Malware Analysis Report

2024-10-23 18:49

Sample ID 240626-szvavstdrl
Target https://www.dobreprogramy.pl/adobe-reader-xi,program,windows,6628430196016769
Tags
cobaltstrike backdoor discovery evasion persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.dobreprogramy.pl/adobe-reader-xi,program,windows,6628430196016769 was found to be: Known bad.

Malicious Activity Summary

cobaltstrike backdoor discovery evasion persistence privilege_escalation spyware stealer trojan

Cobalt Strike reflective loader

Cobaltstrike

Drops file in Drivers directory

Downloads MZ/PE file

Checks BIOS information in registry

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Blocklisted process makes network request

Checks for any installed AV software in registry

Enumerates connected drives

Modifies powershell logging option

Adds Run key to start application

Checks installed software on the system

Checks system information in the registry

Drops file in System32 directory

AutoIT Executable

Drops file in Program Files directory

Enumerates physical storage devices

Modifies system certificate store

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 15:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 15:34

Reported

2024-06-26 15:36

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dobreprogramy.pl/adobe-reader-xi,program,windows,6628430196016769

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ylex5els.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
N/A N/A \??\c:\program files\reasonlabs\VPN\ui\VPN.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A \??\c:\program files\reasonlabs\EPP\ui\EPP.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A

Modifies powershell logging option

evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD96F9183ADE69B6DF458457F594566C_0B30ED1FB81688B36E482671AA637917 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49855FCDFA62840A2838AEF1EFAC3C9B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_330B78668586CC1C5060B7886AA9A046 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07A7CCFBD28A674D95D3BF853C9007C6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\rsVPNSvc\WireGuard\log.bin C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_ACC1A26A3F5A815A00C8D5589432921F C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_A9EE277304DA2D14A89C02B3BCD726BA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49855FCDFA62840A2838AEF1EFAC3C9B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A76F24BEACC5A31C76BB70908923C3E0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07A7CCFBD28A674D95D3BF853C9007C6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_ACC1A26A3F5A815A00C8D5589432921F C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7850C7BAFAC9456B4B92328A61976502_A9EE277304DA2D14A89C02B3BCD726BA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD96F9183ADE69B6DF458457F594566C_0B30ED1FB81688B36E482671AA637917 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A76F24BEACC5A31C76BB70908923C3E0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D97B1EC1F43DD6ED4FE7AB95E144BC_330B78668586CC1C5060B7886AA9A046 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nl-NL.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-it-IT.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nb-NO.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\DotRas.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp3159551003\icon_laptop.png C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-cs-CZ.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.css C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\OpenVPN\legacy\i386\OemVista.inf C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Principal.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-CA.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\downloadscan.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-shared-pt-PT.js C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-install-ko-KR.js C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.XDocument.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\preprocessors.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vulkan-1.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.ComponentModel.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Threading.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp3159551003\settingmanager.cab C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\chromebasedbrowserversion.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-tr-TR.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tools.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-FR.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.ComponentModel.TypeConverter.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Xml.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.StackTrace.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_0.png C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nl-NL.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\ipc_stats_handler.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_ai.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-BR.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pak C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\DNS\lists\smart_threat_intelligence_feeds.txt C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-install-tr-TR.js C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxytypehandler.luc C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\download_scan_ui.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\amd64\msdia140.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\Dia2Lib.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\VPN\Microsoft.Win32.TaskScheduler.dll C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp3159551003\wa-common.css C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
File created C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-install-hu-HU.js C:\Users\Admin\AppData\Local\Temp\_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-CN.js C:\Program Files\McAfee\Temp3159551003\installer.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version\ = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version\ = "1.0" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\DownloadScan.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\WSSDep.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\ = "ScannerAPI Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Programmable C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\ = "ScannerAPI Class" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB\Blob = 040000000100000010000000866912c070f1ecacacc2d5bca55ba1290f0000000100000020000000489ff6233f3d3c5da77604be230745657fe488cb05257da551bfd64c1f179e720b0000000100000052000000530053004c002e0063006f006d00200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079002000520053004100000009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b0601050507030862000000010000002000000085666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69140000000100000014000000dd040907a2f57a7d5253129295ee3880250da6591d00000001000000100000000d48ee33d7f1af8f4b002527f82a344a030000000100000014000000b7ab3308d1ea4477ba1480125a6fbda936490cbb190000000100000010000000787d09f953c59978ecd8d6e44b38e24f2000000001000000e1050000308205dd308203c5a00302010202087b2c9bd316803299300d06092a864886f70d01010b0500307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f7269747920525341301e170d3136303231323137333933395a170d3431303231323137333933395a307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f726974792052534130820222300d06092a864886f70d01010105000382020f003082020a0282020100f90fdda32b7dcbd02afeec6785a6e72e1bba77e1e3f5afa4ecfa4a5d91c457476b18776b76f2fd93e43d0fc2169e0b66c356949e178385ce56eff216fd0062f5220954e865174e41b9e04f4697aa1bc8b86e625e69b15fdb2a027efc6ccaf341d8edd0e8fc3f6148edb003141d100e4b19e0bb4eec8665ff36f35e67020b9d865561fd7a38edfee21900b76fa1506275743ca0fac82592b46e7a22c7f81ea1e3b2dd9131ab2b1d04ffa54a0437e985a4332bfde2d655347c19a44a68c7b2a8d3b7caa19388ebc197bc8cf91dd922842474c7043d6aa92993ccebb85be1fe5f25aa3458c8c123549d1b9811c3389c7e3d866ca50f40867c02f45c024f28cbae719f0f3ac833fe112535eafcbac5603dd97c18d5b2a9d37578037222ca3ac31fef2ce52ea9fa9e2cb65146fdaf03d6ea6068ea8516366b85e91ec0b3ddc424dc802a81416d943ec8e0c98141009e5ebf7fc50898a2182c4240b3f96f38274b4e80f43d8147e0887cea1cceb5755c512e1c2b7f1a7228e700b5d174c6d7e49fad0793b6533535fc37e4c3f65d16be2173de920af8a0636abc96926a3ef8bc65559bdef50d892604fc251aa62569cbc26dca7ce2595f97acebef2ec8bcd71b593c2bccf219c8936b276319cffce926f8ca719b7f93fe3467844e99ebfcb378093370ba66a676ed1b73eb1aa50dc422132094560a4e2c6c4eb1fdcf9c09baa233ed870203010001a3633061301d0603551d0e04160414dd040907a2f57a7d5253129295ee3880250da659300f0603551d130101ff040530030101ff301f0603551d23041830168014dd040907a2f57a7d5253129295ee3880250da659300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002018119429fb269d1c1e1e7061f19572937124ad6893588e32af1bb37003fc252b7485903d786af4b98ba5973bb51891bb1ea7f9405b91f95599af1e11d05c1da766e3b194070c3239a6ea1bb079d81d9c7044e38addc4f9951f8a38433f0185a547a73d46b2bce52268f77b9cd82c3e0a21c82d33acbfc581993174c17571c5beb1f02345f49d6bfc19639da3bc04c6180b25bb53890fb38050de45ee447fab94786498d3f628dd87d8706574fb0eb913eba70f61a93296ccdebbed634c18bba940f7a0546e2088717518ea7ab43472e02327775cb690ea862540abef330fcb9f82bea220fbf6b52d1ae6c285b1740ffbc86502a4520147dd4922c1bfd8eb6bac7edeec633315b723088fc60f8d415add8ec5b98fe5453f78dbbad21b40b1fe714d3fe081a2ba5eb4ec15e093dd081f7ee155990b21de939e0afbe6a349bd3630fee777b2a07597b52d8188176520f7da90009fc952cc32ca357cf53d0fd82bd7f5266cc906349616ea70591a3279790bb6887f0f52483dbf6cd8a2442ed14eb77258d3891395fe44abf8d78b1b6e9cbc2ca05bd56a00af5f37e1d5fa100b989c86e7268fcef0ec6e8a570b80e34eb2c0a0636190ba556837746ab692db9fa18622b665270eecb69f4260e467c2b5da410bc4d38b611bbcfa1f912bd744075eba29acd9c5e9ef53485aeb80f1285821cdb00655fb273f539070a9041e5727b9 C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB\Blob = 5c000000010000000400000000100000190000000100000010000000787d09f953c59978ecd8d6e44b38e24f030000000100000014000000b7ab3308d1ea4477ba1480125a6fbda936490cbb1d00000001000000100000000d48ee33d7f1af8f4b002527f82a344a140000000100000014000000dd040907a2f57a7d5253129295ee3880250da65962000000010000002000000085666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b6909000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080b0000000100000052000000530053004c002e0063006f006d00200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900200052005300410000000f0000000100000020000000489ff6233f3d3c5da77604be230745657fe488cb05257da551bfd64c1f179e72040000000100000010000000866912c070f1ecacacc2d5bca55ba1292000000001000000e1050000308205dd308203c5a00302010202087b2c9bd316803299300d06092a864886f70d01010b0500307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f7269747920525341301e170d3136303231323137333933395a170d3431303231323137333933395a307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f726974792052534130820222300d06092a864886f70d01010105000382020f003082020a0282020100f90fdda32b7dcbd02afeec6785a6e72e1bba77e1e3f5afa4ecfa4a5d91c457476b18776b76f2fd93e43d0fc2169e0b66c356949e178385ce56eff216fd0062f5220954e865174e41b9e04f4697aa1bc8b86e625e69b15fdb2a027efc6ccaf341d8edd0e8fc3f6148edb003141d100e4b19e0bb4eec8665ff36f35e67020b9d865561fd7a38edfee21900b76fa1506275743ca0fac82592b46e7a22c7f81ea1e3b2dd9131ab2b1d04ffa54a0437e985a4332bfde2d655347c19a44a68c7b2a8d3b7caa19388ebc197bc8cf91dd922842474c7043d6aa92993ccebb85be1fe5f25aa3458c8c123549d1b9811c3389c7e3d866ca50f40867c02f45c024f28cbae719f0f3ac833fe112535eafcbac5603dd97c18d5b2a9d37578037222ca3ac31fef2ce52ea9fa9e2cb65146fdaf03d6ea6068ea8516366b85e91ec0b3ddc424dc802a81416d943ec8e0c98141009e5ebf7fc50898a2182c4240b3f96f38274b4e80f43d8147e0887cea1cceb5755c512e1c2b7f1a7228e700b5d174c6d7e49fad0793b6533535fc37e4c3f65d16be2173de920af8a0636abc96926a3ef8bc65559bdef50d892604fc251aa62569cbc26dca7ce2595f97acebef2ec8bcd71b593c2bccf219c8936b276319cffce926f8ca719b7f93fe3467844e99ebfcb378093370ba66a676ed1b73eb1aa50dc422132094560a4e2c6c4eb1fdcf9c09baa233ed870203010001a3633061301d0603551d0e04160414dd040907a2f57a7d5253129295ee3880250da659300f0603551d130101ff040530030101ff301f0603551d23041830168014dd040907a2f57a7d5253129295ee3880250da659300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002018119429fb269d1c1e1e7061f19572937124ad6893588e32af1bb37003fc252b7485903d786af4b98ba5973bb51891bb1ea7f9405b91f95599af1e11d05c1da766e3b194070c3239a6ea1bb079d81d9c7044e38addc4f9951f8a38433f0185a547a73d46b2bce52268f77b9cd82c3e0a21c82d33acbfc581993174c17571c5beb1f02345f49d6bfc19639da3bc04c6180b25bb53890fb38050de45ee447fab94786498d3f628dd87d8706574fb0eb913eba70f61a93296ccdebbed634c18bba940f7a0546e2088717518ea7ab43472e02327775cb690ea862540abef330fcb9f82bea220fbf6b52d1ae6c285b1740ffbc86502a4520147dd4922c1bfd8eb6bac7edeec633315b723088fc60f8d415add8ec5b98fe5453f78dbbad21b40b1fe714d3fe081a2ba5eb4ec15e093dd081f7ee155990b21de939e0afbe6a349bd3630fee777b2a07597b52d8188176520f7da90009fc952cc32ca357cf53d0fd82bd7f5266cc906349616ea70591a3279790bb6887f0f52483dbf6cd8a2442ed14eb77258d3891395fe44abf8d78b1b6e9cbc2ca05bd56a00af5f37e1d5fa100b989c86e7268fcef0ec6e8a570b80e34eb2c0a0636190ba556837746ab692db9fa18622b665270eecb69f4260e467c2b5da410bc4d38b611bbcfa1f912bd744075eba29acd9c5e9ef53485aeb80f1285821cdb00655fb273f539070a9041e5727b9 C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 492270.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4056 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4056 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dobreprogramy.pl/adobe-reader-xi,program,windows,6628430196016769

