Malware Analysis Report

2025-01-02 15:08

Sample ID 201113-1chkcy6sbs
Target 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
Tags
cerber evasion persistence ransomware spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6

Threat Level: Known bad

The file 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6 was found to be: Known bad.

Malicious Activity Summary

cerber evasion persistence ransomware spyware trojan

Cerber

Modifies extensions of user files

Executes dropped EXE

Adds policy Run key to start application

Deletes itself

Drops startup file

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Looks up external IP address via web service

Adds Run key to start application

Checks whether UAC is enabled

JavaScript code in executable

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Suspicious use of SetWindowsHookEx

Suspicious use of UnmapMainImage

Modifies registry class

Runs ping.exe

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies Control Panel

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-11-13 15:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-11-13 15:29

Reported

2020-11-13 16:31

Platform

win7v20201028

Max time kernel

151s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\BackupInvoke.tiff C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Users\Admin\Pictures\RemoveStop.tiff C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\getmac.lnk C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\getmac.lnk C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A

Reads user/profile data of web browsers

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\getmac = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\getmac = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\getmac = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\getmac = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpB1F1.bmp" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote.ini C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\# DECRYPT MY FILES #.vbs C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendToOneNote-PipelineConfig.xml C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.txt C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.url C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\OneNote\# DECRYPT MY FILES #.html C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{886FFC81-3F92-2114-B483-51AF935A6426}\\getmac.exe\"" C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{616752D1-25D6-11EB-BFDD-F65A7312C48E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d5d326e3b9d601 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000033044fc40189d459fe40d0e3dcc9b66000000000200000000001066000000010000200000001c59269a0a9f3c9588620cfa80dce579b6a3ebae5c6b8b0df18eebb672916c92000000000e8000000002000020000000744c4513d713947c8619b9b1edeffa4902c1d02490eb0f1515c937cf8ed3654d200000004a62450371d2bc66060204a81813e91c0d3d811f3655633f17723f348b3178e440000000002b11b1d6dc7c6684f50def552b341d9c8e8ebd8816b87c4ec1bad87fc2967a415b1be742946384289c170701ac88e3ea68e2571bd529527907f9603295eec1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61DBF631-25D6-11EB-BFDD-F65A7312C48E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000033044fc40189d459fe40d0e3dcc9b6600000000020000000000106600000001000020000000a43f9a20ca711f237c98dd3394ee39fd64f9333078b5bf4cd0d7dafc24577eaa000000000e8000000002000020000000a06be627760ee7f87e8a2643ac27b5e2ae540acbe32ef53818af25b7fcfff6fb900000006960bc8b190f3f700cfa9d3f61af46babf368cb423ad7f881e9f64ff1d5d00b919afdd63468382a9a5ba7b0175b3490f62ea7826db21ee48a03519e7e467cfa3cc72a8ceee3e71b8206777eea48a6f9b87777cb67dbc84e51e61218d9985c1005318759ff3204cc7bb9420c6658ed09606193dec1002c5a3fe0033bf3f8cb3c46381a622e32fb75fc7ec753acdc3688c40000000be92491ed3b6a92bb6a48e2826b9d0a4ef1b7b8970976519be016704092d9c086093482919fcaefa779c0980baf156ab791f55cd4ed273157f912130fa9a1454 C:\Program Files\Internet Explorer\iexplore.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1664 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1664 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1664 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1664 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1664 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Windows\SysWOW64\cmd.exe
PID 1664 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Windows\SysWOW64\cmd.exe
PID 1664 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Windows\SysWOW64\cmd.exe
PID 1664 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Windows\SysWOW64\cmd.exe
PID 1168 wrote to memory of 1236 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1168 wrote to memory of 1236 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1168 wrote to memory of 1236 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1168 wrote to memory of 1236 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1168 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1168 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1168 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1168 wrote to memory of 1512 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1352 wrote to memory of 1548 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1352 wrote to memory of 1548 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1352 wrote to memory of 1548 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1352 wrote to memory of 1548 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe
PID 1100 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1100 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1100 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1100 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1100 wrote to memory of 680 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\NOTEPAD.EXE
PID 1100 wrote to memory of 680 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\NOTEPAD.EXE
PID 1100 wrote to memory of 680 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\NOTEPAD.EXE
PID 1100 wrote to memory of 680 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\NOTEPAD.EXE
PID 2036 wrote to memory of 960 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 960 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 960 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 960 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1604 wrote to memory of 488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1604 wrote to memory of 488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1604 wrote to memory of 488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1604 wrote to memory of 488 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1100 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\System32\WScript.exe
PID 1100 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\System32\WScript.exe
PID 1100 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\System32\WScript.exe
PID 1100 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\System32\WScript.exe
PID 1100 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\cmd.exe
PID 1100 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\cmd.exe
PID 1100 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\cmd.exe
PID 1100 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe C:\Windows\system32\cmd.exe
PID 2080 wrote to memory of 2116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2080 wrote to memory of 2116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2080 wrote to memory of 2116 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2080 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 2080 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 2080 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe

"C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe"

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

"C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\system32\taskeng.exe

taskeng.exe {3708E27D-0118-4E0B-BD5E-511060B25FAD} S-1-5-21-293278959-2699126792-324916226-1000:TUICJFPF\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x1a4

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "getmac.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "getmac.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 ip-api.com udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 go.microsoft.com udp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.234.121:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.235.255:6892 udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 172.67.2.88:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 104.24.104.254:443 chain.so tcp
N/A 104.24.104.254:443 chain.so tcp
N/A 8.8.8.8:53 sochain.com udp
N/A 172.67.69.167:443 sochain.com tcp
N/A 172.67.69.167:443 sochain.com tcp
N/A 8.8.8.8:53 crl.verisign.com udp

Files

\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

memory/1100-1-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

memory/1168-3-0x0000000000000000-mapping.dmp

memory/1236-4-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

memory/1512-7-0x0000000000000000-mapping.dmp

memory/1644-6-0x000007FEF6F80000-0x000007FEF71FA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\getmac.lnk

