NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 Here's a Regshot for MyPal 27.9.4 ran using the official Portable Pale Moon loader -- 1 hour ago, ArcticFoxie said: ---------------------------------- Values added: 5 ---------------------------------- HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}" HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\! CnyrZbbaCbegnoyr\CnyrZbba-Cbegnoyr.rkr: 02 00 00 00 06 00 00 00 40 6C 56 B4 C7 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\PaleMoon-Portable.exe: "PaleMoon-Portable" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\Bin\PaleMoon\PaleMoon.exe: "Pale Moon web browser" ---------------------------------- Values modified: 6 ---------------------------------- HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: F5 FD 3D 2E 31 60 A0 00 1C 86 12 16 3E 69 D8 65 E9 9A E1 34 31 D2 B0 83 20 B3 AE 52 B9 07 8E 2D BA 6E 09 EB E8 8D 0B C3 68 36 F5 9A 57 A5 D3 60 3F AF FF FF C8 2F F7 45 08 DB 04 A2 AB 99 A7 62 F7 53 7E BC B5 CF 32 E3 67 80 67 36 10 32 65 0C HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 7E A1 93 75 27 D6 37 9A A3 46 C1 94 BB 27 08 AB C5 0C EB 69 C7 A3 B4 9A 06 56 79 0B 81 1F 60 4B B7 43 D3 A6 3C 74 5B F3 36 55 47 39 2F E4 86 A9 39 DD AD D0 7E CE 9E E8 3F 94 9D E6 0A 6A D0 20 B5 94 6F 99 74 E9 1F 93 C2 51 C3 12 13 E7 AA F9 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0B 00 00 00 B0 B1 90 B0 C7 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0C 00 00 00 40 6C 56 B4 C7 84 D7 01 ---------------------------------- Total changes: 11 ---------------------------------- Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 Here's a Regshot for your Modified v12 (bold highlights are the items that strike me as a concern ["tracing" and "ESENT" are OS but it concerns me because MyPal doesn't have these]) -- 1 hour ago, ArcticFoxie said: ---------------------------------- Keys deleted: 1 ---------------------------------- HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs ---------------------------------- Keys added: 14 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKLM\SOFTWARE\MozillaPlugins HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest\Config ---------------------------------- Values added: 17 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr\360Ybnqre.rkr: 02 00 00 00 06 00 00 00 F0 72 33 5F C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\360Loader.exe: "360Loader" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\Chrome\Application\360chrome.exe: "360chrome" ---------------------------------- Values modified: 7 ---------------------------------- HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: B5 83 64 47 D2 D0 2F 17 2B 80 02 E0 16 2D D3 2D 7B CA EB E1 55 FC 15 42 D6 E2 C9 6A 2B 7D DC 3E B8 A5 1F 8B 17 AB CE DD 0C DC 54 CD 5D 62 11 EC 06 BC A4 75 2E 4A 82 84 CD FF 38 DB FA DE 10 84 F4 4C 96 11 CE C4 5C 99 B0 24 E5 BF 8C E7 A1 AF HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 90 FE 3E 71 8D 14 B5 FB 0E F1 95 69 60 87 EC 7D 8E 2F 25 E7 9C 69 F0 91 79 C2 84 9B C0 AD 4A 4F F1 03 62 EF 19 68 4E 57 30 EF 1D 14 B5 A6 A1 27 9E 1B 53 0B C5 EB 3D DE B3 2F 5D 48 ED E4 6D FD 94 D7 C4 6A A1 27 A9 11 B6 28 ED CA C8 86 63 26 HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0D 00 00 00 E0 C0 53 4C C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0E 00 00 00 F0 72 33 5F C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 06 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 05 00 00 00 06 00 00 00 00 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF ---------------------------------- Total changes: 39 ---------------------------------- Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 Here is the Regshot for your v13 build 2250 (again with bold highlights for items of concern) -- 1 hour ago, ArcticFoxie said: ---------------------------------- Keys deleted: 1 ---------------------------------- HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs ---------------------------------- Keys added: 11 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKLM\SOFTWARE\MozillaPlugins HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls ---------------------------------- Values added: 17 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr UB 2250\360Ybnqre.rkr: 02 00 00 00 06 00 00 00 80 1C C2 CA CD 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\360Loader.exe: "360Loader" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\Chrome\Application\360chrome.exe: "360chrome" ---------------------------------- Values modified: 6 ---------------------------------- HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: C5 BB D8 0C 95 C0 C6 29 30 01 FD A3 2E EB 1C 35 BD BA 0C 80 5B DC 1B 2B 79 0D 5E 45 88 60 F9 40 22 C1 8A F0 94 AB 26 0E 64 56 0A 20 D1 93 E3 60 DF D5 FF 63 AC 1B D8 C9 9A 91 56 B2 D2 7B D9 CB 32 87 20 57 7E 16 97 1C E8 18 46 74 1C 45 5C 4F HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 86 18 3B F5 6E 23 A0 7F 58 31 C8 7C 33 D0 3D B3 A1 6B 70 CF F1 F9 FB 2C BF 35 BB 0F 90 36 33 27 FD 95 F6 86 F2 B9 94 14 9A 19 FC E2 98 4C 1A 47 4A 44 9B B6 C5 A3 40 83 F6 2E B4 3A 54 22 97 DE 29 22 FF 97 8C 36 E4 E0 70 78 E2 EF 8D 26 CF 60 HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0B 00 00 00 A0 42 B7 C6 CD 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0C 00 00 00 80 1C C2 CA CD 84 D7 01 ---------------------------------- Total changes: 35 ---------------------------------- Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 (edited) Here is the Regshot for my v13 build 2206 rebuild 3 -- 1 hour ago, ArcticFoxie said: ---------------------------------- Values added: 3 ---------------------------------- HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr 2206 erohvyq 3 - haena\360Ybnqre.rkr: 02 00 00 00 06 00 00 00 30 61 55 F0 C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome 2206 rebuild 3 - unran\360Loader.exe: "360Loader" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome 2206 rebuild 3 - unran\Chrome\Application\360chrome.exe: "360Chrome" ---------------------------------- Values modified: 2 ---------------------------------- HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 47 6E CB 29 0D 2D 94 A7 FA FF A9 CC 09 A9 EC D0 8B B3 81 E2 A7 90 55 37 8C 6F A7 0C 90 25 8B C2 7A 45 FD 1A 22 68 6D D8 C4 F4 5E 6E F1 FE 83 6B 83 64 4C 12 04 2E F5 A0 4A 65 FC 07 C9 AF D8 96 C5 DA D0 17 03 61 4F 31 25 6D ED F5 FB B5 94 9E HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 36 46 6D 2B 68 00 EA D8 54 7B 2D E0 97 2E B3 14 59 8F 28 3B 12 6C 82 E0 0F E6 4B 94 F9 21 5C 85 92 0D E7 6E E3 D3 52 04 D3 F8 00 FA D7 0B 51 37 87 3D 3C B6 FB 01 75 3D 3E B1 6E 4B 6F 59 A2 CB 1E A4 97 13 E2 C7 8B 0E A4 2E 21 54 89 F2 A4 8B HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 10 00 00 00 40 D1 4C EC C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 11 00 00 00 30 61 55 F0 C5 84 D7 01 ---------------------------------- Total changes: 5 ---------------------------------- Edited July 30, 2021 by ArcticFoxie Link to comment Share on other sites More sharing options...
RainyShadow Posted July 30, 2021 Share Posted July 30, 2021 (edited) Maybe make the initial post with placeholder single-line spoilers, then paste the multi-line content when editing? 4 hours ago, ArcticFoxie said: Here's a Regshot for MyPal 27.9.4 ran using the official Portable Pale Moon loader -- ---------------------------------- Values added: 5 ---------------------------------- HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}" HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\! CnyrZbbaCbegnoyr\CnyrZbba-Cbegnoyr.rkr: 02 00 00 00 06 00 00 00 40 6C 56 B4 C7 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\PaleMoon-Portable.exe: "PaleMoon-Portable" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\Bin\PaleMoon\PaleMoon.exe: "Pale Moon web browser" ---------------------------------- Values modified: 6 ---------------------------------- HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: F5 FD 3D 2E 31 60 A0 00 1C 86 12 16 3E 69 D8 65 E9 9A E1 34 31 D2 B0 83 20 B3 AE 52 B9 07 8E 2D BA 6E 09 EB E8 8D 0B C3 68 36 F5 9A 57 A5 D3 60 3F AF FF FF C8 2F F7 45 08 