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba57446f8,0x7ffba5744708,0x7ffba5744718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5140 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3a4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8

C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe

"C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe"

C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe

"C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe"

C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe

"C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe" -ip:"dui=d494ac732c1bacb33c2e70ea26ad5777b73c4bd3&dit=20240626153564366&is_silent=true&oc=DOT_RAV_Cross_Tri_NCB&p=e037&a=100&b=em&se=true" -vp:"dui=d494ac732c1bacb33c2e70ea26ad5777b73c4bd3&dit=20240626153564366&oc=DOT_RAV_Cross_Tri_NCB&p=e037&a=100&oip=26&ptl=7&dta=true" -dp:"dui=d494ac732c1bacb33c2e70ea26ad5777b73c4bd3&dit=20240626153564366&oc=DOT_RAV_Cross_Tri_NCB&p=e037&a=100" -i -v -d

C:\Users\Admin\AppData\Local\Temp\_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp3159551003\installer.exe

"C:\Program Files\McAfee\Temp3159551003\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Users\Admin\AppData\Local\Temp\ylex5els.exe

"C:\Users\Admin\AppData\Local\Temp\ylex5els.exe" /silent

C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe

"C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe"

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wp.pl/?src02=dp_desktop&src01=3t88r

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffba57446f8,0x7ffba5744708,0x7ffba5744718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe /msi DISABLE_CACHE=1

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\SysWOW64\msiexec.exe

msiexec.exe /i "C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\AcroRead.msi" DISABLE_CACHE=1 REBOOT="ReallySuppress"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1D4138840424E7744EE0AA1F98ADDAE8 C

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6076 /prefetch:2

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -i

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe

"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\VPN\ui\VPN.exe

"c:\program files\reasonlabs\VPN\ui\VPN.exe" --minimized --focused --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\VPN\ui\app.asar" --engine-path="c:\program files\reasonlabs\VPN" --minimized --focused --first-run

