Jump to content

360 Extreme Explorer Modified Version


Recommended Posts

Here's a Regshot for MyPal 27.9.4 ran using the official Portable Pale Moon loader  --

1 hour ago, ArcticFoxie said:

----------------------------------
Values added: 5
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\! CnyrZbbaCbegnoyr\CnyrZbba-Cbegnoyr.rkr:  02 00 00 00 06 00 00 00 40 6C 56 B4 C7 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\PaleMoon-Portable.exe: "PaleMoon-Portable"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\Bin\PaleMoon\PaleMoon.exe: "Pale Moon web browser"

----------------------------------
Values modified: 6
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  F5 FD 3D 2E 31 60 A0 00 1C 86 12 16 3E 69 D8 65 E9 9A E1 34 31 D2 B0 83 20 B3 AE 52 B9 07 8E 2D BA 6E 09 EB E8 8D 0B C3 68 36 F5 9A 57 A5 D3 60 3F AF FF FF C8 2F F7 45 08 DB 04 A2 AB 99 A7 62 F7 53 7E BC B5 CF 32 E3 67 80 67 36 10 32 65 0C
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  7E A1 93 75 27 D6 37 9A A3 46 C1 94 BB 27 08 AB C5 0C EB 69 C7 A3 B4 9A 06 56 79 0B 81 1F 60 4B B7 43 D3 A6 3C 74 5B F3 36 55 47 39 2F E4 86 A9 39 DD AD D0 7E CE 9E E8 3F 94 9D E6 0A 6A D0 20 B5 94 6F 99 74 E9 1F 93 C2 51 C3 12 13 E7 AA F9
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0B 00 00 00 B0 B1 90 B0 C7 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0C 00 00 00 40 6C 56 B4 C7 84 D7 01

----------------------------------
Total changes: 11
----------------------------------

Link to comment
Share on other sites


Here's a Regshot for your Modified v12 (bold highlights are the items that strike me as a concern ["tracing" and "ESENT" are OS but it concerns me because MyPal doesn't have these])  --

1 hour ago, ArcticFoxie said:

----------------------------------
Keys deleted: 1
----------------------------------
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs

----------------------------------
Keys added: 14
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\SOFTWARE\MozillaPlugins
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest\Config

----------------------------------
Values added: 17
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr\360Ybnqre.rkr:  02 00 00 00 06 00 00 00 F0 72 33 5F C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\360Loader.exe: "360Loader"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\Chrome\Application\360chrome.exe: "360chrome"

----------------------------------
Values modified: 7
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  B5 83 64 47 D2 D0 2F 17 2B 80 02 E0 16 2D D3 2D 7B CA EB E1 55 FC 15 42 D6 E2 C9 6A 2B 7D DC 3E B8 A5 1F 8B 17 AB CE DD 0C DC 54 CD 5D 62 11 EC 06 BC A4 75 2E 4A 82 84 CD FF 38 DB FA DE 10 84 F4 4C 96 11 CE C4 5C 99 B0 24 E5 BF 8C E7 A1 AF
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  90 FE 3E 71 8D 14 B5 FB 0E F1 95 69 60 87 EC 7D 8E 2F 25 E7 9C 69 F0 91 79 C2 84 9B C0 AD 4A 4F F1 03 62 EF 19 68 4E 57 30 EF 1D 14 B5 A6 A1 27 9E 1B 53 0B C5 EB 3D DE B3 2F 5D 48 ED E4 6D FD 94 D7 C4 6A A1 27 A9 11 B6 28 ED CA C8 86 63 26
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0D 00 00 00 E0 C0 53 4C C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0E 00 00 00 F0 72 33 5F C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx:  06 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx:  05 00 00 00 06 00 00 00 00 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF

----------------------------------
Total changes: 39
----------------------------------

Link to comment
Share on other sites

Here is the Regshot for your v13 build 2250 (again with bold highlights for items of concern)  --

1 hour ago, ArcticFoxie said:

----------------------------------
Keys deleted: 1
----------------------------------
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs

----------------------------------
Keys added: 11
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\SOFTWARE\MozillaPlugins
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls

----------------------------------
Values added: 17
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr UB 2250\360Ybnqre.rkr:  02 00 00 00 06 00 00 00 80 1C C2 CA CD 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\360Loader.exe: "360Loader"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\Chrome\Application\360chrome.exe: "360chrome"

----------------------------------
Values modified: 6
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  C5 BB D8 0C 95 C0 C6 29 30 01 FD A3 2E EB 1C 35 BD BA 0C 80 5B DC 1B 2B 79 0D 5E 45 88 60 F9 40 22 C1 8A F0 94 AB 26 0E 64 56 0A 20 D1 93 E3 60 DF D5 FF 63 AC 1B D8 C9 9A 91 56 B2 D2 7B D9 CB 32 87 20 57 7E 16 97 1C E8 18 46 74 1C 45 5C 4F
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  86 18 3B F5 6E 23 A0 7F 58 31 C8 7C 33 D0 3D B3 A1 6B 70 CF F1 F9 FB 2C BF 35 BB 0F 90 36 33 27 FD 95 F6 86 F2 B9 94 14 9A 19 FC E2 98 4C 1A 47 4A 44 9B B6 C5 A3 40 83 F6 2E B4 3A 54 22 97 DE 29 22 FF 97 8C 36 E4 E0 70 78 E2 EF 8D 26 CF 60
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0B 00 00 00 A0 42 B7 C6 CD 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0C 00 00 00 80 1C C2 CA CD 84 D7 01