DB 04 A2 AB 99 A7 62 F7 53 7E BC B5 CF 32 E3 67 80 67 36 10 32 65 0C HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 7E A1 93 75 27 D6 37 9A A3 46 C1 94 BB 27 08 AB C5 0C EB 69 C7 A3 B4 9A 06 56 79 0B 81 1F 60 4B B7 43 D3 A6 3C 74 5B F3 36 55 47 39 2F E4 86 A9 39 DD AD D0 7E CE 9E E8 3F 94 9D E6 0A 6A D0 20 B5 94 6F 99 74 E9 1F 93 C2 51 C3 12 13 E7 AA F9 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000 HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000 HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0B 00 00 00 B0 B1 90 B0 C7 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0C 00 00 00 40 6C 56 B4 C7 84 D7 01 ---------------------------------- Total changes: 11 ---------------------------------- 4 hours ago, ArcticFoxie said: Here's a Regshot for your Modified v12 (bold highlights are the items that strike me as a concern ["tracing" and "ESENT" are OS but it concerns me because MyPal doesn't have these]) -- ---------------------------------- Keys deleted: 1 ---------------------------------- HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs ---------------------------------- Keys added: 14 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKLM\SOFTWARE\MozillaPlugins HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest\Config ---------------------------------- Values added: 17 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr\360Ybnqre.rkr: 02 00 00 00 06 00 00 00 F0 72 33 5F C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\360Loader.exe: "360Loader" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\Chrome\Application\360chrome.exe: "360chrome" ---------------------------------- Values modified: 7 ---------------------------------- HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: B5 83 64 47 D2 D0 2F 17 2B 80 02 E0 16 2D D3 2D 7B CA EB E1 55 FC 15 42 D6 E2 C9 6A 2B 7D DC 3E B8 A5 1F 8B 17 AB CE DD 0C DC 54 CD 5D 62 11 EC 06 BC A4 75 2E 4A 82 84 CD FF 38 DB FA DE 10 84 F4 4C 96 11 CE C4 5C 99 B0 24 E5 BF 8C E7 A1 AF HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 90 FE 3E 71 8D 14 B5 FB 0E F1 95 69 60 87 EC 7D 8E 2F 25 E7 9C 69 F0 91 79 C2 84 9B C0 AD 4A 4F F1 03 62 EF 19 68 4E 57 30 EF 1D 14 B5 A6 A1 27 9E 1B 53 0B C5 EB 3D DE B3 2F 5D 48 ED E4 6D FD 94 D7 C4 6A A1 27 A9 11 B6 28 ED CA C8 86 63 26 HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0D 00 00 00 E0 C0 53 4C C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0E 00 00 00 F0 72 33 5F C5 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 06 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 05 00 00 00 06 00 00 00 00 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF ---------------------------------- Total changes: 39 ---------------------------------- 4 hours ago, ArcticFoxie said: Here is the Regshot for your v13 build 2250 (again with bold highlights for items of concern) -- ---------------------------------- Keys deleted: 1 ---------------------------------- HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs ---------------------------------- Keys added: 11 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKLM\SOFTWARE\MozillaPlugins HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls ---------------------------------- Values added: 17 ---------------------------------- HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: "" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr UB 2250\360Ybnqre.rkr: 02 00 00 00 06 00 00 00 80 1C C2 CA CD 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\360Loader.exe: "360Loader" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\Chrome\Application\360chrome.exe: "360chrome" ---------------------------------- Values modified: 6 ---------------------------------- HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: C5 BB D8 0C 95 C0 C6 29 30 01 FD A3 2E EB 1C 35 BD BA 0C 80 5B DC 1B 2B 79 0D 5E 45 88 60 F9 40 22 C1 8A F0 94 AB 26 0E 64 56 0A 20 D1 93 E3 60 DF D5 FF 63 AC 1B D8 C9 9A 91 56 B2 D2 7B D9 CB 32 87 20 57 7E 16 97 1C E8 18 46 74 1C 45 5C 4F HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 