MD5 bb5939da816afa49a49e91a9bf4b10cb
SHA1 35336b6da49b2e2ee5b490b88dedbe2dabf18dc1
SHA256 2bf10afafa3655cc37a2a4d893adff86d09d559a83b9858a8d00f3164ad9fb9f
SHA512 b59053be2ee3bd0bd09acd829491f39bd64f7163f2eb08865d9686267eb748c726200e6e9e28e6fcdbd59f9f48819824231caa7e8383b6d46e1d34278d5766ec

memory/1548-9-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

\Users\Admin\AppData\Roaming\{886FFC81-3F92-2114-B483-51AF935A6426}\getmac.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

memory/2036-12-0x0000000000000000-mapping.dmp

memory/680-13-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

MD5 3c2a2326b377d8b6de3850c027a3607d
SHA1 36e0196d07fad206cb5207f8656f90030ef03001
SHA256 9f7ca95e2894f285caad51e3781312d93cb705b4450dcae1f716d317587e73cf
SHA512 57526d7546b18d3bd34c9e38ec32ada29974f93f8252d37e8b8eb4e087d8470797961765bf64a43035b7b868bdf836d0a6bd6640e86553b1fc25a4f66d9cd097

memory/960-15-0x0000000000000000-mapping.dmp

memory/488-16-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{616752D1-25D6-11EB-BFDD-F65A7312C48E}.dat

MD5 162e61f398141e3a5b436202d1619376
SHA1 b4f44a4f9bbbe766f024047bc051f8f6f5b154ca
SHA256 4284fbe53743f7f000fb506358c5fe8871207bc1fe932d54cf027329beaf37c7
SHA512 0a7f8d88fe0641571e6f93c71c2da8248b5d07be446f334646f5c2d134add9c24d4cfe97165c6a672ecbd6c91f6e89f4045b33ce46554bc081842cfd5f72150a

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

MD5 f57c3ec00016cdebb3489b54a9efad44
SHA1 0bc576a0adab3922451ceb0fb7813877a3bc6f9f
SHA256 99b0c92e697fce23eafd0d2995e7fd6c7304018e0aaf6b40342fc85f3952cd98
SHA512 a467dd70f7906bcaa6deeb85eb11ee67c0a02aa01450a3067d2f245244ec2943bc934d85e0b5f102eb60fbf55374d7777f12c556cea57a4b2f75740933b38c03

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.url

MD5 4e25d5c2d2f312078e977f31da3b227c
SHA1 773e7191146685b9d705372f5ef0eea0b9e40842
SHA256 979e5c3cf5e0d0eaf1aaef5a1c2e2d85884b963616c9672b035f384c10367f4b
SHA512 dd9178d0bd40abb54769603fbd61c4b59ac6f5b841ca12c503a28798d16feb1cb7d596e95db8b905d9117d1977bf0c5346953e2b692e542f059f3c2668d28520

memory/2032-20-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

memory/2080-25-0x0000000000000000-mapping.dmp

memory/2116-26-0x0000000000000000-mapping.dmp

memory/2212-27-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-11-13 15:29

Reported

2020-11-13 16:31

Platform

win10v20201028

Max time kernel

150s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe"

Signatures

Cerber

ransomware cerber

Adds policy Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\AssertUndo.tiff C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
File opened for modification C:\Users\Admin\Pictures\CheckpointImport.tiff C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\RdpSaProxy.lnk C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\RdpSaProxy.lnk C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A

Reads user/profile data of web browsers

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\RdpSaProxy = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\RdpSaProxy = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\RdpSaProxy = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\RdpSaProxy = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A