----------------------------------
Total changes: 35
----------------------------------

Link to comment
Share on other sites

Here is the Regshot for my v13 build 2206 rebuild 3  --

 
1 hour ago, ArcticFoxie said:

----------------------------------
Values added: 3
----------------------------------
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr 2206 erohvyq 3 - haena\360Ybnqre.rkr:  02 00 00 00 06 00 00 00 30 61 55 F0 C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome 2206 rebuild 3 - unran\360Loader.exe: "360Loader"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome 2206 rebuild 3 - unran\Chrome\Application\360chrome.exe: "360Chrome"

----------------------------------
Values modified: 2
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  47 6E CB 29 0D 2D 94 A7 FA FF A9 CC 09 A9 EC D0 8B B3 81 E2 A7 90 55 37 8C 6F A7 0C 90 25 8B C2 7A 45 FD 1A 22 68 6D D8 C4 F4 5E 6E F1 FE 83 6B 83 64 4C 12 04 2E F5 A0 4A 65 FC 07 C9 AF D8 96 C5 DA D0 17 03 61 4F 31 25 6D ED F5 FB B5 94 9E
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  36 46 6D 2B 68 00 EA D8 54 7B 2D E0 97 2E B3 14 59 8F 28 3B 12 6C 82 E0 0F E6 4B 94 F9 21 5C 85 92 0D E7 6E E3 D3 52 04 D3 F8 00 FA D7 0B 51 37 87 3D 3C B6 FB 01 75 3D 3E B1 6E 4B 6F 59 A2 CB 1E A4 97 13 E2 C7 8B 0E A4 2E 21 54 89 F2 A4 8B
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 10 00 00 00 40 D1 4C EC C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 11 00 00 00 30 61 55 F0 C5 84 D7 01

----------------------------------
Total changes: 5
----------------------------------

Edited by ArcticFoxie
Link to comment
Share on other sites

Maybe make the initial post with placeholder single-line spoilers, then paste the multi-line content when editing? 

 
4 hours ago, ArcticFoxie said:

Here's a Regshot for MyPal 27.9.4 ran using the official Portable Pale Moon loader  --

 

----------------------------------
Values added: 5
----------------------------------
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\! CnyrZbbaCbegnoyr\CnyrZbba-Cbegnoyr.rkr:  02 00 00 00 06 00 00 00 40 6C 56 B4 C7 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\PaleMoon-Portable.exe: "PaleMoon-Portable"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\! PaleMoonPortable\Bin\PaleMoon\PaleMoon.exe: "Pale Moon web browser"

----------------------------------
Values modified: 6
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  F5 FD 3D 2E 31 60 A0 00 1C 86 12 16 3E 69 D8 65 E9 9A E1 34 31 D2 B0 83 20 B3 AE 52 B9 07 8E 2D BA 6E 09 EB E8 8D 0B C3 68 36 F5 9A 57 A5 D3 60 3F AF FF FF C8 2F F7 45 08 DB 04 A2 AB 99 A7 62 F7 53 7E BC B5 CF 32 E3 67 80 67 36 10 32 65 0C
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  7E A1 93 75 27 D6 37 9A A3 46 C1 94 BB 27 08 AB C5 0C EB 69 C7 A3 B4 9A 06 56 79 0B 81 1F 60 4B B7 43 D3 A6 3C 74 5B F3 36 55 47 39 2F E4 86 A9 39 DD AD D0 7E CE 9E E8 3F 94 9D E6 0A 6A D0 20 B5 94 6F 99 74 E9 1F 93 C2 51 C3 12 13 E7 AA F9
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0B 00 00 00 B0 B1 90 B0 C7 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0C 00 00 00 40 6C 56 B4 C7 84 D7 01

----------------------------------
Total changes: 11
----------------------------------

 
 

 

 

 
4 hours ago, ArcticFoxie said:

Here's a Regshot for your Modified v12 (bold highlights are the items that strike me as a concern ["tracing" and "ESENT" are OS but it concerns me because MyPal doesn't have these])  --

 

----------------------------------
Keys deleted: 1
----------------------------------
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs

----------------------------------
Keys added: 14
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\SOFTWARE\MozillaPlugins
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\360SoftMgr\desktoprest\Config

----------------------------------
Values added: 17
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr\360Ybnqre.rkr:  02 00 00 00 06 00 00 00 F0 72 33 5F C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\360Loader.exe: "360Loader"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome\Chrome\Application\360chrome.exe: "360chrome"