86 18 3B F5 6E 23 A0 7F 58 31 C8 7C 33 D0 3D B3 A1 6B 70 CF F1 F9 FB 2C BF 35 BB 0F 90 36 33 27 FD 95 F6 86 F2 B9 94 14 9A 19 FC E2 98 4C 1A 47 4A 44 9B B6 C5 A3 40 83 F6 2E B4 3A 54 22 97 DE 29 22 FF 97 8C 36 E4 E0 70 78 E2 EF 8D 26 CF 60 HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll" HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll" HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0B 00 00 00 A0 42 B7 C6 CD 84 D7 01 HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 02 00 00 00 0C 00 00 00 80 1C C2 CA CD 84 D7 01 ---------------------------------- Total changes: 35 ---------------------------------- test test now it won't let me copy your last post... definitely harder than it should be, ugh... Edited July 30, 2021 by RainyShadow Link to comment Share on other sites More sharing options...
Gansangriff Posted July 30, 2021 Share Posted July 30, 2021 Modified V13 Test: There were no connections to gstatic or some chinese server, but the very suspicious nonsense searches in NBNS and DNS keep happening, when the 360EE is started. 1 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 5 hours ago, Gansangriff said: ... but the very suspicious nonsense searches in NBNS and DNS keep happening, when the 360EE is started. Could you please provide a screencap or a description of where you see this so we can attempt to isolate? Is this from Wireshark? Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 Did find this -- https://wiki.wireshark.org/NetBIOS/NBNS Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 (edited) Holy Crap! Found 'em! Counted 12 DNS's and 9 NBNS's. I had to block msfn.org in my hosts file to isolate them - I really do have a great dislike for any web browser having any sort of "first launch" page -- maybe that's "just me" All 12 DNS's and all 9 NBNS's are not first run, they are every run if you run Modified v13 2250 "as-is". You do not get these if you run the files via the portable loader - ie, do not directly execute the 360chrome.exe in Humming Owl's "Chrome-bin" folder. That's all I've tracked down thus far, will investigate further as time permits. Edited July 30, 2021 by ArcticFoxie Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 Eureka! Found it! The portable loader launches 360Chrome with this command line switch ==>> --disable-background-networking Launch 360Chrome without this command line switch and those DNS's and NBNS's will appear with every launch. Launch 360Chrome with this command line switch and you never get those DNS's and NBNS's. Maybe I shouldn't say "never", since it has to do with background networking, maybe these will show up if you use 360Chrome to ftp:\\ across your LAN or something of that sort. Link to comment Share on other sites More sharing options...
Humming Owl Posted July 30, 2021 Author Share Posted July 30, 2021 From what I have seen in the pages below this is normal behavior. Ungoogled Chromium doesn't have it but maybe it breaks some functionality because of it. I had my suspicion with those connections when I first saw them but when I saw that the queries were random combinations of letters I thought maybe it was some kind of checking. https://www.codevat.com/articles/chromium-background-connections/ (See the "Additional Tweaks and Details" section) https://mikewest.org/2012/02/chrome-connects-to-three-random-domains-at-startup/ Cheers. Link to comment Share on other sites More sharing options...
Humming Owl Posted July 30, 2021 Author Share Posted July 30, 2021 16 hours ago, ArcticFoxie said: Here is the Regshot for your v13 build 2250 (again with bold highlights for items of concern) -- Could you do a test with Ungoogled Chromium? Thanks for the regshots by the way. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 21 minutes ago, Humming Owl said: From what I have seen in the pages below this is normal behavior. Agreed! I have come to the conclusion that people only look for this stuff in 360Chrome and that the same people don't care about "telemetry" when it comes to anything Mozilla-based -- "it is what it is". No biggie, should create a much larger user-base once people realize the "shenanigans" that their Mozilla-based browsers are doing. Here is one I find interesting -- MyPal 27.9.4 + NoScript 5.1.9. MyPal (I suspect the same for New Moon also, but have not verified) is awesome with no connections and no registry entries as a plain-jane browser. Add NoScript 5.1.9 and Joe's Datacenter LLC in Kansas City, MO is notified each and every time you launch MyPal - and not just once but ELEVEN times if I counted correctly. Why? Chromium-based browsers running NoScript aren't reaching out to Kansas City, MO on ever launch. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 Regshot for ungoogled-chromium-88.0.4324.190-1_Win32 in Win7 -- ---------------------------------- Keys added: 9 ---------------------------------- HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\extensions.settings HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\StabilityMetrics HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Google HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Google\Chrome HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Google\Chrome\Extensions ---------------------------------- Values added: 35 ---------------------------------- HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Nqzva\Qrfxgbc\hatbbtyrq-puebzvhz-88.0.4324.190-1_Jva32\puebzr.rkr: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 80 2F 57 F7 6B 85 D7 01 00 00 00 00 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Puebzvhz.B6BEWIRVQMRFGET5CGUW7CX3JD: 00 00 00 00 00 00 00 00 01 00 00 00 FA 70 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\UsageStatsInSample: 0x00000001 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\usagestats: 0x00000000 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\metricsid: "" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\metricsid_installdate: "0" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\metricsid_enableddate: "0" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\FirstNotDefault: 0D F1 06 33 F1 26 2F 00 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon\version: "88.0.4324.190" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon\state: 0x00000001 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon\failed_count: 0x00000000 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\software_reporter.reporting: "26BCE8B445B99DA8946289D52D54BDDA5F8BA3829994D43F0F1350D11893A6EE" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\media.storage_id_salt: "5C2BCDEAC11E505C64AAF5C9E81B79AFB4E4568499A96A6279EC037A174A421E" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.last_triggered_for_homepage: "939F419773483DFA43C92CB02DCA4322804A65FA3C8FFB51AF41377D3DAC501D" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.prompt_wave: "2A8BF28F6FD8A35F68711597D8A9E6AC872B452ACF012BB2213F3A8D9F6B9374" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\google.services.last_account_id: "09B05F054560CD02C2936E253DC4A94E31F3CA386A94016D2A575F83E54F0DA1" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\google.services.account_id: "1A55F4E4327C3F900A0A86CDB2FBC4962533B8E60044FAFC73D5813F9356FFEF" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.last_triggered_for_default_search: "52856EB83CCE0DE88D6246D16A924DAA5B96D4875C0F39490B18565D795BDF98" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\software_reporter.prompt_seed: "62385CD54C1A53AEF1EA934C8B16DE474F5FE138FB6A4DD31AC6F25339134662" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\software_reporter.prompt_version: "05AD115C2F8C29BBFDBA2EFBBB13BE715A4F6350982DC7DB1F4FF8E277F1E9A7" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.last_triggered_for_startup_urls: "C5CBB7825BE6E971E8B3D1F4F8B582CD4F93446E28FAB031DC3D39D3CAC58986" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\search_provider_overrides: "AD103FF1046B14FDC347264AF92074815061E75D95F7F182ADA9B55E2A9199C8" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\google.services.last_username: "57E3A8FC313E0143D2381051B2AF84B11C2945D22DA74DD65D3E9A45DFF0D759" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\homepage: "147485BDA567647F15DD3D28606FA5B5AB79163E09B10C92EFAD6FE918DDD872" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\session.startup_urls: "07152C4D82CCCDA12D15EC2FC13513F9DC08E3E935AD3DF0014E7B5A4DB5AE9D" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\prefs.preference_reset_time: "0CB4E2CB9BFAEBF2A54CB77E8693A6459833928AC660B3FF124C0AB3539356C9" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\homepage_is_newtabpage: "D032769B80BCE20961FF8CF52A06081222821B4F92B0670F87B69086344E552D" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\session.restore_on_startup: "6734F5EF3D37D77209AAEC95DD2C251BBB66F026A2C46DB831982E9D433DE93B" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\default_search_provider_data.template_url_data: "E2507ED58E5C0B875C3037A7D5DB266A3D9DF272C697282FB306B78641D2B094" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\safebrowsing.incidents_sent: "9C68F57A568E89C68ED32FBC28B3C8A25A2F5E2A2910D87E213E212F5AF9A578" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\browser.show_home_button: "0788311803475B134946E981D34A8E9723A44FCD4E19BA953E836962923C0ADC" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\pinned_tabs: "CCF190583C7B214C2A8D816CC18B3EEEA984EE7CDA1ACE09EB86087F8CE9CADB" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\extensions.settings\kmendfapggjehodndflmmgagdbamhnfd: "C4D9C45A1116610E98D87108AE08D0EF89369CFCFB605656372494F908D8C7C1" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\extensions.settings\mhjfbmdgcfjbbpaeojofohoefgiehjai: "D7DFC25F9F88E9213232704FE90709EF4AE98DC3CDA28F53CB62C7EC4AFA75BB" HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\StabilityMetrics\user_experience_metrics.stability.exited_cleanly: 0x00000001 ---------------------------------- Values modified: 4 ---------------------------------- HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob: 03 00 00 00 01 00 00 00 14 00 00 00 D4 DE 20 D0 5E 66 FC 53 FE 1A 50 88 2C 78 DB 28 52 CA E4 74 7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 01 B3 96 67 D6 01 7F 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 1D 00 00 00 01 00 00 00 10 00 00 00 91 8A D4 3A 94 75 F7 8B B5 24 3D E8 86 D8 10 3C 14 00 00 00 01 00 00 00 14 00 00 00 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 62 00 00 00 01 00 00 00 20 00 00 00 16 AF 57 A9 F6 76 B0 AB 12 60 95 AA 5E BA DE F2 2A B3 11 19 D6 44 AC 95 CD 4B 93 DB F3 F2 6A EB 0B 00 00 00 01 00 00 00 30 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 20 00 42 00 61 00 6C 00 74 00 69 00 6D 00 6F 00 72 00 65 00 20 00 52 00 6F 00 6F 00 74 00 00 00 09 00 00 00 01 00 00 00 3E 00 00 00 30 3C 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 7F 00 00 00 30 7D 30 20 06 0A 2B 06 01 04 01 B1 3E 01 64 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1F 06 09 60 86 48 01 86 FD 6C 02 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 20 00 00 00 01 00 00 00 7B 03 00 00 30 82 03 77 30 82 02 5F A0 03 02 01 02 02 04 02 00 00 B9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 5A 31 0B 30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 1E 17 0D 30 30 30 35 31 32 31 38 34 36 30 30 5A 17 0D 32 35 30 35 31 32 32 33 35 39 30 30 5A 30 5A 31 0B 30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 A3 04 BB 22 AB 98 3D 57 E8 26 72 9A B5 79 D4 29 E2 E1 E8 95 80 B1 B0 E3 5B 8E 2B 29 9A 64 DF A1 5D ED B0 09 05 6D DB 28 2E CE 62 A2 62 FE B4 88 DA 12 EB 38 EB 21 9D C0 41 2B 01 52 7B 88 77 D3 1C 8F C7 BA B9 88 B5 6A 09 E7 73 E8 11 40 A7 D1 CC CA 62 8D 2D E5 8F 0B A6 50 D2 A8 50 C3 28 EA F5 AB 25 87 8A 9A 96 1C A9 67 B8 3F 0C D5 F7 F9 52 13 2F C2 1B D5 70 70 F0 8F C0 12 CA 06 CB 9A E1 D9 CA 33 7A 77 D6 F8 EC B9 F1 68 44 42 48 13 D2 C0 C2 A4 AE 5E 60 FE B6 A6 05 FC B4 DD 07 59 02 D4 59 18 98 63 F5 A5 63 E0 90 0C 7D 5D B2 06 7A F3 85 EA EB D4 03 AE 5E 84 3E 5F FF 15 ED 69 BC F9 39 36 72 75 CF 77 52 4D F3 C9 90 2C B9 3D E5 C9 23 53 3F 1F 2 4 98 21 5C 07 99 29 BD C6 3A EC E7 6E 86 3A 6B 97 74 63 33 BD 68 18 31 F0 78 8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A 