JavaScript code in executable

Description Indicator Process Target
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp3857.bmp" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Colors C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Control Panel\Desktop\SCRNSAVE.EXE = "\"C:\\Users\\Admin\\AppData\\Roaming\\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\\RdpSaProxy.exe\"" C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 23d17bb9dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 868975b5dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "5" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e5a1edb4dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\Enabled = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 80e7301669ced601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileVersion = "10" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "312098047" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 904eecc7dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 958384b9dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000abf5f3b9c3298d8065a9dc7a4cd60c29db4bd07027f779e550d1d09ad4ae401b53d243e9c83332bf6babafb3a013a0c966db2c649eee81158a8f C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B = 03000000010000001400000083da05a9886f7658be73acf0a4930c0f99b92f011400000001000000140000003656896549cb5b9b2f3cac4216504d91b933d79104000000010000001000000062455357dd57cb80c32ab295743cccc00f00000001000000200000006811c6215f18c75fdbe32cf56bd66248562a7fa3ba459cfee338745061e583941900000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d705c000000010000000400000000100000180000000100000010000000bb048f1838395f6fc3a1f3d2b7e976542000000001000000dc060000308206d8308204c0a003020102020a613fb718000000000004300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131313031383232353531395a170d3236313031383233303531395a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f66742053656375726520536572766572204341203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100d00bc0a4a81981e236e5e2aae5f3b2155875beb4e549f1e084f9bb0d64ef85c18155b8f3e7f16d40553dce8b6ad18493f5757c5ba4d47410ca32f323d3aeeecf9e0458c2d947cbd17c004148711b01671718afc6fe73037ee4ef439cef01712a1f81264377985457739d552bf09e8e7d060eac1b54f326f7f82308228b9e061d3738fd72d2cae563c19a5a7db26db352a96ee9aeb5fc8b36f99efaf61c581b9756a511e5b752dbbbe9f054bfb4ff2c6cb85d26cea00ad7df93ed7fddacf12c731ad9193755badd22788ea1d49b09f807223171b094aee0b0e726445790819715ce61ec65e24bf185521632f8b578aa7ecd4dec8321a4a89bbe9a6a04e0a31ccd56186cfd6b2f423ee237f272abd07873727bdeec0058e52130a3083a99ef9fc3f77a169665b5c381aff4397049aff6a9f66a0038f9b40819e01a35a55676225f6af269ae3ead58464db854f68941441e72b1bc122753d2c1ffb2cd50981eb5f4bbb6c28239d9ac1bf23b27846ab0c6260bd73a10e7b3db7cd356ac534c0bfa3b313774d8592bf9007919067bfd1c1d42d4410d2f050ed56b4923ffcfcdf87a82cfda3c2ddfe8d8120418ba1e8877b8981f1007bbc8057e0b09bf6bdde34e5bb0f9c784a63bca4c9f5b6229f7c7a2a89588702ce5c13f3c52234f409ac33185832fbf29f11d508f219607ceeff280c2447d9b62ef2fc37789ab454d533e0279d30203010001a382014b30820147301006092b06010401823715010403020100301d0603551d0e041604143656896549cb5b9b2f3cac4216504d91b933d791301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014722d3a02319043b914054ee1eaa7c731d1238934305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f436572417574323031315f323031315f30335f32322e63726c305e06082b0601050507010104523050304e06082b060105050730028642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f436572417574323031315f323031315f30335f32322e637274300d06092a864886f70d01010b0500038202010041c861c1f55b9e3e9131f1b0c6bf0901b49db69074d709dba62e0d9fc8e7763446af0760894c81b33cd5f4123575c273a5f54d848ccba45dafbf92f617085742957265057679adeed1bab82e54a35107ac68eb210ce32581c2cd2af2c3ffcfc2bd49189ac7f084c5f914bc6b95e596efb342d253d54aa012c4ae12765309560e9df7d3a6498850f28a2c9720a2be4e78ef0565b74ba11688de31c70842247ca47b9e9dbc60005e6297e393fca7fe5b7b25dfe4537f4bbee63ef0db0179421c6e856c7db64430fba5379293b2a5ee20ad3f53d5c9f4286b57c1f81d6ab7562ab627811ca62d9fe7f4d0318397a82ab6acbe1b41f5e4895f56fbda5ad35e7d5594107e5357f44a3d402ac8bd679f84e110eefdda6b158249fc461dff4506749c4214edc539d3b3cd0b832790435192f24482ae6e9a1517b219fac7456c98017bbf37a9b088a492bc3838e01de47c97981a2e5fef3865b7352fbd7f4f21fac48cd26f06f94935eadf200f25aaea60ab2c1f4b89fcb7fa5c54904b3ea2284f6ce45265c1fd901c8582886ee9a655dd21287945b014e50acce65fc4bbdb6134699fac2638f7c1294108152e4ca0f7f90c3ede5fab08092d83acac348362f4c949428925b56eb247c5b339a0b1201b2cb18e046fa530491cd046e9405bf4ad6ebadb824a87124a80094ddbdf76b9055b1be0bb20705f0025c7d30efa16ad7b229e7108 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{CD480FBB-CEF0-46DD-8F74-C5EA8DC4FF63}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 903b29b5dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\Md5FileCheck = 9fa75725855604a758366c6a1d9f0311 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000053f2b481cbd35e627dcba98494105fee03bd2ca7af43eb23b80b69dd9c9f3372fa1fb83ed0ea6d8c43a6b24da86b671a6bc6ac934347bb2712ab C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{784F080C-A940-4796-834E-18CDD81B4B2D}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7a55a1b4dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 130932cfdab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 19e309c8dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = eab7efc7dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{B0EF699D-1313-434E-8186-CD0FA029043A} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000085e9c6daaa4635afa1cba567dd0e1c148615927deaad66b27daa2c25528a288d1a9e8f151e1f7f4d206129d04327e07fbdb16ff735c301bdd66fa83d8a2b97cecda2789f96e878adcfdfba6141b5b818afb8a8b7bdd43490574 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\5FF1348C80820F2A98 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesVersion = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000075c3cacd656810bd13f4db5dfed99334cd884c366a68f14b8a0546756c7a6e4a263882e79aa92c498c51988ac365bb1e020604787490d48f04ae6e730720cf3e72660c5892bf49bda62ee1ca486e9bbcb40cb1e4c91c5a4aea2740b77053d3b36fed216079cb42f24e2dfcc49613ca89013cc0c2c02ecc8b831269693a335229156d5b9e84eb48b537ecb3ec1e767bb769347e7f88e5b2fc420e8ab625e0be99fc8541878240f063240cc06790b58fb0e295672f1561c463e0bada450e7a6f2cd2d7406a39ebfdd9b02d44d648f25d697800829a5ec28c7856b8d9b76321f6a3fc0286091e0a04acedef740df34b3a7fe01334dee027610923a72a3a5af569abb5a626bfa4be9ab7d7f237b94ae278297970a19792b2a36ee4269a2b151679efb3637634852758f998d6cceea5d5f9f91cb553a50382505012d709cd09a42e03bad94da70966bdc0543cf0a32f46a46dba8352746cb762ba69590f0401bf861d4ba825c33399ad2702c25d39ad53fc4e247b24de6571ad7fb14be92d0887d09e2670be05b1e1f5e11409b618231e96e0ab3b8f99c6cf4cf2111ba08fc13376234be6bd913f3b