----------------------------------
Values modified: 7
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  B5 83 64 47 D2 D0 2F 17 2B 80 02 E0 16 2D D3 2D 7B CA EB E1 55 FC 15 42 D6 E2 C9 6A 2B 7D DC 3E B8 A5 1F 8B 17 AB CE DD 0C DC 54 CD 5D 62 11 EC 06 BC A4 75 2E 4A 82 84 CD FF 38 DB FA DE 10 84 F4 4C 96 11 CE C4 5C 99 B0 24 E5 BF 8C E7 A1 AF
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  90 FE 3E 71 8D 14 B5 FB 0E F1 95 69 60 87 EC 7D 8E 2F 25 E7 9C 69 F0 91 79 C2 84 9B C0 AD 4A 4F F1 03 62 EF 19 68 4E 57 30 EF 1D 14 B5 A6 A1 27 9E 1B 53 0B C5 EB 3D DE B3 2F 5D 48 ED E4 6D FD 94 D7 C4 6A A1 27 A9 11 B6 28 ED CA C8 86 63 26
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0D 00 00 00 E0 C0 53 4C C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0E 00 00 00 F0 72 33 5F C5 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx:  06 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx:  05 00 00 00 06 00 00 00 00 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 FF FF FF FF

----------------------------------
Total changes: 39
----------------------------------

 

 

 
4 hours ago, ArcticFoxie said:

Here is the Regshot for your v13 build 2250 (again with bold highlights for items of concern)  --

 

 

----------------------------------
Keys deleted: 1
----------------------------------
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedURLs

----------------------------------
Keys added: 11
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\SOFTWARE\MozillaPlugins
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Internet Explorer\TypedUrls

----------------------------------
Values added: 17
----------------------------------
HKLM\SOFTWARE\Microsoft\ESENT\Process\360chrome\DEBUG\Trace Level: ""
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName: "stdout"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid: "d905ac1c-65e7-4242-99ea-fe66a8355df8"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames: " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid: "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames: " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid: "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames: " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid: "637a0f36-dff5-4b2f-83dd-b106c1c725e2"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames: " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid: "6da4ddca-0901-4bae-9ad4-7e6030bab531"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames: " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\360Puebzr UB 2250\360Ybnqre.rkr:  02 00 00 00 06 00 00 00 80 1C C2 CA CD 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\360Loader.exe: "360Loader"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Desktop\360Chrome HO 2250\Chrome\Application\360chrome.exe: "360chrome"

----------------------------------
Values modified: 6
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  C5 BB D8 0C 95 C0 C6 29 30 01 FD A3 2E EB 1C 35 BD BA 0C 80 5B DC 1B 2B 79 0D 5E 45 88 60 F9 40 22 C1 8A F0 94 AB 26 0E 64 56 0A 20 D1 93 E3 60 DF D5 FF 63 AC 1B D8 C9 9A 91 56 B2 D2 7B D9 CB 32 87 20 57 7E 16 97 1C E8 18 46 74 1C 45 5C 4F
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed:  86 18 3B F5 6E 23 A0 7F 58 31 C8 7C 33 D0 3D B3 A1 6B 70 CF F1 F9 FB 2C BF 35 BB 0F 90 36 33 27 FD 95 F6 86 F2 B9 94 14 9A 19 FC E2 98 4C 1A 47 4A 44 9B B6 C5 A3 40 83 F6 2E B4 3A 54 22 97 DE 29 22 FF 97 8C 36 E4 E0 70 78 E2 EF 8D 26 CF 60
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\EventMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "c:\windows\system32\ESENT.dll"
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT\CategoryMessageFile: "C:\WINDOWS\system32\ESENT.dll"
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0B 00 00 00 A0 42 B7 C6 CD 84 D7 01
HKU\S-1-5-21-682003330-1383384898-854245398-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:  02 00 00 00 0C 00 00 00 80 1C C2 CA CD 84 D7 01

----------------------------------
Total changes: 35
----------------------------------

 

test

 

test

 

now it won't let me copy your last post... definitely harder than it should be, ugh... 

 

Edited by RainyShadow
Link to comment
Share on other sites

5 hours ago, Gansangriff said:

... but the very suspicious nonsense searches in NBNS and DNS keep happening, when the 360EE is started.

Could you please provide a screencap or a description of where you see this so we can attempt to isolate?

Is this from Wireshark?

Link to comment
Share on other sites

Holy Crap!  Found 'em!

Counted 12 DNS's and 9 NBNS's.

I had to block msfn.org in my hosts file to isolate them - I really do have a great dislike for any web browser having any sort of "first launch" page  --  maybe that's "just me"  :whistle:

All 12 DNS's and all 9 NBNS's are not first run, they are every run if you run Modified v13 2250 "as-is".

You do not get these if you run the files via the portable loader - ie, do not directly execute the 360chrome.exe in Humming Owl's "Chrome-bin" folder.