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2612 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --mojo-platform-channel-handle=2816 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3268 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2576 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2952 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3344 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3892 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3896 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4308 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.dobreprogramy.pl udp
PL 212.77.98.131:443 www.dobreprogramy.pl tcp
US 8.8.8.8:53 www.wp.pl udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 v.wpimg.pl udp
PL 212.77.99.26:443 v.wpimg.pl tcp
PL 212.77.98.9:443 www.wp.pl tcp
US 8.8.8.8:53 a.teads.tv udp
GB 142.250.180.2:443 www.googletagservices.com tcp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 ads.businessclick.com udp
US 8.8.8.8:53 an.facebook.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.pushpushgo.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 98.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 131.98.77.212.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.99.77.212.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 9.98.77.212.in-addr.arpa udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 i.connectad.io udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 wirtualn-d.openx.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 wp.hit.gemius.pl udp
PL 212.77.101.100:443 wp.hit.gemius.pl tcp
US 8.8.8.8:53 ls.hit.gemius.pl udp
PL 146.59.30.100:443 ls.hit.gemius.pl tcp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.101.77.212.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
PL 212.77.99.26:443 v.wpimg.pl tcp
US 8.8.8.8:53 100.30.59.146.in-addr.arpa udp
PL 212.77.98.131:443 www.dobreprogramy.pl tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.180.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 s-eu-1.pushpushgo.com udp
DE 51.195.31.125:443 s-eu-1.pushpushgo.com tcp
GB 142.250.180.27:443 storage.googleapis.com udp
US 8.8.8.8:53 27.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 125.31.195.51.in-addr.arpa udp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
DK 37.157.3.26:443 adx.adform.net tcp
US 104.22.55.206:443 i.connectad.io tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 delivery.clickonometrics.pl udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
FR 91.134.222.90:443 delivery.clickonometrics.pl tcp
DE 3.122.39.66:443 btlr.sharethrough.com tcp
DE 3.122.39.66:443 btlr.sharethrough.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
NL 89.149.192.240:443 prg.smartadserver.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 206.55.22.104.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 90.222.134.91.in-addr.arpa udp
US 8.8.8.8:53 66.39.122.3.in-addr.arpa udp
US 8.8.8.8:53 240.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 wideo.wp.pl udp
US 8.8.8.8:53 gum.criteo.com udp
US 35.227.252.103:443 rtb.openx.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
PL 212.77.106.3:443 wideo.wp.pl tcp
NL 178.250.1.11:443 gum.criteo.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 ssp.wp.pl udp
PL 212.77.99.29:443 ssp.wp.pl tcp
US 8.8.8.8:53 pixel6.wp.pl udp
US 8.8.8.8:53 ssp.goadservices.com udp
PL 212.77.99.121:443 ssp.goadservices.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.106.77.212.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 29.99.77.212.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 98f1d1a1d5506573d523553265bb5a2d.safeframe.googlesyndication.com udp
GB 172.217.169.65:443 98f1d1a1d5506573d523553265bb5a2d.safeframe.googlesyndication.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 c1.adform.net udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.226:443 cm.g.doubleclick.net tcp
DK 37.157.6.232:443 c1.adform.net tcp
NL 89.149.192.201:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.179.226:443 cm.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 13.248.245.213:443 eb2.3lift.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 121.99.77.212.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 201.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 ssum.casalemedia.com udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.163:443 ag.gbc.criteo.com tcp
FR 185.235.86.230:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 cdn.connectad.io udp
US 8.8.8.8:53 js.adscale.de udp
US 8.8.8.8:53 t.visx.net udp
BE 35.210.138.51:443 t.visx.net tcp
US 18.245.175.44:443 js.adscale.de tcp
US 8.8.8.8:53 sync-eu.connectad.io udp
US 8.8.8.8:53 ih.adscale.de udp
DE 18.196.242.157:443 ih.adscale.de tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
SE 23.34.232.193:443 ads.pubmatic.com tcp
US 35.244.159.8:443 wirtualn-d.openx.net tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 equativ-match.dotomi.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
SE 23.34.233.229:443 eus.rubiconproject.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 64.158.223.137:443 equativ-match.dotomi.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 230.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 53.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 51.138.210.35.in-addr.arpa udp
US 8.8.8.8:53 44.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 157.242.196.18.in-addr.arpa udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.244.159.8:443 wirtualn-d.openx.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sync.ortb.152media.info udp
DE 51.89.9.252:443 onetag-sys.com tcp
GB 185.83.71.234:443 sync.ortb.152media.info tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 x.bidswitch.net udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 104.22.50.98:443 spl.zeotap.com tcp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 193.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 229.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 91.130.46.52.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 234.71.83.185.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 cdn.indexww.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
BR 142.250.79.3:443 csi.gstatic.com tcp
BR 142.250.79.3:443 csi.gstatic.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 3.79.250.142.in-addr.arpa udp
US 8.8.8.8:53 dobfilesdownloadpl.com udp
FR 18.164.52.112:443 dobfilesdownloadpl.com tcp
FR 18.164.52.112:443 dobfilesdownloadpl.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 wptv.wpcdn.pl udp
PL 212.77.98.33:443 wptv.wpcdn.pl tcp
US 8.8.8.8:53 wptv-cdn-3.wpcdn.pl udp
PL 193.222.135.70:443 wptv-cdn-3.wpcdn.pl tcp
PL 193.222.135.70:443 wptv-cdn-3.wpcdn.pl tcp
PL 193.222.135.70:443 wptv-cdn-3.wpcdn.pl tcp
PL 193.222.135.70:443 wptv-cdn-3.wpcdn.pl tcp
US 8.8.8.8:53 112.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 33.98.77.212.in-addr.arpa udp
US 8.8.8.8:53 70.135.222.193.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.ssl.com udp
US 54.87.121.74:80 www.ssl.com tcp
US 8.8.8.8:53 crls.ssl.com udp
FR 18.244.28.22:80 crls.ssl.com tcp
US 8.8.8.8:53 74.121.87.54.in-addr.arpa udp
US 8.8.8.8:53 148.97.6.52.in-addr.arpa udp
US 8.8.8.8:53 22.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 d3c7zd9zl88a58.cloudfront.net udp
FR 52.222.153.214:443 d3c7zd9zl88a58.cloudfront.net tcp
FR 18.244.28.22:80 crls.ssl.com tcp
US 8.8.8.8:53 214.153.222.52.in-addr.arpa udp
FR 52.222.153.214:443 d3c7zd9zl88a58.cloudfront.net tcp
US 8.8.8.8:53 download.dpcdn.pl udp
US 8.8.8.8:53 shield.reasonsecurity.com udp
FR 52.222.153.214:443 d3c7zd9zl88a58.cloudfront.net tcp
PL 212.77.98.32:443 download.dpcdn.pl tcp
FR 52.222.201.28:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 52.33.187.168:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 32.98.77.212.in-addr.arpa udp
US 8.8.8.8:53 168.187.33.52.in-addr.arpa udp
US 8.8.8.8:53 28.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.20.12.89:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 89.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
FR 52.222.201.28:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 www.wp.pl udp
US 8.8.8.8:53 fonts.wpcdn.pl udp
PL 212.77.98.32:443 fonts.wpcdn.pl tcp
PL 212.77.98.32:443 fonts.wpcdn.pl tcp
PL 212.77.98.32:443 fonts.wpcdn.pl tcp
US 8.8.8.8:53 finanse.wp.pl udp
US 8.8.8.8:53 agrobiznes.money.pl udp
US 8.8.8.8:53 direct.money.pl udp
US 8.8.8.8:53 fotoblogia.pl udp
US 8.8.8.8:53 gadzetomania.pl udp
US 8.8.8.8:53 gry.wp.pl udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 gwiazdy.wp.pl udp
US 8.8.8.8:53 kobieta.wp.pl udp
US 8.8.8.8:53 komorkomania.pl udp
US 8.8.8.8:53 msp.money.pl udp
US 8.8.8.8:53 o2.pl udp
US 8.8.8.8:53 parenting.pl udp
US 8.8.8.8:53 pilot.wp.pl udp
US 8.8.8.8:53 poczta.wp.pl udp
US 8.8.8.8:53 pogoda.wp.pl udp
US 8.8.8.8:53 turystyka.wp.pl udp
US 8.8.8.8:53 tv.wp.pl udp
US 8.8.8.8:53 www.o2.pl udp
US 8.8.8.8:53 www.totalmoney.pl udp
US 8.8.8.8:53 portal.abczdrowie.pl udp
US 8.8.8.8:53 praca.money.pl udp
US 8.8.8.8:53 prawo.money.pl udp
US 8.8.8.8:53 sportowefakty.wp.pl udp
US 8.8.8.8:53 tech.wp.pl udp
US 8.8.8.8:53 video.wp.pl udp
US 8.8.8.8:53 wawalove.wp.pl udp
US 8.8.8.8:53 wiadomosci.wp.pl udp
US 8.8.8.8:53 wroclaw.wp.pl udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.google.pl udp
US 8.8.8.8:53 vibez.pl udp
US 8.8.8.8:53 www.money.pl udp
US 8.8.8.8:53 www.pudelek.pl udp
US 8.8.8.8:53 pixel6.wp.pl udp
US 8.8.8.8:53 autokult.pl udp
US 8.8.8.8:53 listownik.wp.pl udp
US 8.8.8.8:53 pysznosci.pl udp
US 8.8.8.8:53 znajdzlekarza.abczdrowie.pl udp
US 8.8.8.8:53 survey.survicate.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 rt.inistrack.net udp
NL 178.250.1.3:443 static.criteo.net tcp
PL 137.74.7.134:443 rt.inistrack.net tcp
PL 137.74.7.134:443 rt.inistrack.net tcp
GB 143.244.38.136:443 survey.survicate.com tcp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 dot.wp.pl udp
PL 212.77.100.82:443 dot.wp.pl tcp
US 8.8.8.8:53 134.7.74.137.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 surveys-static.survicate.com udp
GB 143.244.38.136:443 surveys-static.survicate.com tcp
US 2.20.12.89:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 35.227.252.103:443 rtb.openx.net udp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 82.100.77.212.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 3.214.152.143:443 track.analytics-data.io tcp
FR 52.84.174.75:443 config.aps.amazon-adsystem.com tcp
DE 52.57.224.82:443 btlr.sharethrough.com tcp
US 3.214.152.143:443 track.analytics-data.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 static.hotjar.com udp
PL 212.77.99.29:443 ssp.wp.pl tcp
US 8.8.8.8:53 prg.smartadserver.com udp
FR 51.178.195.209:443 prg.smartadserver.com tcp
GB 13.224.245.89:443 static.hotjar.com tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 8.8.8.8:53 home.mcafee.com udp
BE 104.68.84.174:443 home.mcafee.com tcp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 75.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 82.224.57.52.in-addr.arpa udp
US 8.8.8.8:53 143.152.214.3.in-addr.arpa udp
US 8.8.8.8:53 209.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 89.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 18.245.199.156:443 aax.amazon-adsystem.com tcp
BE 104.68.84.174:443 home.mcafee.com tcp
US 8.8.8.8:53 ssp.goadservices.com udp
PL 212.77.99.121:443 ssp.goadservices.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 174.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 156.199.245.18.in-addr.arpa udp
FR 18.164.52.40:443 script.hotjar.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 44.236.121.164:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 e.autokult.pl udp
US 8.8.8.8:53 film.wp.pl udp
US 8.8.8.8:53 jastrzabpost.pl udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 moto.wp.pl udp
US 8.8.8.8:53 rozrywka.o2.pl udp
US 8.8.8.8:53 www.benchmark.pl udp
US 216.239.34.36:443 region1.analytics.google.com udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 zywienie.abczdrowie.pl udp
GB 142.250.200.3:443 www.google.co.uk udp
NL 89.149.192.201:443 rtb-csync.smartadserver.com tcp
GB 142.250.179.226:443 cm.g.doubleclick.net udp
PL 212.77.106.3:443 wideo.wp.pl tcp
GB 142.250.187.196:443 www.google.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 200.228.220.67.in-addr.arpa udp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.163:443 ag.gbc.criteo.com tcp
PL 212.77.98.9:443 www.wp.pl tcp
US 8.8.8.8:53 164.121.236.44.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 40.52.164.18.in-addr.arpa udp
FR 185.235.86.230:443 gem.gbc.criteo.com tcp
US 44.236.121.164:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 35.244.159.8:443 wirtualn-d.openx.net udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 update.reasonsecurity.com udp
US 18.245.199.21:443 update.reasonsecurity.com tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 8.8.8.8:53 electron-shell.reasonsecurity.com udp
US 3.165.113.92:443 electron-shell.reasonsecurity.com tcp
US 8.8.8.8:53 21.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 92.113.165.3.in-addr.arpa udp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
US 3.214.152.143:443 track.analytics-data.io tcp
FR 18.244.28.10:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.20.12.102:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 10.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 102.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
SE 23.34.233.128:80 www.microsoft.com tcp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 52.201.189.129:443 track.analytics-data.io tcp
US 8.8.8.8:53 129.189.201.52.in-addr.arpa udp
US 3.214.152.143:443 track.analytics-data.io tcp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
SE 23.34.233.128:80 www.microsoft.com tcp
US 18.245.199.21:443 update.reasonsecurity.com tcp
US 3.214.152.143:443 track.analytics-data.io tcp
FR 18.244.28.10:443 cdn.reasonsecurity.com tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 8.8.8.8:53 www.microsoft.com udp
SE 23.34.233.128:80 www.microsoft.com tcp
US 8.8.8.8:53 config.reasonsecurity.com udp
FR 52.222.149.64:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 64.149.222.52.in-addr.arpa udp
US 52.201.189.129:443 track.analytics-data.io tcp
FR 52.222.149.64:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 44.206.171.65:443 track.analytics-data.io tcp
US 8.8.8.8:53 65.171.206.44.in-addr.arpa udp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 3.214.152.143:443 track.analytics-data.io tcp
US 8.8.8.8:53 mc6.reasonsecurity.com udp
US 52.43.110.0:443 mc6.reasonsecurity.com tcp
US 8.8.8.8:53 0.110.43.52.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
FR 18.244.28.10:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
FR 18.244.28.10:443 cdn.reasonsecurity.com tcp
FR 18.244.28.10:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 18.245.199.21:443 update.reasonsecurity.com tcp
US 3.214.152.143:443 track.analytics-data.io tcp
FR 18.244.28.10:443 cdn.reasonsecurity.com tcp
US 3.214.152.143:443 track.analytics-data.io tcp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 3.214.152.143:443 tcp
US 3.214.152.143:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_4056_RZKOHNBNTKFHDJFL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d312041e5afa24a5869df81a0d87fd6b
SHA1 85392078a414c6ee93eb4d8b5470d867687bfd77
SHA256 8939ed45ea4fd287f449c808ab78a47bcc8011d6a7949771d2c01fc82ea6b137
SHA512 5a4ddf4ebca50a81a364fe1b3e956efcfcfc3d685f3da2911e3ae93c2588fabf5502f88f881514b7a417124e8cf9c50dc2643921125c08123246b65848286d14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt

MD5 d0a1e9ce5b94a629311d83281fb14f0a
SHA1 2f99462b248cdbca07645813e397fd072744397b
SHA256 4f7eef48530a3d234c4feb3e91d322d530eba21ffb595e942cf32d8e245dc32e
SHA512 b610beff04e43c41d4d51b177a8bbd01649b41e38e7cf521c1c1575cd497a9fede6d9f6b5c0fd30d97ed05ec9e1dde09fc5013f0e39216a049187722d91ef087

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.dobreprogramy.pl_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt~RFe575d14.TMP

MD5 ab09eaa3cdba03eb3cf2915e0495ff4d
SHA1 cf3309d199a4a74732b567ac779b07d32bebf759
SHA256 8ca9184e3ac6fca1247ab02a8fdae79b9c4199983de87c4b8afbdea99a6de817
SHA512 2977ddaa9acdc1c2195b3f6e93dc571acf11c36e288ce99149c20b1311db72706ed75e66fb28c0ae08618748d40d786931017b363eae36008e56c410d734feed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1e6952ec35fdd2c10091b19a190996f4
SHA1 740d8e20a577de3efbf672c13ad4c344769cb2be
SHA256 a51fb4a1f51f7a382051fdee7cd934971bafcd9d644b6b88f0b1f9a9a6f3bd6e
SHA512 f2ba41665680a088ccbfd5687aca5e8da8abd4d322df299eee9cc89dcf0c1f52a7842d6b4f49337dccba8cd29103b5dfc83335770526b2da9a384350fda1f968

