305e06082b0601050507010104523050304e06082b060105050730028642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f436572417574323031315f323031315f30335f32322e637274300d06092a864886f70d01010b0500038202010041c861c1f55b9e3e9131f1b0c6bf0901b49db69074d709dba62e0d9fc8e7763446af0760894c81b33cd5f4123575c273a5f54d848ccba45dafbf92f617085742957265057679adeed1bab82e54a35107ac68eb210ce32581c2cd2af2c3ffcfc2bd49189ac7f084c5f914bc6b95e596efb342d253d54aa012c4ae12765309560e9df7d3a6498850f28a2c9720a2be4e78ef0565b74ba11688de31c70842247ca47b9e9dbc60005e6297e393fca7fe5b7b25dfe4537f4bbee63ef0db0179421c6e856c7db64430fba5379293b2a5ee20ad3f53d5c9f4286b57c1f81d6ab7562ab627811ca62d9fe7f4d0318397a82ab6acbe1b41f5e4895f56fbda5ad35e7d5594107e5357f44a3d402ac8bd679f84e110eefdda6b158249fc461dff4506749c4214edc539d3b3cd0b832790435192f24482ae6e9a1517b219fac7456c98017bbf37a9b088a492bc3838e01de47c97981a2e5fef3865b7352fbd7f4f21fac48cd26f06f94935eadf200f25aaea60ab2c1f4b89fcb7fa5c54904b3ea2284f6ce45265c1fd901c8582886ee9a655dd21287945b014e50acce65fc4bbdb6134699fac2638f7c1294108152e4ca0f7f90c3ede5fab08092d83acac348362f4c949428925b56eb247c5b339a0b1201b2cb18e046fa530491cd046e9405bf4ad6ebadb824a87124a80094ddbdf76b9055b1be0bb20705f0025c7d30efa16ad7b229e7108 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{30AA8028-5F33-4A88-A750-2E7990927CBB}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "i3ol7nz" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2fc57a0c04b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000003655831020f7e0b0787d8b94a3a6f1c7def67dcc34a2ccf425cc756353ca6a84be5baa2f8b03c0c426f871bd7f355eaf83c114962d4295305f41 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 206cae7036b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000f4cd8e81e6040bd436ec07809992ec5efc8a1c72dadda2df3331bd3d2953961b3d9902950dc386bd8e518fdc60828470af5c8b6df788345d49d1b25e74936127f0793c7735424417107495a2304cd752dee24efb7f37c90f715a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 68fee81e04b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3f955c1104b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 14ca222604b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "312006398" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6b94a60b04b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f416611104b9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4048 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe
PID 4048 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe
PID 4048 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe
PID 4048 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Windows\SysWOW64\cmd.exe
PID 4048 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Windows\SysWOW64\cmd.exe
PID 4048 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2736 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2736 wrote to memory of 2800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2736 wrote to memory of 208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2736 wrote to memory of 208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2736 wrote to memory of 208 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2700 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe C:\Windows\system32\NOTEPAD.EXE
PID 2700 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe C:\Windows\system32\NOTEPAD.EXE
PID 2700 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe C:\Windows\System32\WScript.exe
PID 2700 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe C:\Windows\System32\WScript.exe
PID 756 wrote to memory of 4116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 756 wrote to memory of 4116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2700 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe C:\Windows\system32\cmd.exe
PID 2700 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe C:\Windows\system32\cmd.exe
PID 4604 wrote to memory of 4648 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4604 wrote to memory of 4648 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4604 wrote to memory of 4696 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 4604 wrote to memory of 4696 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 756 wrote to memory of 4328 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 756 wrote to memory of 4328 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 756 wrote to memory of 4328 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 756 wrote to memory of 4328 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 756 wrote to memory of 4328 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 756 wrote to memory of 4328 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe

"C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe"

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe

"C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x410

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "ndadmin.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "ndadmin.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
N/A 52.109.8.21:443 tcp
N/A 8.8.8.8:53 ip-api.com udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 104.20.21.251:80 api.blockcypher.com tcp
N/A 104.20.21.251:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 104.24.104.254:443 chain.so tcp
N/A 104.24.104.254:443 chain.so tcp
N/A 8.8.8.8:53 iecvlist.microsoft.com udp
N/A 72.21.81.200:443 iecvlist.microsoft.com tcp
N/A 8.8.8.8:53 ieonline.microsoft.com udp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 8.8.8.8:53 go.microsoft.com udp
N/A 23.38.17.26:443 go.microsoft.com tcp
N/A 23.38.17.26:443 go.microsoft.com tcp
N/A 8.8.8.8:53 www.microsoft.com udp
N/A 8.8.8.8:53 www.bing.com udp
N/A 204.79.197.200:443 www.bing.com tcp
N/A 204.79.197.200:443 www.bing.com tcp

Files

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

memory/2700-0-0x0000000000000000-mapping.dmp

memory/2736-3-0x0000000000000000-mapping.dmp

memory/2800-4-0x0000000000000000-mapping.dmp

memory/208-5-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ndadmin.lnk

MD5 fe8fcaa73b6f47c4dec4cb37d4673eb7
SHA1 e27380271da8cc8b278eae547f61433180e88597
SHA256 f1380150d10849d087198f28d707da1177ade5e7d8edc3334634ddd1444fab5e
SHA512 3f5780e2645359bd345babd87553696ee9cd5ba41c44b319be5ffab2b2326ce7693971aec591025207c83ff0d75893302b20fc0d2f7e7643d803a2b40035b6dc

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\ndadmin.exe

MD5 b7ae0ca60823e985cf9c6ab7ddeebb06
SHA1 9fb1c2bcb86d1bf2d23d3400ae34b57031dbb713
SHA256 7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
SHA512 bb8e44d1d525693c1f7aed9537a91bdf3e446ee3c8034dbf2d12e4538362eae48a2ab233d01a8923b8dcd35988d5c7ec1bb03b488c6ffc6ee4591e8394eb2349

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

MD5 83be3e98855bf028898dab2017657752
SHA1 a47d7fff5c87589141e8e200ae6ab6a65ddc6977
SHA256 43ad1334f3c15c2cfd09fa9d08db7f4cb42466ac716578ca4dd07e6e7d97c66f
SHA512 3f97b43373df1f3d00b80ad690da119cf47f76078558c83031b9f6cb081e0e6e179fd6d0bef038b593da145cee5e9bc99f9c75ddc7aeb30b96b0b6c293de32f7

memory/1208-9-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

MD5 fb0f6558a167bac35903c0b20b450758
SHA1 983fac3da29502df177dcfff38e9bebee81a672c
SHA256 362aa7f3446a1302c71f3088474b7eab8d4cb9f47236c3a1ab767e94e6d7d97c
SHA512 78cdb2b705f4da3f68bf5e00e6355bffcb7888f5bb87057a195863098cd2b9089d3ad76a451b72af087c96608d65d6763241b042db1bccc921720143167da1ee

memory/4196-27-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

memory/4604-41-0x0000000000000000-mapping.dmp

memory/4648-42-0x0000000000000000-mapping.dmp

memory/4696-43-0x0000000000000000-mapping.dmp