That's all I've tracked down thus far, will investigate further as time permits.

Edited by ArcticFoxie
Link to comment
Share on other sites

Eureka!  Found it!

The portable loader launches 360Chrome with this command line switch  ==>>  --disable-background-networking

Launch 360Chrome without this command line switch and those DNS's and NBNS's will appear with every launch.

Launch 360Chrome with this command line switch and you never get those DNS's and NBNS's.

Maybe I shouldn't say "never", since it has to do with background networking, maybe these will show up if you use 360Chrome to ftp:\\ across your LAN or something of that sort.

Link to comment
Share on other sites

From what I have seen in the pages below this is normal behavior. Ungoogled Chromium doesn't have it but maybe it breaks some functionality because of it.

I had my suspicion with those connections when I first saw them but when I saw that the queries were random combinations of letters I thought maybe it was some kind of checking.

https://www.codevat.com/articles/chromium-background-connections/ (See the "Additional Tweaks and Details" section)

https://mikewest.org/2012/02/chrome-connects-to-three-random-domains-at-startup/

Cheers.

Link to comment
Share on other sites

16 hours ago, ArcticFoxie said:

Here is the Regshot for your v13 build 2250 (again with bold highlights for items of concern)  --

Could you do a test with Ungoogled Chromium?

Thanks for the regshots by the way.

Link to comment
Share on other sites

21 minutes ago, Humming Owl said:

From what I have seen in the pages below this is normal behavior.

Agreed!

I have come to the conclusion that people only look for this stuff in 360Chrome and that the same people don't care about "telemetry" when it comes to anything Mozilla-based  --  "it is what it is".

No biggie, should create a much larger user-base once people realize the "shenanigans" that their Mozilla-based browsers are doing.

Here is one I find interesting -- MyPal 27.9.4 + NoScript 5.1.9.

MyPal (I suspect the same for New Moon also, but have not verified) is awesome with no connections and no registry entries as a plain-jane browser.

Add NoScript 5.1.9 and Joe's Datacenter LLC in Kansas City, MO is notified each and every time you launch MyPal - and not just once but ELEVEN times if I counted correctly.

Why?  Chromium-based browsers running NoScript aren't reaching out to Kansas City, MO on ever launch.

 

Link to comment
Share on other sites

Regshot for ungoogled-chromium-88.0.4324.190-1_Win32 in Win7  --

----------------------------------
Keys added: 9
----------------------------------
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\extensions.settings
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\StabilityMetrics
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Google
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Google\Chrome
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Google\Chrome\Extensions

----------------------------------
Values added: 35
----------------------------------
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Nqzva\Qrfxgbc\hatbbtyrq-puebzvhz-88.0.4324.190-1_Jva32\puebzr.rkr:  00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 80 2F 57 F7 6B 85 D7 01 00 00 00 00
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Puebzvhz.B6BEWIRVQMRFGET5CGUW7CX3JD:  00 00 00 00 00 00 00 00 01 00 00 00 FA 70 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\UsageStatsInSample: 0x00000001
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\usagestats: 0x00000000
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\metricsid: ""
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\metricsid_installdate: "0"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\metricsid_enableddate: "0"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\FirstNotDefault:  0D F1 06 33 F1 26 2F 00
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon\version: "88.0.4324.190"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon\state: 0x00000001
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\BLBeacon\failed_count: 0x00000000
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\software_reporter.reporting: "26BCE8B445B99DA8946289D52D54BDDA5F8BA3829994D43F0F1350D11893A6EE"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\media.storage_id_salt: "5C2BCDEAC11E505C64AAF5C9E81B79AFB4E4568499A96A6279EC037A174A421E"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.last_triggered_for_homepage: "939F419773483DFA43C92CB02DCA4322804A65FA3C8FFB51AF41377D3DAC501D"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.prompt_wave: "2A8BF28F6FD8A35F68711597D8A9E6AC872B452ACF012BB2213F3A8D9F6B9374"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\google.services.last_account_id: "09B05F054560CD02C2936E253DC4A94E31F3CA386A94016D2A575F83E54F0DA1"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\google.services.account_id: "1A55F4E4327C3F900A0A86CDB2FBC4962533B8E60044FAFC73D5813F9356FFEF"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.last_triggered_for_default_search: "52856EB83CCE0DE88D6246D16A924DAA5B96D4875C0F39490B18565D795BDF98"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\software_reporter.prompt_seed: "62385CD54C1A53AEF1EA934C8B16DE474F5FE138FB6A4DD31AC6F25339134662"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\software_reporter.prompt_version: "05AD115C2F8C29BBFDBA2EFBBB13BE715A4F6350982DC7DB1F4FF8E277F1E9A7"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\settings_reset_prompt.last_triggered_for_startup_urls: "C5CBB7825BE6E971E8B3D1F4F8B582CD4F93446E28FAB031DC3D39D3CAC58986"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\search_provider_overrides: "AD103FF1046B14FDC347264AF92074815061E75D95F7F182ADA9B55E2A9199C8"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\google.services.last_username: "57E3A8FC313E0143D2381051B2AF84B11C2945D22DA74DD65D3E9A45DFF0D759"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\homepage: "147485BDA567647F15DD3D28606FA5B5AB79163E09B10C92EFAD6FE918DDD872"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\session.startup_urls: "07152C4D82CCCDA12D15EC2FC13513F9DC08E3E935AD3DF0014E7B5A4DB5AE9D"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\prefs.preference_reset_time: "0CB4E2CB9BFAEBF2A54CB77E8693A6459833928AC660B3FF124C0AB3539356C9"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\homepage_is_newtabpage: "D032769B80BCE20961FF8CF52A06081222821B4F92B0670F87B69086344E552D"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\session.restore_on_startup: "6734F5EF3D37D77209AAEC95DD2C251BBB66F026A2C46DB831982E9D433DE93B"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\default_search_provider_data.template_url_data: "E2507ED58E5C0B875C3037A7D5DB266A3D9DF272C697282FB306B78641D2B094"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\safebrowsing.incidents_sent: "9C68F57A568E89C68ED32FBC28B3C8A25A2F5E2A2910D87E213E212F5AF9A578"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\browser.show_home_button: "0788311803475B134946E981D34A8E9723A44FCD4E19BA953E836962923C0ADC"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\pinned_tabs: "CCF190583C7B214C2A8D816CC18B3EEEA984EE7CDA1ACE09EB86087F8CE9CADB"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\extensions.settings\kmendfapggjehodndflmmgagdbamhnfd: "C4D9C45A1116610E98D87108AE08D0EF89369CFCFB605656372494F908D8C7C1"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\PreferenceMACs\Default\extensions.settings\mhjfbmdgcfjbbpaeojofohoefgiehjai: "D7DFC25F9F88E9213232704FE90709EF4AE98DC3CDA28F53CB62C7EC4AFA75BB"
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Chromium\StabilityMetrics\user_experience_metrics.stability.exited_cleanly: 0x00000001