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 29ee602ef5253c7eb25fadb786249ac0
SHA1 0af0a9ec2d8d465248bf1b342794a2536fd929f2
SHA256 34d1ee2f53ccf9da41f0283f37f39b83cbbd4706d34e8b1c7673ac642546e1f7
SHA512 edd8bb7f7d486c7cd3838ae475aeeb09dd5ead13cf922617276c0dfffe02f9c896bf8270f57dd0dd8224732c024ccf960e3e95dda66eba4c8991ca5765a281ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 1ab1923427c859fb67362ae97137702d
SHA1 2323d6000cdfc0c4ee47cde0928d7f0fa2679f53
SHA256 9e72d0199bb4a06a1fe88a5faa693c03579b17fd718ab5eedcdbfcec912f843a
SHA512 ba9d496801915fa2930a19b8558142af28b5e6a625e29256d9f7e097dd919ad626fbabf9929447c3e9e25d2ce2e22a4dc284d212e6e60b39f282880da16a7035

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 efd00929c97729ee1bdd5aa1f9f7f1d2
SHA1 e398c3a6475ef38952f2deb435f563707bdf37a6
SHA256 8bba11882e1c4ddcac0618cb1c437e2a21965c76297b649dfd3a734b8b461f16
SHA512 3acff56c431eece36dca8fc726c52667661ca49a07f4f07cff0f751a97fea4a0359ab47bb0a8ee5ee5df522c71710ad30dea3d0fa582a93c94ac2e5f4136ce89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

MD5 05b3ee26eda5fbd4c683b36770a0c95f
SHA1 32d55d21a8e3e709c68fc7aedda3f8de41d55986
SHA256 8b75aee4322dd72538687da9101cbeb7ef54cb87786a4be578ca3693411c0d88
SHA512 95bab027026c119623f10f69bc96a86bb8f6d9acc3d466f397a28d0592c41c116121ac5a6e1f629f9e00c5d1d83f2f9dcf5a245ad05001b2167fa9b188dc983c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\b6c28cea6ed9dfc1_0

MD5 e6574a620f40a04c373bd1a30c7ebe2c
SHA1 ea70d8ddc13f1c9c8b6465784c3a3894b5c1cdaa
SHA256 5ab7408fad549e564e63e809d616b63e55a92078e0e49fe02a7af3b819edda88
SHA512 6b4429e9787f46233940b9dcd2e1e124040623f1012d67bee9a4510078e94cf8ad6b667f913ddbaa8e01d11788b0637941625ded2a084569dd9572ef171ff1f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_0

MD5 f94ce9ef26a2df14025a49f5a7fc61ce
SHA1 86f8319fee14833304b0100a36e8c4abffb6f51a
SHA256 a8a666229395b3fcbe42836617733c83dc8dd7dcfaea7042a3cc3bd8d61a30fe
SHA512 54655f76e4d15a721870b8d2ef89f6a5f6b1221ad2fe5a91414732bf569f413f18a9519649161a495253c3b70a87fbdd81aaf1188cfab138f163179ee66433b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0

MD5 a361c21b3630c5e9dd0fb1c9fce89f07
SHA1 5cf424de067783290b64289b5df3b2acc413c150
SHA256 fd73acecf7b77b12a7467e50c56580b06a8b0714f6602745863786444a8c5f74
SHA512 7eaa9a8666fdddd9be00174aa64826b99852089f1c7556bf87ad0afe167c2774953dff21e99c29c7f019a239fcdbb9460b0f73644257f3acfa23cc945787a2e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

MD5 5e50c988a7cbc53caeea98c32c5f47cd
SHA1 a830ec1d93d0b04d0dcd467513d38c772b169e0f
SHA256 eb3719bd10f2f51a06b551f50fa54cfb9e73349dd20a1f54f9c010fc397b5626
SHA512 7174f404d3543d79403fcb88a2a564eb8d5ac7ea7b753a300f1d11959f57195cdb249c6c55ef0604bdbb6cf3a1258a45fb6238b61c0871bbc2663cb24c19142b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 6cea2f5052f766b4ef937cd43152f09a
SHA1 117dfead81e7539a8872822d93f852cb5323d75a
SHA256 019c9f6224cb7bbbc137255da2ca68fc52a2df7964c0e35b7c421bec1efb8eaa
SHA512 2abd8634c149467487a45e15951f2ac73dcb2299ac7c2ff1eddb84594e093997be6da9b7b98e0f73e2fe4461fa7ff9f9ace87b693e62221cd95bff285e5ae825

C:\Users\Admin\Downloads\Unconfirmed 492270.crdownload

MD5 390c6c6b3f54a28218dedec3e9770b49
SHA1 132778a8aa06087a19fbb9d4ffe376910b91f6ef
SHA256 4f4be04142c835f2cf90888cf8f782b60fef6e60177f75919adee695caf7f1df
SHA512 5545ff149e1a3de1877e3fedc092c344fe704fb80b8075bcb71049e6cbb0637782123bd2de55f8e80e284e6c43448448f22e835d72bdfd33e13c42602bf76d82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0029627883f06ebb40c9aa8fd78018ee
SHA1 08c332d73457d8fe04f41d4d536e6df8e6e389b7
SHA256 52726787700ef731bd91159ddb53b875ba180b5cdf0a687227ab02c12e50bf7b
SHA512 aace8528262bdb54a7f79ff544df209bda4bc305e74c2acec8185b628103879cd827ecd6ac5673d1eb9daa6fbf8ad367cb2516680e288b788c7c4b824df8d68f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 971c01e075709c9df88ca64dcf3456c0
SHA1 a9bb532895a8e6fc1ef8077b48e4903a3e460211
SHA256 ff14881ad9d201db86f08f0ce177f61af69ec2537c13e9fcabc860df39d8d84e
SHA512 8b98db52532d42a10351ee01a13ee3cd9f87f9b364493963419f818b348600e509951d231af7659ba5532d05a0b3d7d8b1a740b21c44c8a0d2470aff8a07884f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a086.TMP

MD5 1d1934b7d057a6023d3f7855930acc5f
SHA1 31644913ed45109dc63b99530d70b9aa7cc57b83
SHA256 c5a250220ab9450f5d44fdb14139b672c24d57b592521c203f9353768ad19918
SHA512 ed55c2558cca3f4f939949dcdefa63d81a8e0b836cf9b87663f7f0245ab07ae20b1e9fa1321d2a9bc0812eae2c607ca10c5e0e8072789fcadd77cc2c761e77ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\d5537ac5-916b-4829-a683-74d44c747017\index-dir\the-real-index

MD5 1c1dde266dc8887273d9ae28ddfb5071
SHA1 59246134ee1ae7c1e46672c146b08276d4aad932
SHA256 51553ef842cbc906aaabea4000a8d6923d5a0c86b1ef4e5c240389f8c89896db
SHA512 c13b89d1151d48bb5a5e074a5a70f6770d6648ca325aba608432bca1ba88c78fe16f7c802a8470b4c749e3dc6702ab4d6a418aeee4ee7ddeba9475a9d0a63d2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\d5537ac5-916b-4829-a683-74d44c747017\index-dir\the-real-index

MD5 b1e20b88c5272275be14270da9666500
SHA1 a5fffc9a737f5e6f170e75566550c088f801423f
SHA256 adf65aa83750808db8108a2cce1ed10ff44dd258b185ced0fa61476dcff23a3f
SHA512 2bb9c72eaddee91ec77f19da8735c7c28fc32aa73265d2dbd5acffd38625359c532656b0a4f9b7aa1ac0bf6717a922fb7a53e364c836e61ba8ee4316b2837258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt

MD5 215c4a77eb08c5b1263496a606946dd4
SHA1 f40b06ebe8df8bc5dc44eb99337a64b3d19f88fb
SHA256 253bf97c27df85f2fec3e52d17752d9de7bb2edac9ef6f098b20eb0a6febcc56
SHA512 146638044e911684fee302151dd72befa1a52ae1d5a4194ab9d40cb149f53b819b28a5a25c5c81ea275c787cf842374d1c97661747eaf42862f84199528e37e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 66257f7cadd0f65eb486c9f0d728820d
SHA1 93949750dc6dfc4d58ba2168da4cdb37be6a6f81
SHA256 43824a8caed38d981bd310a906046f16fb8376bc14904d2aa7699d16c10cf082
SHA512 092fb6dcb0e0fe6d2805d3cc19e1fee28a13d92da40173f6d07d3bb4114a5f663beb846571d987ad3f102297e1d14a2db80db0463f9c916511c453c9b3382244

memory/6380-484-0x0000000000360000-0x00000000004A4000-memory.dmp

memory/6380-485-0x000000001BA30000-0x000000001BF58000-memory.dmp

memory/6380-486-0x000000001B670000-0x000000001B6C0000-memory.dmp

memory/6380-487-0x000000001B780000-0x000000001B832000-memory.dmp

memory/6380-488-0x000000001B640000-0x000000001B652000-memory.dmp

memory/6380-489-0x000000001B6C0000-0x000000001B6E0000-memory.dmp

memory/6380-490-0x000000001B720000-0x000000001B752000-memory.dmp

memory/6380-491-0x000000001B6E0000-0x000000001B6FE000-memory.dmp

memory/6380-492-0x000000001B700000-0x000000001B71A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed016a7081fc29f651b61e7a92d2e44f
SHA1 d57cc2edc1aced72b061ab450b52639de1177e62
SHA256 2e86a09b2c7b08241819e58ad42b29488c747c9c1e549309b1208c990b1f3fbb
SHA512 42e8a6c84ad9592f6baa4f0b5180f15a47b3a850b24aa48c8e488f2b0545a798a5c52c7ecf8c0a63fe003350f78073c1aa80bd1d8a66d019ce0a30a26d64090c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77CF52543AB0ECD9BF6546AAF6AC33DB

MD5 30b422749de52f643d0b82f4fa0eec08
SHA1 53ff45d98808aae7c2edaf7847fa8ae2bb2780a8
SHA256 78e1550525bd380b406698087a3d001970fc6e962f9c355bd999663903162de9
SHA512 6b321219bc2c89ad69c38995ea0514d695da93092dbe6966fbeef27088af5107f056a3e976d2735e49341e49ed2ce913d6ae3c5c0a3ff920a95cdafb4cc63248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77CF52543AB0ECD9BF6546AAF6AC33DB

MD5 6cd2230aad1bfcd13e53fb6f5d6530eb
SHA1 be358412e0c379aa339275d00dddbdcbe04d15ad
SHA256 5607415597704be97df87abe164567d0721573ed8676dae5775c0314459bfbaf
SHA512 002bb7bc5ba72992651837dda272cfbd3654b357115a8bb6d792d519cff70290406261e0f2a5e3eb9df027027965212016efdfdc438c49c851856c5eb3c5be4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54C62B182F5BF07FA8427C07B0A3AAF8_C0FCA017E5E8DC85A76F14D75ABCD153

MD5 ce5569ae0a2f98833ab815f80e936af8
SHA1 c770d1007c2b745dc7a0039c9cd7aca5ae577491
SHA256 d14a0fa7b924a1ed93936bd95b744204104679bb5ae17cfdc557bfb6505f0754
SHA512 9fde390b814d1595b8eea47d85d82f97cb6b2ef0d14a61748cc8d12c7b6cde956113e5d37063e8c31ff04bc2fec1c136d3bb8ec594d4455d54029a76a6834d35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\009879608CAFAEA3D83BD836A5260DFF_494C964ABB8DFAE54253C96871A2D7F3

MD5 4516e9ac4da169dbb1e1df63ff4e1c4b
SHA1 124c1a46f4c067e1e1167b58a53ecfab9df97b70
SHA256 451f0f25ebcba0a1fa22593da76bedfc0c055a36b8c06c2d6854bf45c0407808
SHA512 d37e50782247fe85d0402ffc22b6c6adc337874cd7c4ba9170d457cf602ec751977b69e07bfffab6f213590c0a379a453d1e0a7b2807556a962d3a2f128eae5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\009879608CAFAEA3D83BD836A5260DFF_494C964ABB8DFAE54253C96871A2D7F3

MD5 449d41c10538fc9ca92dbf90b5ed94f9
SHA1 18a7c79b1223f275e0458324a55b1d0de2136d99
SHA256 f4de3dfc2e8480b4b5ccab7b860db1977dff5aa9716b8a8af7c4aa0264e1b8a4
SHA512 923b8efc623ae3755d57cbf3ee1cb38e9df024a67dd64f54df763c9afdc82a6a111754de70e231c94cde2ea68f73c1a9382715b38591ea06afd0df4e1c3f9e7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\54C62B182F5BF07FA8427C07B0A3AAF8_C0FCA017E5E8DC85A76F14D75ABCD153

MD5 57143f2c8d9985618b99ba579306a0f6
SHA1 9de656e0261349e2399573beef98fc730b0cece4
SHA256 bbb67ee898dca520f660538929e79deca613797491ad1c2b1e16a924e88ed58c
SHA512 bab70cd36a61e28bdb0014fd763766e5899e71368be48fa6ee17ed5c4fc31a4a255ae3c69e7eaf3e86b0cbea49a63c7a40322bf63d38b385784be1e3e0dcf4d8

C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt

MD5 773b4f2626d6d9553722d8de6e4945d3
SHA1 14c37e22981d8fbc9227396cfa47aafb6e93ab71
SHA256 e9b30554769a8e2209a8892538b43450048ec08fd361ab745bf7cce1b9974b81
SHA512 e1f7ff2b1e8c2ad1289fcaae13e99c0ad40c201bc239095e3857b31b13645be0d1e5ed28edb55f39618d1c9542dff78040c150b5a9db27204d368fbfafbd9353

C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe

MD5 e66bc638476a2ea162cfc8adceb1f703
SHA1 3a7c2853e2c4ff9d40389a65abe57121780896af
SHA256 40e0fe7a7abde39a72753e316f65193a4e9a702d3558a3a3c3ba54860c70c503
SHA512 7d2b25c07ec915c26effa25d3dfea4f791ed4d67966ef09f0cb3ed5497d719a6577e5f05051bf6069ec2625178fbc10c124f7fa5ffd63fe060792f9f1af401ad

memory/848-600-0x0000013C191A0000-0x0000013C191A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_files\installer.exe

MD5 cbdc702ec44e244b2cb764ec3a82efcc
SHA1 3ac7e0652509171d905f06423c979a5c0d16ba1e
SHA256 2f97de96c50d73bcdcbff95fed75b2763207c8fc144d6367d2ec954c1e966b8b
SHA512 8ef13a28201c448215fc241cda74bb032c4a0c29a777de6aed32eeee8a5c428f3899a42ec74a408faee6535d08f7796d216c0bb1454fa2a67480c6a4e6ace9c6

C:\Program Files\McAfee\Temp3159551003\installer.exe

MD5 7cdab43bc1b360d42a143943c700bbae
SHA1 9210afd1e6616bfdd20dd71c7379d1cadfeab966
SHA256 580a2098951e804ad5cb726fbc0e78ed09464910769fa277330a3f78c0703a51
SHA512 ed28a4eec8e35aa0786f960e87079929b9fcb154b3b184f4051178a42d678eac438914f3144b9a1ff4e0c0a7a74171b594eb1ddf5d8180708677cbb7444486cb

C:\Users\Admin\AppData\Local\Temp\mwa3D33.tmp

MD5 662de59677aecac08c7f75f978c399da
SHA1 1f85d6be1fa846e4bc90f7a29540466cf3422d24
SHA256 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb
SHA512 e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0