C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "312129320" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = e0e2b5190dbad601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "312085876" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersio = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 205177b9dab9d601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "nc6wft2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "312066382" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileCountryCode = "US" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\5FF1348C80820F2A98 = 0300000001000000140000005ff1348c80820f2a988d0c0c7abea0ea394b5e6c040000000100000010000000fd42404f68fae3f0d490e8d19d08ab1d0f00000001000000200000005546bb2210de2560292e6f4610af4ffbdb453f9bf9983e62942c35959e16038d140000000100000014000000b3b30880146b0eb235e8e136e7d15c9c4847f5f3190000000100000010000000e142e209d34bfb2eac257eb76a2b61e15c0000000100000004000000000800001800000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d702000000001000000e5050000308205e1308203c9a0030201020213330000016fd585f24b93e88a0700000000016f300d06092a864886f70d01010b0500307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420536563757265205365727665722043412032303131301e170d3139313231323030303333315a170d3231303331323030303333315a3081a3310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e310d300b060355040b130442696e67311b301906035504031312494520496e737472756d656e746174696f6e3121301f06092a864886f70d010901161271666265406d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cfb24782c35c66c63688c01ed857df9a4330b81628c86831de4d577f8cb2155b880ee41953a18ac28de644bacfa97558ec6f522490f103b7fa0092430f8e0ba55c36dd91f6f1f91baec6eb3581d89133141e1580e02ec2445e5380b178f92f81e97193be8be1223d36e5f2be070a3db6ac17987ea3b42d15994c73a10e64794da4660a5d875e179c567bb06ecfd7cbf4c1ee4fe453284e72877d746a3e178788a1bd540ba9250a931a11105bb98f1b2b757fa6c5ade16e7cc1d1628fedb716018526f5b56630b54cd5f75f938e9b4a956609cc441aac84a10a101f6429b6fceb9434a41b24f0ca9781bf72b010f14bd13dc5d996b6ed6c4d53156969dd04f7390203010001a38201303082012c300e0603551d0f0101ff0404030204f030150603551d25040e300c060a2b0601040182374c0c01301d0603551d0e04160414b3b30880146b0eb235e8e136e7d15c9c4847f5f3301f0603551d230418301680143656896549cb5b9b2f3cac4216504d91b933d79130530603551d1f044c304a3048a046a0448642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f4d69635365635365724341323031315f323031312d31302d31382e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63657274732f4d69635365635365724341323031315f323031312d31302d31382e637274300c0603551d130101ff04023000300d06092a864886f70d01010b0500038202010064d81278e224099c122690412271d5f2d92ae1c00f7135d64f63663ccc0588826bf24cc6cffa0d6666b7e3f989825dd1021fd1bdc6a9d4a492c0f46198534382204d8668b0f3c8d85f9f614f7fff47e391a4fdc89dba1b423f1d2a8d4986ff42bac032a21224b246b03ffef26e7da49d3ef381ff9d669cda0234445bff395be1b70627f013ccde692280d75d690b4f4c5e3a123b379bd30bdc6cf1af0c69d97eb0aa4f580eb4e876465b2c62514a612a3971f6bc6ace33f569e0cbcbd5498caf2af949952c310221a382d0a7fbc4594b0bfe96a1c81d26639b249beea28179ead8377bf70e9a09596997af2b405c5425a1e5e6e46b065016901b7cd120e2389d47924b1f834955135461f7592c9487e3910bf0de382ad5906dd8c46b321b176698caaec19d1ee10aa6679981d8f2f5c40d69240a7075ce4341305d2bbd082e03c81c41baeb557b41904482ae88d0566f339ab517ae2f84223d567f9ec734c1c5a2be39aa24c49930b6428bbe2fa300f2369e1c8cc554c14010f1ee518afa32e4bf0a15cb251d37791338f5ade8ced4b67ca5fc56320c2c2973f9b13e250dabe4a373580becf787afd552c6b293dfc7bfb1f67739c64df74ae3d373e2db9c27090fe15e58591824e4f150602af628917a6d1353919cd0a8489596f97070833a98b34c2d3a0ebafda2f81096533b773c5914d7f05e66cb17af2bcd11ad517440b5 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 6c3a3b6c55add601 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4068 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe
PID 4068 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe
PID 4068 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe
PID 4068 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Windows\SysWOW64\cmd.exe
PID 4068 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Windows\SysWOW64\cmd.exe
PID 4068 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe C:\Windows\SysWOW64\cmd.exe
PID 3128 wrote to memory of 2672 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3128 wrote to memory of 2672 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3128 wrote to memory of 2672 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 3128 wrote to memory of 1376 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3128 wrote to memory of 1376 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3128 wrote to memory of 1376 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2800 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe C:\Windows\system32\NOTEPAD.EXE
PID 2800 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe C:\Windows\system32\NOTEPAD.EXE
PID 2800 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe C:\Windows\System32\WScript.exe
PID 2800 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe C:\Windows\System32\WScript.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 3168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2800 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe C:\Windows\system32\cmd.exe
PID 2800 wrote to memory of 4492 N/A C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe C:\Windows\system32\cmd.exe
PID 4492 wrote to memory of 4536 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4492 wrote to memory of 4536 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4492 wrote to memory of 4592 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 4492 wrote to memory of 4592 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 684 wrote to memory of 4220 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 684 wrote to memory of 4220 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe

"C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe"

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe

"C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe"

C:\Windows\SysWOW64\cmd.exe

/d /c taskkill /t /f /im "75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Local\Temp\75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe" > NUL

C:\Windows\SysWOW64\taskkill.exe

taskkill /t /f /im "75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 1 127.0.0.1

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a0

C:\Windows\system32\cmd.exe

/d /c taskkill /t /f /im "RdpSaProxy.exe" > NUL & ping -n 1 127.0.0.1 > NUL & del "C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe" > NUL

C:\Windows\system32\taskkill.exe

taskkill /t /f /im "RdpSaProxy.exe"

C:\Windows\system32\PING.EXE

ping -n 1 127.0.0.1

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
N/A 52.109.12.18:443 tcp
N/A 8.8.8.8:53 ip-api.com udp
N/A 208.95.112.1:80 ip-api.com tcp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 31.184.234.0:6892 udp
N/A 31.184.234.1:6892 udp
N/A 31.184.234.2:6892 udp
N/A 31.184.234.3:6892 udp
N/A 31.184.234.4:6892 udp
N/A 31.184.234.5:6892 udp
N/A 31.184.234.6:6892 udp
N/A 31.184.234.7:6892 udp
N/A 31.184.234.8:6892 udp
N/A 31.184.234.9:6892 udp
N/A 31.184.234.10:6892 udp
N/A 31.184.234.11:6892 udp
N/A 31.184.234.12:6892 udp
N/A 31.184.234.13:6892 udp
N/A 31.184.234.14:6892 udp
N/A 31.184.234.15:6892 udp
N/A 31.184.234.16:6892 udp
N/A 31.184.234.17:6892 udp
N/A 31.184.234.18:6892 udp
N/A 31.184.234.19:6892 udp
N/A 31.184.234.20:6892 udp
N/A 31.184.234.21:6892 udp
N/A 31.184.234.22:6892 udp
N/A 31.184.234.23:6892 udp
N/A 31.184.234.24:6892 udp
N/A 31.184.234.25:6892 udp
N/A 31.184.234.26:6892 udp
N/A 31.184.234.27:6892 udp
N/A 31.184.234.28:6892 udp
N/A 31.184.234.29:6892 udp
N/A 31.184.234.30:6892 udp
N/A 31.184.234.31:6892 udp
N/A 31.184.234.32:6892 udp
N/A 31.184.234.33:6892 udp
N/A 31.184.234.34:6892 udp
N/A 31.184.234.35:6892 udp
N/A 31.184.234.36:6892 udp
N/A 31.184.234.37:6892 udp
N/A 31.184.234.38:6892 udp
N/A 31.184.234.39:6892 udp
N/A 31.184.234.40:6892 udp
N/A 31.184.234.41:6892 udp
N/A 31.184.234.42:6892 udp
N/A 31.184.234.43:6892 udp
N/A 31.184.234.44:6892 udp
N/A 31.184.234.45:6892 udp
N/A 31.184.234.46:6892 udp
N/A 31.184.234.47:6892 udp
N/A 31.184.234.48:6892 udp
N/A 31.184.234.49:6892 udp
N/A 31.184.234.50:6892 udp
N/A 31.184.234.51:6892 udp
N/A 31.184.234.52:6892 udp
N/A 31.184.234.53:6892 udp
N/A 31.184.234.54:6892 udp
N/A 31.184.234.55:6892 udp
N/A 31.184.234.56:6892 udp
N/A 31.184.234.57:6892 udp
N/A 31.184.234.58:6892 udp
N/A 31.184.234.59:6892 udp
N/A 31.184.234.60:6892 udp
N/A 31.184.234.61:6892 udp
N/A 31.184.234.62:6892 udp
N/A 31.184.234.63:6892 udp
N/A 31.184.234.64:6892 udp
N/A 31.184.234.65:6892 udp
N/A 31.184.234.66:6892 udp
N/A 31.184.234.67:6892 udp
N/A 31.184.234.68:6892 udp
N/A 31.184.234.69:6892 udp
N/A 31.184.234.70:6892 udp
N/A 31.184.234.71:6892 udp
N/A 31.184.234.72:6892 udp
N/A 31.184.234.73:6892 udp
N/A 31.184.234.74:6892 udp
N/A 31.184.234.75:6892 udp
N/A 31.184.234.76:6892 udp
N/A 31.184.234.77:6892 udp
N/A 31.184.234.78:6892 udp
N/A 31.184.234.79:6892 udp
N/A 31.184.234.80:6892 udp
N/A 31.184.234.81:6892 udp
N/A 31.184.234.82:6892 udp
N/A 31.184.234.83:6892 udp
N/A 31.184.234.84:6892 udp
N/A 31.184.234.85:6892 udp
N/A 31.184.234.86:6892 udp
N/A 31.184.234.87:6892 udp
N/A 31.184.234.88:6892 udp
N/A 31.184.234.89:6892 udp
N/A 31.184.234.90:6892 udp
N/A 31.184.234.91:6892 udp
N/A 31.184.234.92:6892 udp
N/A 31.184.234.93:6892 udp
N/A 31.184.234.94:6892 udp
N/A 31.184.234.95:6892 udp
N/A 31.184.234.96:6892 udp
N/A 31.184.234.97:6892 udp
N/A 31.184.234.98:6892 udp
N/A 31.184.234.99:6892 udp
N/A 31.184.234.100:6892 udp
N/A 31.184.234.101:6892 udp
N/A 31.184.234.102:6892 udp
N/A 31.184.234.103:6892 udp
N/A 31.184.234.104:6892 udp
N/A 31.184.234.105:6892 udp
N/A 31.184.234.106:6892 udp
N/A 31.184.234.107:6892 udp
N/A 31.184.234.108:6892 udp
N/A 31.184.234.109:6892 udp
N/A 31.184.234.110:6892 udp
N/A 31.184.234.111:6892 udp
N/A 31.184.234.112:6892 udp
N/A 31.184.234.113:6892 udp
N/A 31.184.234.114:6892 udp
N/A 31.184.234.115:6892 udp
N/A 31.184.234.116:6892 udp
N/A 31.184.234.117:6892 udp
N/A 31.184.234.118:6892 udp
N/A 31.184.234.119:6892 udp
N/A 31.184.234.120:6892 udp
N/A 31.184.234.121:6892 udp
N/A 31.184.234.122:6892 udp
N/A 31.184.234.123:6892 udp
N/A 31.184.234.124:6892 udp
N/A 31.184.234.125:6892 udp
N/A 31.184.234.126:6892 udp
N/A 31.184.234.127:6892 udp
N/A 31.184.234.128:6892 udp
N/A 31.184.234.129:6892 udp
N/A 31.184.234.130:6892 udp
N/A 31.184.234.131:6892 udp
N/A 31.184.234.132:6892 udp
N/A 31.184.234.133:6892 udp
N/A 31.184.234.134:6892 udp
N/A 31.184.234.135:6892 udp
N/A 31.184.234.136:6892 udp
N/A 31.184.234.137:6892 udp
N/A 31.184.234.138:6892 udp
N/A 31.184.234.139:6892 udp
N/A 31.184.234.140:6892 udp
N/A 31.184.234.141:6892 udp
N/A 31.184.234.142:6892 udp
N/A 31.184.234.143:6892 udp
N/A 31.184.234.144:6892 udp
N/A 31.184.234.145:6892 udp
N/A 31.184.234.146:6892 udp
N/A 31.184.234.147:6892 udp
N/A 31.184.234.148:6892 udp
N/A 31.184.234.149:6892 udp
N/A 31.184.234.150:6892 udp
N/A 31.184.234.151:6892 udp
N/A 31.184.234.152:6892 udp
N/A 31.184.234.153:6892 udp
N/A 31.184.234.154:6892 udp
N/A 31.184.234.155:6892 udp
N/A 31.184.234.156:6892 udp
N/A 31.184.234.157:6892 udp
N/A 31.184.234.158:6892 udp