----------------------------------
Values modified: 4
----------------------------------
HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob:  03 00 00 00 01 00 00 00 14 00 00 00 D4 DE 20 D0 5E 66 FC 53 FE 1A 50 88 2C 78 DB 28 52 CA E4 74 7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 01 B3 96 67 D6 01 7F 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 1D 00 00 00 01 00 00 00 10 00 00 00 91 8A D4 3A 94 75 F7 8B B5 24 3D E8 86 D8 10 3C 14 00 00 00 01 00 00 00 14 00 00 00 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 62 00 00 00 01 00 00 00 20 00 00 00 16 AF 57 A9 F6 76 B0 AB 12 60 95 AA 5E BA DE F2 2A B3 11 19 D6 44 AC 95 CD 4B 93 DB F3 F2 6A EB 0B 00 00 00 01 00 00 00 30 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 20 00 42 00 61 00 6C 00 74 00 69 00 6D 00 6F 00 72 00 65 00 20 00 52 00 6F 00 6F 00 74 00 00 00 09 00 00 00 01 00 00 00 3E 00 00 00 30 3C 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 09 06 08
 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 7F 00 00 00 30 7D 30 20 06 0A 2B 06 01 04 01 B1 3E 01 64 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1F 06 09 60 86 48 01 86 FD 6C 02 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 20 00 00 00 01 00 00 00 7B 03 00 00 30 82 03 77 30 82 02 5F A0 03 02 01 02 02 04 02 00 00 B9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 5A 31 0B 30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 1E 17 0D 30 30 30 35 31 32 31 38 34 36 30 30 5A 17 0D 32 35 30 35 31 32 32 33 35 39 30 30 5A 30 5A 31 0B 30 09 
06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 A3 04 BB 22 AB 98 3D 57 E8 26 72 9A B5 79 D4 29 E2 E1 E8 95 80 B1 B0 E3 5B 8E 2B 29 9A 64 DF A1 5D ED B0 09 05 6D DB 28 2E CE 62 A2 62 FE B4 88 DA 12 EB 38 EB 21 9D C0 41 2B 01 52 7B 88 77 D3 1C 8F C7 BA B9 88 B5 6A 09 E7 73 E8 11 40 A7 D1 CC CA 62 8D 2D E5 8F 0B A6 50 D2 A8 50 C3 28 EA F5 AB 25 87 8A 9A 96 1C A9 67 B8 3F 0C D5 F7 F9 52 13 2F C2 1B D5 70 70 F0 8F C0 12 CA 06 CB 9A E1 D9 CA 33 7A 77 D6 F8 EC B9 F1 68 44 42 48 13 D2 C0 C2 A4 AE 5E 60 FE B6 A6 05 FC B4 DD 07 59 02 D4 59 18 98 63 F5 A5 63 E0 90 0C 7D 5D B2 06 7A F3 85 EA EB D4 03 AE 5E 84 3E 5F FF 15 ED 69 BC F9 39 36 72 75 CF 77 52 4D F3 C9 90 2C B9 3D E5 C9 23 53 3F 1F 2
4 98 21 5C 07 99 29 BD C6 3A EC E7 6E 86 3A 6B 97 74 63 33 BD 68 18 31 F0 78 8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A 39 02 03 01 00 01 A3 45 30 43 30 1D 06 03 55 1D 0E 04 16 04 14 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06 01 01 FF 02 01 03 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E 18 DD E9 10
 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9
HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob:  19 00 00 00 01 00 00 00 10 00 00 00 68 CB 42 B0 35 EA 77 3E 52 EF 50 EC F5 0E C5 29 03 00 00 00 01 00 00 00 14 00 00 00 D4 DE 20 D0 5E 66 FC 53 FE 1A 50 88 2C 78 DB 28 52 CA E4 74 7E 00 00 00 01 00 00 00 08 00 00 00 00 C0 01 B3 96 67 D6 01 7F 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 1D 00 00 00 01 00 00 00 10 00 00 00 91 8A D4 3A 94 75 F7 8B B5 24 3D E8 86 D8 10 3C 14 00 00 00 01 00 00 00 14 00 00 00 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 62 00 00 00 01 00 00 00 20 00 00 00 16 AF 57 A9 F6 76 B0 AB 12 60 95 AA 5E BA DE F2 2A B3 11 19 D6 44 AC 95 CD 4B 93 DB F3 F2 6A EB 0B 00 00 00 01 00 00 00 30 00 00 00 44 00 69 00 67 00 69 00 43 00 65 00 72 00 74 00 20 00 42 00 61 00 6C 00 74 00 69 00 6D 00 6F 00 72 00 65 00 20 00 52 00 6F 00 6F 00 74 00 00 00 09 00 00 00 01 00 00 00 3E 00 00 00 30 3C 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06