39 02 03 01 00 01 A3 45 30 43 30 1D 06 03 55 1D 0E 04 16 04 14 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06 01 01 FF 02 01 03 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob: 19 00 00 00 01 00 00 00 10 00 00 00 68 CB 42 B0 35 EA 77 3E 52 EF 50 EC F5 0E C5 29 03 00 00 00 01 00 00 00 14 00 00 00 D4 DE 20 D0 5E 66 FC 53 FE 1A 50 88 2C 78 DB 28 52 CA E4 74 7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 01 B3 96 67 D6 01 7F 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 1D 00 00 00 01 00 00 00 10 00 00 00 91 8A D4 3A 94 75 F7 8B B5 24 3D E8 86 D8 10 3C 14 00 00 00 01 00 00 00 14 00 00 00 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 62 00 00 00 01 00 00 00 20 00 00 00 16 AF 57 A9 F6 76 B0 AB 12 60 95 AA 5E BA DE F2 2A B3 11 19 D6 44 AC 95 CD 4B 93 DB F3 F2 6A EB 0B 00 00 00 01 00 00 00 30 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 20 00 42 00 61 00 6C 00 74 00 69 00 6D 00 6F 00 72 00 65 00 20 00 52 00 6F 00 6F 00 74 00 00 00 09 00 00 00 01 00 00 00 3E 00 00 00 30 3C 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 7F 00 00 00 30 7D 30 20 06 0A 2B 06 01 04 01 B1 3E 01 64 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1F 06 09 60 86 48 01 86 FD 6C 02 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 0F 00 00 00 01 00 00 00 14 00 00 00 CE 0E 65 8A A3 E8 47 E4 67 A1 47 B3 04 91 91 09 3D 05 5E 6F 20 00 00 00 01 00 00 00 7B 03 00 00 30 82 03 77 30 82 02 5F A0 03 02 01 02 02 04 02 00 00 B9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 5A 31 0B 30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 1E 17 0D 30 30 30 35 31 32 31 38 34 36 30 30 5A 17 0D 32 35 30 35 31 32 32 33 35 39 30 30 5A 30 5A 31 0B 30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 A3 04 BB 22 AB 98 3D 57 E8 26 72 9A B5 79 D4 29 E2 E1 E8 95 80 B1 B0 E3 5B 8E 2B 29 9A 64 DF A1 5D ED B0 09 05 6D DB 28 2E CE 62 A2 62 FE B4 88 DA 12 EB 38 EB 21 9D C0 41 2B 01 52 7B 88 77 D3 1C 8F C7 BA B9 88 B5 6A 09 E7 73 E8 11 40 A7 D1 CC CA 62 8D 2D E5 8F 0B A6 50 D2 A8 50 C3 28 EA F5 AB 25 87 8A 9A 96 1C A9 67 B8 3F 0C D5 F7 F9 52 13 2F C2 1B D5 70 70 F0 8F C0 12 CA 06 CB 9A E1 D9 CA 33 7A 77 D6 F8 EC B9 F1 68 44 42 48 13 D2 C0 C2 A4 AE 5E 60 FE B6 A6 0 5 FC B4 DD 07 59 02 D4 59 18 98 63 F5 A5 63 E0 90 0C 7D 5D B2 06 7A F3 85 EA EB D4 03 AE 5E 84 3E 5F FF 15 ED 69 BC F9 39 36 72 75 CF 77 52 4D F3 C9 90 2C B9 3D E5 C9 23 53 3F 1F 24 98 21 5C 07 99 29 BD C6 3A EC E7 6E 86 3A 6B 97 74 63 33 BD 68 18 31 F0 78 8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A 39 02 03 01 00 01 A3 45 30 43 30 1D 06 03 55 1D 0E 04 16 04 14 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06 01 01 FF 02 01 03 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x0000000A HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x0000000B HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA: 00 00 00 00 30 00 00 00 9E 00 00 00 48 68 3B 00 0E 00 00 00 15 00 00 00 A0 68 06 00 7B 00 44 00 36 00 35 00 32 00 33 00 31 00 42 00 30 00 2D 00 42 00 32 00 46 00 31 00 2D 00 34 00 38 00 35 00 37 00 2D 00 41 00 34 00 43 00 45 00 2D 00 41 00 38 00 45 00 37 00 43 00 36 00 45 00 41 00 37 00 44 00 32 00 37 00 7D 00 5C 00 53 00 74 00 69 00 6B 00 79 00 4E 00 6F 00 74 00 2E 00 65 00 78 00 65 00 00 00 6D 00 73 00 6F 00 68 00 74 00 6D 00 65 00 64 00 2E 00 65 00 68 F9 2F 00 00 00 00 0E 8C F4 4F 02 38 FB 7C 76 91 F7 50 77 88 FC 17 75 00 00 00 00 00 00 00 00 87 2C 50 77 60 FC 17 75 00 00 2E 00 A4 01 2E 00 00 00 2E 00 00 00 00 00 00 00 00 00 9F 00 1E 01 80 15 00 00 00 00 00 00 FC F3 4F 02 00 00 00 00 14 F5 4F 02 A0 00 82 01 80 15 00 00 60 F4 4F 02 91 01 00 00 88 67 2E 00 00 00 00 74 18 00 00 00 00 00 00 00 00 00 00 00 C0 3B 5F 02 78 64 2E 00 94 65 2E 00 30 F6 EA 06 D8 68 2E 00 FE FF FF FF AC 50 4F 77 EC 63 4F 77 AC 50 4F 77 EC 63 4F 77 08 F5 4F 02 B0 F4 4F 02 6F 39 50 77 74 39 50 77 50 FC 17 75 08 F5 4F 02 EC 63 4F 77 AC 50 4F 77 88 F4 4F 02 F8 63 4F 77 30 F5 4F 02 35 E3 4C 77 18 10 08 00 FE FF FF FF 74 39 50 77 00 00 00 00 00 00 2E 00 50 5C 62 04 04 00 00 00 04 00 00 00 48 00 26 01 C8 29 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 