N/A 31.184.234.159:6892 udp
N/A 31.184.234.160:6892 udp
N/A 31.184.234.161:6892 udp
N/A 31.184.234.162:6892 udp
N/A 31.184.234.163:6892 udp
N/A 31.184.234.164:6892 udp
N/A 31.184.234.165:6892 udp
N/A 31.184.234.166:6892 udp
N/A 31.184.234.167:6892 udp
N/A 31.184.234.168:6892 udp
N/A 31.184.234.169:6892 udp
N/A 31.184.234.170:6892 udp
N/A 31.184.234.171:6892 udp
N/A 31.184.234.172:6892 udp
N/A 31.184.234.173:6892 udp
N/A 31.184.234.174:6892 udp
N/A 31.184.234.175:6892 udp
N/A 31.184.234.176:6892 udp
N/A 31.184.234.177:6892 udp
N/A 31.184.234.178:6892 udp
N/A 31.184.234.179:6892 udp
N/A 31.184.234.180:6892 udp
N/A 31.184.234.181:6892 udp
N/A 31.184.234.182:6892 udp
N/A 31.184.234.183:6892 udp
N/A 31.184.234.184:6892 udp
N/A 31.184.234.185:6892 udp
N/A 31.184.234.186:6892 udp
N/A 31.184.234.187:6892 udp
N/A 31.184.234.188:6892 udp
N/A 31.184.234.189:6892 udp
N/A 31.184.234.190:6892 udp
N/A 31.184.234.191:6892 udp
N/A 31.184.234.192:6892 udp
N/A 31.184.234.193:6892 udp
N/A 31.184.234.194:6892 udp
N/A 31.184.234.195:6892 udp
N/A 31.184.234.196:6892 udp
N/A 31.184.234.197:6892 udp
N/A 31.184.234.198:6892 udp
N/A 31.184.234.199:6892 udp
N/A 31.184.234.200:6892 udp
N/A 31.184.234.201:6892 udp
N/A 31.184.234.202:6892 udp
N/A 31.184.234.203:6892 udp
N/A 31.184.234.204:6892 udp
N/A 31.184.234.205:6892 udp
N/A 31.184.234.206:6892 udp
N/A 31.184.234.207:6892 udp
N/A 31.184.234.208:6892 udp
N/A 31.184.234.209:6892 udp
N/A 31.184.234.210:6892 udp
N/A 31.184.234.211:6892 udp
N/A 31.184.234.212:6892 udp
N/A 31.184.234.213:6892 udp
N/A 31.184.234.214:6892 udp
N/A 31.184.234.215:6892 udp
N/A 31.184.234.216:6892 udp
N/A 31.184.234.217:6892 udp
N/A 31.184.234.218:6892 udp
N/A 31.184.234.219:6892 udp
N/A 31.184.234.220:6892 udp
N/A 31.184.234.221:6892 udp
N/A 31.184.234.222:6892 udp
N/A 31.184.234.223:6892 udp
N/A 31.184.234.224:6892 udp
N/A 31.184.234.225:6892 udp
N/A 31.184.234.226:6892 udp
N/A 31.184.234.227:6892 udp
N/A 31.184.234.228:6892 udp
N/A 31.184.234.229:6892 udp
N/A 31.184.234.230:6892 udp
N/A 31.184.234.231:6892 udp
N/A 31.184.234.232:6892 udp
N/A 31.184.234.233:6892 udp
N/A 31.184.234.234:6892 udp
N/A 31.184.234.235:6892 udp
N/A 31.184.234.236:6892 udp
N/A 31.184.234.237:6892 udp
N/A 31.184.234.238:6892 udp
N/A 31.184.234.239:6892 udp
N/A 31.184.234.240:6892 udp
N/A 31.184.234.241:6892 udp
N/A 31.184.234.242:6892 udp
N/A 31.184.234.243:6892 udp
N/A 31.184.234.244:6892 udp
N/A 31.184.234.245:6892 udp
N/A 31.184.234.246:6892 udp
N/A 31.184.234.247:6892 udp
N/A 31.184.234.248:6892 udp
N/A 31.184.234.249:6892 udp
N/A 31.184.234.250:6892 udp
N/A 31.184.234.251:6892 udp
N/A 31.184.234.252:6892 udp
N/A 31.184.234.253:6892 udp
N/A 31.184.234.254:6892 udp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 31.184.234.255:6892 udp
N/A 31.184.235.0:6892 udp
N/A 31.184.235.1:6892 udp
N/A 31.184.235.2:6892 udp
N/A 31.184.235.3:6892 udp
N/A 31.184.235.4:6892 udp
N/A 31.184.235.5:6892 udp
N/A 31.184.235.6:6892 udp
N/A 31.184.235.7:6892 udp
N/A 31.184.235.8:6892 udp
N/A 31.184.235.9:6892 udp
N/A 31.184.235.10:6892 udp
N/A 31.184.235.11:6892 udp
N/A 31.184.235.12:6892 udp
N/A 31.184.235.13:6892 udp
N/A 31.184.235.14:6892 udp
N/A 31.184.235.15:6892 udp
N/A 31.184.235.16:6892 udp
N/A 31.184.235.17:6892 udp
N/A 31.184.235.18:6892 udp
N/A 31.184.235.19:6892 udp
N/A 31.184.235.20:6892 udp
N/A 31.184.235.21:6892 udp
N/A 31.184.235.22:6892 udp
N/A 31.184.235.23:6892 udp
N/A 31.184.235.24:6892 udp
N/A 31.184.235.25:6892 udp
N/A 31.184.235.26:6892 udp
N/A 31.184.235.27:6892 udp
N/A 31.184.235.28:6892 udp
N/A 31.184.235.29:6892 udp
N/A 31.184.235.30:6892 udp
N/A 31.184.235.31:6892 udp
N/A 31.184.235.32:6892 udp
N/A 31.184.235.33:6892 udp
N/A 31.184.235.34:6892 udp
N/A 31.184.235.35:6892 udp
N/A 31.184.235.36:6892 udp
N/A 31.184.235.37:6892 udp
N/A 31.184.235.38:6892 udp
N/A 31.184.235.39:6892 udp
N/A 31.184.235.40:6892 udp
N/A 31.184.235.41:6892 udp
N/A 31.184.235.42:6892 udp
N/A 31.184.235.43:6892 udp
N/A 31.184.235.44:6892 udp
N/A 31.184.235.45:6892 udp
N/A 31.184.235.46:6892 udp
N/A 31.184.235.47:6892 udp
N/A 31.184.235.48:6892 udp
N/A 31.184.235.49:6892 udp
N/A 31.184.235.50:6892 udp
N/A 31.184.235.51:6892 udp
N/A 31.184.235.52:6892 udp
N/A 31.184.235.53:6892 udp
N/A 31.184.235.54:6892 udp
N/A 31.184.235.55:6892 udp
N/A 31.184.235.56:6892 udp
N/A 31.184.235.57:6892 udp
N/A 31.184.235.58:6892 udp
N/A 31.184.235.59:6892 udp
N/A 31.184.235.60:6892 udp
N/A 31.184.235.61:6892 udp
N/A 31.184.235.62:6892 udp
N/A 31.184.235.63:6892 udp
N/A 31.184.235.64:6892 udp
N/A 31.184.235.65:6892 udp
N/A 31.184.235.66:6892 udp
N/A 31.184.235.67:6892 udp
N/A 31.184.235.68:6892 udp
N/A 31.184.235.69:6892 udp
N/A 31.184.235.70:6892 udp
N/A 31.184.235.71:6892 udp
N/A 31.184.235.72:6892 udp
N/A 31.184.235.73:6892 udp
N/A 31.184.235.74:6892 udp
N/A 31.184.235.75:6892 udp
N/A 31.184.235.76:6892 udp
N/A 31.184.235.77:6892 udp
N/A 31.184.235.78:6892 udp
N/A 31.184.235.79:6892 udp
N/A 31.184.235.80:6892 udp
N/A 31.184.235.81:6892 udp
N/A 31.184.235.82:6892 udp
N/A 31.184.235.83:6892 udp
N/A 31.184.235.84:6892 udp
N/A 31.184.235.85:6892 udp
N/A 31.184.235.86:6892 udp
N/A 31.184.235.87:6892 udp
N/A 31.184.235.88:6892 udp
N/A 31.184.235.89:6892 udp
N/A 31.184.235.90:6892 udp
N/A 31.184.235.91:6892 udp
N/A 31.184.235.92:6892 udp
N/A 31.184.235.93:6892 udp
N/A 31.184.235.94:6892 udp
N/A 31.184.235.95:6892 udp