 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 7F 00 00 00 30 7D 30 20 06 0A 2B 06 01 04 01 B1 3E 01 64 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1F 06 09 60 86 48 01 86 FD 6C 02 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 0F 00 00 00 01 00 00 00 14 00 00 00 CE 0E 65 8A A3 E8 47 E4 67 A1 47 B3 04 91 91 09 3D 05 5E 6F 20 00 00 00 01 00 00 00 7B 03 00 00 30 82 03 77 30 82 02 5F A0 03 02 01 02 02 04 02 00 00 B9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 5A 31 0B 30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 
74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 1E 17 0D 30 30 30 35 31 32 31 38 34 36 30 30 5A 17 0D 32 35 30 35 31 32 32 33 35 39 30 30 5A 30 5A 31 0B 30 09 06 03 55 04 06 13 02 49 45 31 12 30 10 06 03 55 04 0A 13 09 42 61 6C 74 69 6D 6F 72 65 31 13 30 11 06 03 55 04 0B 13 0A 43 79 62 65 72 54 72 75 73 74 31 22 30 20 06 03 55 04 03 13 19 42 61 6C 74 69 6D 6F 72 65 20 43 79 62 65 72 54 72 75 73 74 20 52 6F 6F 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 A3 04 BB 22 AB 98 3D 57 E8 26 72 9A B5 79 D4 29 E2 E1 E8 95 80 B1 B0 E3 5B 8E 2B 29 9A 64 DF A1 5D ED B0 09 05 6D DB 28 2E CE 62 A2 62 FE B4 88 DA 12 EB 38 EB 21 9D C0 41 2B 01 52 7B 88 77 D3 1C 8F C7 BA B9 88 B5 6A 09 E7 73 E8 11 40 A7 D1 CC CA 62 8D 2D E5 8F 0B A6 50 D2 A8 50 C3 28 EA F5 AB 25 87 8A 9A 96 1C A9 67 B8 3F 0C D5 F7 F9 52 13 2F C2 1B D5 70 70 F0 8F C0 12 CA 06 CB 9A E1 D9 CA 33 7A 77 D6 F8 EC B9 F1 68 44 42 48 13 D2 C0 C2 A4 AE 5E 60 FE B6 A6 0
5 FC B4 DD 07 59 02 D4 59 18 98 63 F5 A5 63 E0 90 0C 7D 5D B2 06 7A F3 85 EA EB D4 03 AE 5E 84 3E 5F FF 15 ED 69 BC F9 39 36 72 75 CF 77 52 4D F3 C9 90 2C B9 3D E5 C9 23 53 3F 1F 24 98 21 5C 07 99 29 BD C6 3A EC E7 6E 86 3A 6B 97 74 63 33 BD 68 18 31 F0 78 8D 76 BF FC 9E 8E 5D 2A 86 A7 4D 90 DC 27 1A 39 02 03 01 00 01 A3 45 30 43 30 1D 06 03 55 1D 0E 04 16 04 14 E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A B5 04 4D F0 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06 01 01 FF 02 01 03 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A 18 BF A0 2A F4 12 99 F7
 A3 45 82 E3 3C 5E F5 9D 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x0000000A
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x0000000B