50 00 48 00 4E 00 50 00 62 00 68 00 61 00 67 00 3A 00 70 00 67 00 62 00 65 00 00 00 48 5C 62 04 14 F5 4F 02 A4 C5 7C 76 00 00 2E 00 00 00 00 00 50 5C 62 04 28 F5 4F 02 4E 07 03 74 00 00 2E 00 00 00 00 00 50 5C 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 46 00 52 00 46 00 46 00 56 00 42 00 41 00 00 00 84 F5 00 00 BA 5D E3 BA 68 F5 4F 02 5E 90 BC 75 84 F5 4F 02 6C F5 4F 02 03 94 BC 75 00 00 00 00 64 00 00 00 DC 08 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 10 E6 F1 01 F0 6A B6 77 00 00 00 00 62 AB 17 02 72 AB 17 02 00 00 00 00 82 02 00 00 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 0 2 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 7C E7 F1 01 00 00 00 00 64 00 00 00 DC 08 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 10 E6 F1 01 F0 6A B6 77 00 00 00 00 62 AB 17 02 72 AB 17 02 00 00 00 00 82 02 00 00 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 02 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 7C E7 F1 01 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA: 00 00 00 00 31 00 00 00 A1 00 00 00 87 E9 3B 00 0E 00 00 00 15 00 00 00 A0 68 06 00 7B 00 44 00 36 00 35 00 32 00 33 00 31 00 42 00 30 00 2D 00 42 00 32 00 46 00 31 00 2D 00 34 00 38 00 35 00 37 00 2D 00 41 00 34 00 43 00 45 00 2D 00 41 00 38 00 45 00 37 00 43 00 36 00 45 00 41 00 37 00 44 00 32 00 37 00 7D 00 5C 00 53 00 74 00 69 00 6B 00 79 00 4E 00 6F 00 74 00 2E 00 65 00 78 00 65 00 00 00 6D 00 73 00 6F 00 68 00 74 00 6D 00 65 00 64 00 2E 00 65 00 68 F9 2F 00 00 00 00 0E 8C F4 4F 02 38 FB 7C 76 91 F7 50 77 88 FC 17 75 00 00 00 00 00 00 00 00 87 2C 50 77 60 FC 17 75 00 00 2E 00 A4 01 2E 00 00 00 2E 00 00 00 00 00 00 00 00 00 9F 00 1E 01 80 15 00 00 00 00 00 00 FC F3 4F 02 00 00 00 00 14 F5 4F 02 A0 00 82 01 80 15 00 00 60 F4 4F 02 91 01 00 00 88 67 2E 00 00 00 00 74 18 00 00 00 00 00 00 00 00 00 00 00 C0 3B 5F 02 78 64 2E 00 94 65 2E 00 30 F6 EA 06 D8 68 2E 00 FE FF FF FF AC 50 4F 77 EC 63 4F 77 AC 50 4F 77 EC 63 4F 77 08 F5 4F 02 B0 F4 4F 02 6F 39 50 77 74 39 50 77 50 FC 17 75 08 F5 4F 02 EC 63 4F 77 AC 50 4F 77 88 F4 4F 02 F8 63 4F 77 30 F5 4F 02 35 E3 4C 77 18 10 08 00 FE FF FF FF 74 39 50 77 00 00 00 00 00 00 2E 00 50 5C 62 04 04 00 00 00 04 00 00 00 48 00 26 01 C8 29 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 50 00 48 00 4E 00 50 00 62 00 68 00 61 00 67 00 3A 00 70 00 67 00 62 00 65 00 00 00 48 5C 62 04 14 F5 4F 02 A4 C5 7C 76 00 00 2E 00 00 00 00 00 50 5C 62 04 28 F5 4F 02 4E 07 03 74 00 00 2E 00 00 00 00 00 50 5C 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 46 00 52 00 46 00 46 00 56 00 42 00 41 00 00 00 84 F5 00 00 BA 5D E3 BA 68 F5 4F 02 5E 90 BC 75 84 F5 4F 02 6C F5 4F 02 03 94 BC 75 00 00 00 00 66 00 00 00 21 19 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 24 E6 F1 01 1C 76 CA 75 00 00 31 00 62 AB 17 02 72 AB 17 02 04 7D 1A B0 FF 71 CA 75 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 0 2 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 7C E7 F1 01 00 00 00 00 66 00 00 00 21 19 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 24 E6 F1 01 1C 76 CA 75 00 00 31 00 62 AB 17 02 72 AB 17 02 04 7D 1A B0 FF 71 CA 75 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 02 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 7C E7 F1 01 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr: 00 00 00 00 00 00 00 00 64 00 00 00 DC 08 1F 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr: 00 00 00 00 00 00 00 00 66 00 00 00 21 19 1F 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 ---------------------------------- Total changes: 48 ---------------------------------- 1 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted July 30, 2021 Share Posted July 30, 2021 ungoogled-chromium-88.0.4324.190-1_Win32 connects to a Cloudfare server in Chicago on every launch, has four DNS connections on every launch, and no NBNS connections. The Cloudfare IP Address was listed FIFTY SEVEN TIMES when I cleared the Wireshark log and launched ungoogled-chromium a second time. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now