N/A 31.184.235.96:6892 udp
N/A 31.184.235.97:6892 udp
N/A 31.184.235.98:6892 udp
N/A 31.184.235.99:6892 udp
N/A 31.184.235.100:6892 udp
N/A 31.184.235.101:6892 udp
N/A 31.184.235.102:6892 udp
N/A 31.184.235.103:6892 udp
N/A 31.184.235.104:6892 udp
N/A 31.184.235.105:6892 udp
N/A 31.184.235.106:6892 udp
N/A 31.184.235.107:6892 udp
N/A 31.184.235.108:6892 udp
N/A 31.184.235.109:6892 udp
N/A 31.184.235.110:6892 udp
N/A 31.184.235.111:6892 udp
N/A 31.184.235.112:6892 udp
N/A 31.184.235.113:6892 udp
N/A 31.184.235.114:6892 udp
N/A 31.184.235.115:6892 udp
N/A 31.184.235.116:6892 udp
N/A 31.184.235.117:6892 udp
N/A 31.184.235.118:6892 udp
N/A 31.184.235.119:6892 udp
N/A 31.184.235.120:6892 udp
N/A 31.184.235.121:6892 udp
N/A 31.184.235.122:6892 udp
N/A 31.184.235.123:6892 udp
N/A 31.184.235.124:6892 udp
N/A 31.184.235.125:6892 udp
N/A 31.184.235.126:6892 udp
N/A 31.184.235.127:6892 udp
N/A 31.184.235.128:6892 udp
N/A 31.184.235.129:6892 udp
N/A 31.184.235.130:6892 udp
N/A 31.184.235.131:6892 udp
N/A 31.184.235.132:6892 udp
N/A 31.184.235.133:6892 udp
N/A 31.184.235.134:6892 udp
N/A 31.184.235.135:6892 udp
N/A 31.184.235.136:6892 udp
N/A 31.184.235.137:6892 udp
N/A 31.184.235.138:6892 udp
N/A 31.184.235.139:6892 udp
N/A 31.184.235.140:6892 udp
N/A 31.184.235.141:6892 udp
N/A 31.184.235.142:6892 udp
N/A 31.184.235.143:6892 udp
N/A 31.184.235.144:6892 udp
N/A 31.184.235.145:6892 udp
N/A 31.184.235.146:6892 udp
N/A 31.184.235.147:6892 udp
N/A 31.184.235.148:6892 udp
N/A 31.184.235.149:6892 udp
N/A 31.184.235.150:6892 udp
N/A 31.184.235.151:6892 udp
N/A 31.184.235.152:6892 udp
N/A 31.184.235.153:6892 udp
N/A 31.184.235.154:6892 udp
N/A 31.184.235.155:6892 udp
N/A 31.184.235.156:6892 udp
N/A 31.184.235.157:6892 udp
N/A 31.184.235.158:6892 udp
N/A 31.184.235.159:6892 udp
N/A 31.184.235.160:6892 udp
N/A 31.184.235.161:6892 udp
N/A 31.184.235.162:6892 udp
N/A 31.184.235.163:6892 udp
N/A 31.184.235.164:6892 udp
N/A 31.184.235.165:6892 udp
N/A 31.184.235.166:6892 udp
N/A 31.184.235.167:6892 udp
N/A 31.184.235.168:6892 udp
N/A 31.184.235.169:6892 udp
N/A 31.184.235.170:6892 udp
N/A 31.184.235.171:6892 udp
N/A 31.184.235.172:6892 udp
N/A 31.184.235.173:6892 udp
N/A 31.184.235.174:6892 udp
N/A 31.184.235.175:6892 udp
N/A 31.184.235.176:6892 udp
N/A 31.184.235.177:6892 udp
N/A 31.184.235.178:6892 udp
N/A 31.184.235.179:6892 udp
N/A 31.184.235.180:6892 udp
N/A 31.184.235.181:6892 udp
N/A 31.184.235.182:6892 udp
N/A 31.184.235.183:6892 udp
N/A 31.184.235.184:6892 udp
N/A 31.184.235.185:6892 udp
N/A 31.184.235.186:6892 udp
N/A 31.184.235.187:6892 udp
N/A 31.184.235.188:6892 udp
N/A 31.184.235.189:6892 udp
N/A 31.184.235.190:6892 udp
N/A 31.184.235.191:6892 udp
N/A 31.184.235.192:6892 udp
N/A 31.184.235.193:6892 udp
N/A 31.184.235.194:6892 udp
N/A 31.184.235.195:6892 udp
N/A 31.184.235.196:6892 udp
N/A 31.184.235.197:6892 udp
N/A 31.184.235.198:6892 udp
N/A 31.184.235.199:6892 udp
N/A 31.184.235.200:6892 udp
N/A 31.184.235.201:6892 udp
N/A 31.184.235.202:6892 udp
N/A 31.184.235.203:6892 udp
N/A 31.184.235.204:6892 udp
N/A 31.184.235.205:6892 udp
N/A 31.184.235.206:6892 udp
N/A 31.184.235.207:6892 udp
N/A 31.184.235.208:6892 udp
N/A 31.184.235.209:6892 udp
N/A 31.184.235.210:6892 udp
N/A 31.184.235.211:6892 udp
N/A 31.184.235.212:6892 udp
N/A 31.184.235.213:6892 udp
N/A 31.184.235.214:6892 udp
N/A 31.184.235.215:6892 udp
N/A 31.184.235.216:6892 udp
N/A 31.184.235.217:6892 udp
N/A 31.184.235.218:6892 udp
N/A 31.184.235.219:6892 udp
N/A 31.184.235.220:6892 udp
N/A 31.184.235.221:6892 udp
N/A 31.184.235.222:6892 udp
N/A 31.184.235.223:6892 udp
N/A 31.184.235.224:6892 udp
N/A 31.184.235.225:6892 udp
N/A 31.184.235.226:6892 udp
N/A 31.184.235.227:6892 udp
N/A 31.184.235.228:6892 udp
N/A 31.184.235.229:6892 udp
N/A 31.184.235.230:6892 udp
N/A 31.184.235.231:6892 udp
N/A 31.184.235.232:6892 udp
N/A 31.184.235.233:6892 udp
N/A 31.184.235.234:6892 udp
N/A 31.184.235.235:6892 udp
N/A 31.184.235.236:6892 udp
N/A 31.184.235.237:6892 udp
N/A 31.184.235.238:6892 udp
N/A 31.184.235.239:6892 udp
N/A 31.184.235.240:6892 udp
N/A 31.184.235.241:6892 udp
N/A 31.184.235.242:6892 udp
N/A 31.184.235.243:6892 udp
N/A 31.184.235.244:6892 udp
N/A 31.184.235.245:6892 udp
N/A 31.184.235.246:6892 udp
N/A 31.184.235.247:6892 udp
N/A 31.184.235.248:6892 udp
N/A 31.184.235.249:6892 udp
N/A 31.184.235.250:6892 udp
N/A 31.184.235.251:6892 udp
N/A 31.184.235.252:6892 udp
N/A 31.184.235.253:6892 udp
N/A 31.184.235.254:6892 udp
N/A 31.184.235.255:6892 udp
N/A 185.100.85.150:80 bqyjebfh25oellur.onion.to tcp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 btc.blockr.io udp
N/A 8.8.8.8:53 api.blockcypher.com udp
N/A 104.20.21.251:80 api.blockcypher.com tcp
N/A 104.20.21.251:80 api.blockcypher.com tcp
N/A 8.8.8.8:53 chain.so udp
N/A 104.24.104.254:443 chain.so tcp
N/A 104.24.104.254:443 chain.so tcp
N/A 8.8.8.8:53 bqyjebfh25oellur.onion.to udp
N/A 8.8.8.8:53 iecvlist.microsoft.com udp
N/A 152.199.19.161:443 iecvlist.microsoft.com tcp
N/A 8.8.8.8:53 ieonline.microsoft.com udp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 204.79.197.200:443 ieonline.microsoft.com tcp
N/A 8.8.8.8:53 go.microsoft.com udp
N/A 104.94.191.152:443 go.microsoft.com tcp
N/A 104.94.191.152:443 go.microsoft.com tcp
N/A 8.8.8.8:53 www.microsoft.com udp
N/A 8.8.8.8:53 www.bing.com udp
N/A 204.79.197.200:443 www.bing.com tcp
N/A 204.79.197.200:443 www.bing.com tcp