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA:  00 00 00 00 30 00 00 00 9E 00 00 00 48 68 3B 00 0E 00 00 00 15 00 00 00 A0 68 06 00 7B 00 44 00 36 00 35 00 32 00 33 00 31 00 42 00 30 00 2D 00 42 00 32 00 46 00 31 00 2D 00 34 00 38 00 35 00 37 00 2D 00 41 00 34 00 43 00 45 00 2D 00 41 00 38 00 45 00 37 00 43 00 36 00 45 00 41 00 37 00 44 00 32 00 37 00 7D 00 5C 00 53 00 74 00 69 00 6B 00 79 00 4E 00 6F 00 74 00 2E 00 65 00 78 00 65 00 00 00 6D 00 73 00 6F 00 68 00 74 00 6D 00 65 00 64 00 2E 00 65 00 68 F9 2F 00 00 00 00 0E 8C F4 4F 02 38 FB 7C 76 91 F7 50 77 88 FC 17 75 00 00 00 00 00 00 00 00 87 2C 50 77 60 FC 17 75 00 00 2E 00 A4 01 2E 00 00 00 2E 00 00 00 00 00 00 00 00 00 9F 00 1E 01 80 15 00 00 00 00 00 00 FC F3 4F 02 00 00 00 00 14 F5 4F 02 A0 00 82 01 80 15 00 00 60 F4 4F 02 91 01 00 00 88 67 2E 00 00 00 00 74 18 00 00 00 00 00 00 00 00 00 00 00 C0 3B 5F
 02 78 64 2E 00 94 65 2E 00 30 F6 EA 06 D8 68 2E 00 FE FF FF FF AC 50 4F 77 EC 63 4F 77 AC 50 4F 77 EC 63 4F 77 08 F5 4F 02 B0 F4 4F 02 6F 39 50 77 74 39 50 77 50 FC 17 75 08 F5 4F 02 EC 63 4F 77 AC 50 4F 77 88 F4 4F 02 F8 63 4F 77 30 F5 4F 02 35 E3 4C 77 18 10 08 00 FE FF FF FF 74 39 50 77 00 00 00 00 00 00 2E 00 50 5C 62 04 04 00 00 00 04 00 00 00 48 00 26 01 C8 29 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 50 00 48 00 4E 00 50 00 62 00 68 00 61 00 67 00 3A 00 70 00 67 00 62 00 65 00 00 00 48 5C 62 04 14 F5 4F 02 A4 C5 7C 76 00 00 2E 00 00 00 00 00 50 5C 62 04 28 F5 4F 02 4E 07 03 74 00 00 2E 00 00 00 00 00 50 5C 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 46 00 52 00 46 00 46 00 56 00 42 00 41 00 00 00 84 F5 00 00 BA 5D E3 BA 68 F5 4F 02 5E 90 BC 75 84 F5 4F 02 6C F5 4F 02 03 94 BC 75 00 00 00 00 64 00 00 00 DC 08 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 
2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 10 E6 F1 01 F0 6A B6 77 00 00 00 00 62 AB 17 02 72 AB 17 02 00 00 00 00 82 02 00 00 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 0
2 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 7C E7 F1 01 00 00 00 00 64 00 00 00 DC 08 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 10 E6 F1 01 F0 6A B6 77 00 00 00 00 62 AB 17 02 72 AB 17 02 00 00 00 00 82 02 00 00 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06
 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 02 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 
7C E7 F1 01
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA:  00 00 00 00 31 00 00 00 A1 00 00 00 87 E9 3B 00 0E 00 00 00 15 00 00 00 A0 68 06 00 7B 00 44 00 36 00 35 00 32 00 33 00 31 00 42 00 30 00 2D 00 42 00 32 00 46 00 31 00 2D 00 34 00 38 00 35 00 37 00 2D 00 41 00 34 00 43 00 45 00 2D 00 41 00 38 00 45 00 37 00 43 00 36 00 45 00 41 00 37 00 44 00 32 00 37 00 7D 00 5C 00 53 00 74 00 69 00 6B 00 79 00 4E 00 6F 00 74 00 2E 00 65 00 78 00 65 00 00 00 6D 00 73 00 6F 00 68 00 74 00 6D 00 65 00 64 00 2E 00 65 00 68 F9 2F 00 00 00 00 0E 8C F4 4F 02 38 FB 7C 76 91 F7 50 77 88 FC 17 75 00 00 00 00 00 00 00 00 87 2C 50 77 60 FC 17 75 00 00 2E 00 A4 01 2E 00 00 00 2E 00 00 00 00 00 00 00 00 00 9F 00 1E 01 80 15 00 00 00 00 00 00 FC F3 4F 02 00 00 00 00 14 F5 4F 02 A0 00 82 01 80 15 00 00 60 F4 4F 02 91 01 00 00 88 67 2E 00 00 00 00 74 18 00 00 00 00 00 00 00 00 00 00 00 C0 3B 5F