C:\Program Files\McAfee\Temp3159551003\analyticsmanager.cab

MD5 c60ce68c2ab0f0a472f4c4d04a8d54ae
SHA1 0e56defd42bf0b3ee29432e3cdc3fbbdb9d27dfe
SHA256 c5941c0d7db0b94fd30034d13ec69e9ece6133b43481d99f8d1c36236f363515
SHA512 733a9b9805e0c255f858d1052af5d75c54a004756e10e351f2ac2983fd1502a71e06daf947e17c49eb3784d01dfabf0d8b6008c56b0ed8ac74c928cd35ab3441

C:\Program Files\McAfee\Temp3159551003\analyticstelemetry.cab

MD5 25ada6efda1551f01db355065e53faae
SHA1 6e822cefc2dc0177ea9ad002958c218b0fae52bc
SHA256 2dfb8800d7d6e2ca15d4b6124e1bc1ffef6d17fd5d355a4fab29c68291645f96
SHA512 38a5fb07f63d49db0afbf67935e0afd5e1fc2097511cc048789a07546980d296a979febce125dee61770ed69ad749fcc814dbd47184655d7e314f4c43d541bd5

C:\Program Files\McAfee\Temp3159551003\browserplugin.cab

MD5 5b946a56491375ea87a336d07c648ab9
SHA1 f9c5cca74f03936d172ae8d8e7c532c95ee8be10
SHA256 a459c1c14309214cc705871932f6aff9b95df2c95024a8ec6caeae18ced49c29
SHA512 0e3d09a425827d7e1c88b63c9bd7614751e9445daab2118aceedd9ab0dc2493e0167180cb01d295b446954bc77ca926d144f958578fea77aeff4e8d54c1dcf98

memory/6592-769-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

C:\Program Files\McAfee\Temp3159551003\downloadscan.cab

MD5 5eaf2b2662a9926d835fcd1e0016facf
SHA1 0d9ca8500393479fa954d0519ac39aedd07fda32
SHA256 70d1d190ddc32a61576bf2454fdf066348d3076c1a83918bc76e90224f68ba02
SHA512 873a5b7c0da923aa79f8733a9e42600a6d794f536edde8c3bfc8da19f853cfcb879d88529a43b96b8ef1d9c94f051564f783c00b4c24ceccd39a6850289ec399

C:\Program Files\McAfee\Temp3159551003\eventmanager.cab

MD5 570b642237d02474854bcf1dcb17b762
SHA1 12a7b4306775a555cb9a6135cbe5a9a3dba9ff4c
SHA256 fa8e179685aeff6cbe9578ae2f3e34a5bcb045b5697d5b7e3416ec2ef8a25881
SHA512 e98cc2b45caae213acd3062f3c8b1b82a71cc124a8910f2ab6a463a2628d832d9dca17e6f2e5f933287c668538d70486635f3d7efec093889ea107c20fd0a919

memory/6592-773-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ylex5els.exe

MD5 18f5084eee5d30552acf7fe31b1c914a
SHA1 91f82d63a3e0b1d98822bb34c4ebfd2c9f932cc5
SHA256 2ae99d0324150b36ae77ba813857288789fae43054e369c64ac0a5f953442cd4
SHA512 1a541f05c92c2a651c2738a1a4d17016e9f34ac8bc8d1afdfd4e7fdf58a722e2bebb45b778003781a468720a4075e2402ebc5b95727abfab64b00691d1312eba

C:\Program Files\McAfee\Temp3159551003\l10n.cab

MD5 9064bf5ea7cb9acd2a4b5efb0dd90a2a
SHA1 a142a9281c3ddac96186b1b7c7a1ff6ba0ef3dda
SHA256 8a2aa601fa77e3587e153840c1896028422335e9b3b2fd00fdc462f677e0c687
SHA512 362bf6865c0586e8001566fc5cfde2decefd24fccbe93339090d9f816ab4203b4476bfb378ebd69b25c2bd8bb5b7c1ca7aa4cbb284888b43e37d4adf86fffbc3

C:\Program Files\McAfee\Temp3159551003\logicmodule.cab

MD5 59f879d459c452486543ff8f84981710
SHA1 4f56f3a41be2a44adb5ad0e4a01fd9b808df49c0
SHA256 73c5bf76c7f680b0f28b969a9748a3cd7923e1f84eb00484ea5929276e839f8c
SHA512 f9b9d614f4f5692a0c024ccf3b79fd21e2f9d7e6dc951da01c6745d57322b0f2f5e33efcad6e222eef2244a5312b8faee300e73d3855bb78e2217fe850341477

memory/6592-783-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-782-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

C:\Program Files\McAfee\Temp3159551003\browserhost.cab

MD5 f2d4152850d4e2ceb0f318f2f11cf021
SHA1 004dc3db926cff0345d91a3fdd3bd241b9ddd0f6
SHA256 f1933558644045dbc893cef9a23d735b5a45ae7350696c1da9faab616638f56d
SHA512 f7692e406698ab617e859df616621b03f4227b0c43b41ac984e4302021f275fddc650d640d8864fe05b0886b742d4beddbdbfeabe62d4a22de8ef7f2f7264041

memory/6592-767-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-766-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-765-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-764-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

C:\Program Files\McAfee\Temp3159551003\lookupmanager.cab

MD5 182315f2c8bbf146aae9706d3720f492
SHA1 cf1c2e2982f97d9e2d8fc1f285d56dd3f485e954
SHA256 173c4f5b70453c0fd1c175841418d4cad4d669f373f99bbdce1fdc1440ba2bdb
SHA512 7f378afe22bb4a2330d6704f253ab4da2d3f571a719e672dea7e0d88b644a895cb883c5154b0bbc40e302b3d8d7307dff0ef9fe2c7dc79c2ba963a2932d37718

memory/6592-789-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

C:\Program Files\McAfee\Temp3159551003\logicscripts.cab

MD5 f3d9744bc01d08dc8981b0d2bc054fff
SHA1 e3bcbd89982144ececf7ec07f41551f982da5966
SHA256 f23c6a8782ea8da307ca628dc9f8c4551808d0c59317ee966b190b7462719ad1
SHA512 22e5d3b28ee18965b0eab4c2474e33caab52311dc53639b528b2ac7b7ffcfa259222615471fc3e5c432f9f00fb1c899ec96dcbc9127dfa20b4a95bb9e9e71d82

C:\Program Files\McAfee\Temp3159551003\mfw-webadvisor.cab

MD5 2dd394a5a4385ebb09c3cd47be84c0a4
SHA1 d9ca7feb947776ca5fb6f2260fe29de763c2216b
SHA256 3c09814cf00e096773875e1d2d402bb35412ab0e62a3a24006b1757552fbddf0
SHA512 9dc5f1a3436aa58558ae031e5bd5fd0f443f416923425a9e4bcbb22a509ef81da603310c9f962f6a3e8465feb95797a3c3df81086f617d7e8e4f1d8bc7ba2e43

memory/6592-794-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-793-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

C:\Program Files\McAfee\Temp3159551003\mfw-nps.cab

MD5 f8b177c8ca906c97c8ac9999ad9366ab
SHA1 ac1227646dc1df0bfedc430abb8bcdb6d5cfb066
SHA256 427a030c28264bcf224703b7ae439a405be762c797aaf988342b2409a5c3bf40
SHA512 af105f43d497f63b28792a0fa23f630267bb671dbc814f6b82815c58458a281251a7948b871d4ad3b8cc5b2501cd28653427b6e954d3a1d0d2138f98d57e59fa

C:\Program Files\McAfee\Temp3159551003\mfw-mwb.cab

MD5 4574be184f0eb83b10106c7cb4789bab
SHA1 ef7eccd4a3c89a598b0ca421a255f25b74c1c909
SHA256 a2de49125043942f1e7611b670a5316bfa4cc6e29cd84de0371f822fb88b976f
SHA512 995c6dabd71cbb928a29733cdc367fcfc5aaa6b613b9e6fc2269a8e46bfdca70418e8d3f41987bedfee1f002cffb3833dc726beafa995f809aa4764a80d53e1c