Files

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

memory/2800-0-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

memory/3128-3-0x0000000000000000-mapping.dmp

memory/2672-4-0x0000000000000000-mapping.dmp

memory/1376-5-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\RdpSaProxy.lnk

MD5 0226ee3692289a281bf5dc8bde382b3a
SHA1 4a827ec0f567652fa40d72ed6fba94e86e1b9797
SHA256 f0f36842676f486f526a55e79a9f2879abecc6b08fc02222f7b55514338a8a71
SHA512 305c71f5c86ade52fb4cf7dac4f7bbcc86e8d932b44d339142c21eb41100f5121079ee53ba6480bcac6eb3d219c4b6ff1978ddbe208bc0921d51364c713779b8

C:\Users\Admin\AppData\Roaming\{979CC176-2CBB-9CDF-ED19-828F81E1B52B}\RdpSaProxy.exe

MD5 afc1938955e21df97c24920cfe55acd7
SHA1 81f95143a249dffec618ee9b463dc9e3fd0b9307
SHA256 75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
SHA512 854d74ed6bb29576deeb4992b30c72766f0faaa2f57b35fd2945c8bdcc93e1b16657749585518e66ea4df26e4a4247546b812e26af4479af3d4338e0aa5c46ea

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.html

MD5 da5defe8ba86464edaf8a9e3578a62ff
SHA1 adf90621e76efaf22e8caafe3047bcc158c60c5e
SHA256 045fa3dda7e36ee371b14a8d8b9eb0119caf945233a99ab3325942427fdfe50f
SHA512 8807a9ff05e092f5ad8b5b09c09930f9c7a0ab9a798d52d4a8e14adb2b7a1ca3e39401d0e839ba29a610bc30fcd01dc700172bc9e6271f95e2e9311779d750c8

memory/1292-9-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.txt

MD5 3b830a4547fb471fc53a35659fab99e2
SHA1 bf83045b3edb858e0742f7521d0f03aadbf95a74
SHA256 a7c1e6540b04ff2e5d72462fc5aa93a60f0d2615a83cecf9bb1adc6284ff9c92
SHA512 db4af1ea0d8be30d1fef647625046c87d38a01b32b88526544512267c2ee377e6ac4c5c2fc8ba4301fdbd23a49870b743e4dd62ce9874fe8de4e63cfa4c629cd

memory/3476-28-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\# DECRYPT MY FILES #.vbs

MD5 1c2a24505278e661eca32666d4311ce5
SHA1 d1deb57023bbe38a33f0894b6a9a7bbffbfdeeee
SHA256 3f0dc6126cf33e7aa725df926a1b7d434eaf62a69f42e1b8ae4c110fd3572628
SHA512 ce866f2c4b96c6c7c090f4bf1708bfebdfcd58ce65a23bdc124a13402ef4941377c7e286e6156a28bd229e422685454052382f1f532545bc2edf07be4861b36c

memory/4492-42-0x0000000000000000-mapping.dmp

memory/4536-43-0x0000000000000000-mapping.dmp

memory/4592-44-0x0000000000000000-mapping.dmp