 02 78 64 2E 00 94 65 2E 00 30 F6 EA 06 D8 68 2E 00 FE FF FF FF AC 50 4F 77 EC 63 4F 77 AC 50 4F 77 EC 63 4F 77 08 F5 4F 02 B0 F4 4F 02 6F 39 50 77 74 39 50 77 50 FC 17 75 08 F5 4F 02 EC 63 4F 77 AC 50 4F 77 88 F4 4F 02 F8 63 4F 77 30 F5 4F 02 35 E3 4C 77 18 10 08 00 FE FF FF FF 74 39 50 77 00 00 00 00 00 00 2E 00 50 5C 62 04 04 00 00 00 04 00 00 00 48 00 26 01 C8 29 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 50 00 48 00 4E 00 50 00 62 00 68 00 61 00 67 00 3A 00 70 00 67 00 62 00 65 00 00 00 48 5C 62 04 14 F5 4F 02 A4 C5 7C 76 00 00 2E 00 00 00 00 00 50 5C 62 04 28 F5 4F 02 4E 07 03 74 00 00 2E 00 00 00 00 00 50 5C 00 00 48 00 52 00 5A 00 52 00 5F 00 50 00 47 00 59 00 46 00 52 00 46 00 46 00 56 00 42 00 41 00 00 00 84 F5 00 00 BA 5D E3 BA 68 F5 4F 02 5E 90 BC 75 84 F5 4F 02 6C F5 4F 02 03 94 BC 75 00 00 00 00 66 00 00 00 21 19 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 
2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 24 E6 F1 01 1C 76 CA 75 00 00 31 00 62 AB 17 02 72 AB 17 02 04 7D 1A B0 FF 71 CA 75 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 0
2 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 7C E7 F1 01 00 00 00 00 66 00 00 00 21 19 1F 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 65 00 78 00 65 00 00 00 65 00 78 00 65 00 00 00 24 E6 F1 01 1C 76 CA 75 00 00 31 00 62 AB 17 02 72 AB 17 02 04 7D 1A B0 FF 71 CA 75 62 AB 17 02 72 AB 17 02 10 A9 16 02 10 A9 16 02 0F 00 00 00 50 AB 17 02 10 A9 16 02 10 A9 16 02 12 00 00 00 50 AB 17 02 04 00 06
 00 08 00 0A 00 0C 00 0E 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 9C E6 F1 01 60 E9 F1 01 7C E6 F1 01 3F 60 DE 77 D8 EC F1 01 01 00 00 00 D4 E8 F1 01 90 E6 F1 01 B5 6E DC 77 48 00 00 00 78 E6 F1 01 FB 68 DC 77 48 00 00 00 40 E7 F1 01 D4 E8 F1 01 00 00 00 00 9C E6 F1 01 39 9C 93 77 04 00 00 00 11 00 00 00 40 E7 F1 01 B0 E6 F1 01 C5 1D E0 77 A8 E6 F1 01 F4 48 16 02 6A 6A DC 77 40 E7 F1 01 B4 E6 F1 01 F3 5F DE 77 F4 48 16 02 C4 E6 F1 01 17 41 E0 77 F4 48 16 02 C8 E9 F1 01 94 E8 F1 01 C5 3B E0 77 D4 E8 F1 01 AC E9 F1 01 00 00 00 00 D4 3B E0 77 0C EA F1 01 01 4A 16 02 E4 01 17 02 06 02 17 02 BE A8 17 02 90 E7 F1 01 00 01 00 01 01 00 00 00 00 01 F1 01 00 00 00 00 10 A9 16 02 E0 E9 F1 01 11 00 00 00 98 DF 32 00 90 DF 32 00 66 A9 17 02 EC E9 F1 01 DA 01 17 02 2B 00 00 00 98 E7 00 00 0F 5B 1F B0 48 E7 F1 01 5E 90 81 76 98 E7 F1 01 4C E7 F1 01 03 94 81 76 00 00 00 00 9C 15 46 02 74 E7 F1 01 A9 93 81 76 9C 15 46 02 20 E8 F1 01 10 11 46 02 BD 93 81 76 00 00 00 00 10 11 46 02 20 E8 F1 01 
7C E7 F1 01
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr:  00 00 00 00 00 00 00 00 64 00 00 00 DC 08 1F 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-1036811243-2839344408-2123079194-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\rkcybere.rkr:  00 00 00 00 00 00 00 00 66 00 00 00 21 19 1F 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00

----------------------------------
Total changes: 48
----------------------------------

Link to comment
Share on other sites

ungoogled-chromium-88.0.4324.190-1_Win32 connects to a Cloudfare server in Chicago on every launch, has four DNS connections on every launch, and no NBNS connections.

The Cloudfare IP Address was listed FIFTY SEVEN TIMES when I cleared the Wireshark log and launched ungoogled-chromium a second time.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...