C:\Program Files\McAfee\Temp3159551003\mfw.cab

MD5 a47358e143069bf156ff5d0196743453
SHA1 9ee25fdb797e5663e2285a405dea937e6314e20b
SHA256 299e548ac813083d8d0da9d01d93eb15f2c56a378e960b193dd53d05e2dc0357
SHA512 2d7213b6274377a9b73f10ac830381824e9655871b3baef0a053e58d2fd7dc0803861655349f75f76884cb4f457b11ff465bf1ee9edee121ba4e908fbb4a2bea

memory/6592-828-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-909-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-910-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-911-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6296-913-0x000001CFB8C90000-0x000001CFB8CD2000-memory.dmp

memory/6296-912-0x000001CFB6FA0000-0x000001CFB70B0000-memory.dmp

memory/6296-925-0x000001CFB74A0000-0x000001CFB74D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\27273\config.bin

MD5 7263d156f11cf6795342c15d1ab22fd8
SHA1 26fb120fe923649725928d9c6157b21733f0897e
SHA256 6549e436c3242b8bae82a0ceebad6acb8a7526e2c6a546d34fd73bd960f7ba66
SHA512 91d17456421a8741239296e95f72453fc646e35c211319e7b3dc927b707be524c94324124d77f50f6c8a1e9b7f13affef21f21d16e333227719d0725ee0ed90c

memory/6592-937-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-936-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-935-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-934-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-933-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-931-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-932-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-941-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-962-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6592-992-0x00007FF6C1990000-0x00007FF6C19A0000-memory.dmp

memory/6592-981-0x00007FF6B0070000-0x00007FF6B0080000-memory.dmp

memory/6592-1110-0x00007FF6C2190000-0x00007FF6C21A0000-memory.dmp

memory/6592-1115-0x00007FF67D480000-0x00007FF67D490000-memory.dmp

memory/6592-1208-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1215-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1188-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1185-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1173-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1171-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1162-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6592-1158-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1153-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6592-1136-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6592-1134-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6592-1117-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6592-1114-0x00007FF67D480000-0x00007FF67D490000-memory.dmp

memory/6592-1113-0x00007FF67D480000-0x00007FF67D490000-memory.dmp

memory/6592-1111-0x00007FF6C2190000-0x00007FF6C21A0000-memory.dmp

memory/6592-1102-0x00007FF6C2190000-0x00007FF6C21A0000-memory.dmp

memory/6592-1183-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp

memory/6592-1097-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1093-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1074-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1054-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1046-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1144-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6592-1036-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1034-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1032-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-1141-0x00007FF690020000-0x00007FF690030000-memory.dmp

memory/6296-1008-0x000001CFD1510000-0x000001CFD154A000-memory.dmp

memory/6592-1013-0x00007FF686340000-0x00007FF686350000-memory.dmp

memory/6592-955-0x00007FF6901E0000-0x00007FF6901F0000-memory.dmp

memory/6592-1004-0x00007FF67B8E0000-0x00007FF67B8F0000-memory.dmp

memory/6592-940-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-939-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-938-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-944-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-943-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6592-942-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp

memory/6296-1828-0x000001CFD15E0000-0x000001CFD160A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89a4f12dac53be4f54a3733fadd91282
SHA1 ea77f12fc719dec49c86a407e923fc07a65e39a7
SHA256 bfdea91d3b1c1b077b35e48ccf3fa7d869dfdd0c399a1e5dcd72e3b630767def
SHA512 ffca61b2804c14cb25a40b4bcf96589acb1fe9f08928febdef1f12947b99ae3d29b38337248f01be813f4c76445722a6832977b600071b61d0c632dde866fbe2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 eac39505f05faad57b95742057c3b941
SHA1 24f0f4833b7e6c82d772a451d6864b31e1ef9743
SHA256 cdf5a200c8661c1c0124e8989b1b138dab25130b32ed49e461edc9b725f0a0d6
SHA512 71643f8c4d838e8cf7bc5c664dc41e48d31dd1f3bf60f2b0bd477efb07a912cfacb29a60d76e199bfa776e439f10c0c28e5e35d4498f2f97941bf64dadacf4a2

memory/6296-2146-0x000001CFD2180000-0x000001CFD21D8000-memory.dmp

C:\Program Files\ReasonLabs\EPP\Uninstall.exe

MD5 8157d03d4cd74d7df9f49555a04f4272
SHA1 eae3dad1a3794c884fae0d92b101f55393153f4e
SHA256 cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74
SHA512 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 cc7167823d2d6d25e121fc437ae6a596
SHA1 559c334cd3986879947653b7b37e139e0c3c6262
SHA256 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916
SHA512 d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 ad8771a2fc444045d567a41fad693a44
SHA1 aaece159444e6f21cede4777c0dbc9516c859858
SHA256 36c8358590f9e712c468479761248d330b33363ad0d205ed6bf1bf9a7d032cf0
SHA512 50f6b8c303d35421754347754d725019763ff2a184eba1a709292c966e4a50fb96a45a9ddcba0abccd872e6bc273dfb5b5bd4815c74cbf0f69fbee9542fc934a

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 c7ca71a7f472503fd07dd8674e70907a
SHA1 c30ba3338ccc2c5b0eec860f64064dbcb6cf698c
SHA256 70bf1ff3b3d6c8f2b0fd141253569f606aca663a21e80cd479049a7346ec600b
SHA512 11943457887df84fa6dd33e1e90ea5f88c3b938eed668bb70e7502d8017a560cdda79e9602135a3e76d276567808192c34093d07de1dc80e8262a7c931ea5a7a

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 274d8fd8742b224f4d86e7bd2c0f415d
SHA1 b18341c62d1bee34d1d5a9f099674842a6157ff3
SHA256 1650228d537a7004a940b99182d0780f0f74c2e863bf0fabaef0650e90337ce5
SHA512 94ae68ebf9747e6204fe43b91968ce53401e5b0dee3fb33152032bf51ffb34e338efe8b6be91dba54ebea9e2b3efd58984a09098b140e31d333752b7b4f74a51

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 4eb5f7625dc3342df0be16b2a0c57054
SHA1 f00598356f9ac6f5d4ca9b3bcd3ec77f12403031
SHA256 9fce59a39e2c107414e7df6265c0161139d872df56d0877b36acf91515cfd22e
SHA512 70c3610e5cded34b99aebc0f8a493f511e29794ba60570ca992e970ad28822631a03ed33842761df493e2b7f3820961d769365ee9f0f1964bcd355baa40ef54c

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 1cebf356878f1571668164306c4f1d86
SHA1 a35efcffcadf84e2ad1024618a0ae46f5e546622
SHA256 99e0ba25d498dd7b92e3d2f646473f3a77efb3db09ffc7de39812387cbaa5c1e
SHA512 042c0d437f11c1629513c667899679d02a6c4868a21ab5a8184d7a5638d0b0bf7913f8e318da07d7d4ed4a7b849f90ea4fe211c74d8f05936cf81c62fdeb6f8d

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 0ab749bd8528f67ee383502bb00156f1
SHA1 060c383761d475db5ca9ffb2830e7b9987fbc321
SHA256 7c278656adc33bc53824be05637ac380df4216ad2de9563622e24766a4de3713
SHA512 0d9557d39db5dcec18cb434434547f22ac48dfcad1b48cace524c76e0ce0019cbbd831b2dd0e9222a4aabb341bf2fe47d1ac0776d9e647ae7964f603f47b7e82

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 22aaf4a6312fee68f5e7155ca2d36595
SHA1 08c1b2ee2083747ff92d30ab74b246f2abb58865
SHA256 fab251f5b4255a31e309b14cc203d89a9ea0d0f89d618dde6b725fe5fdf3301b
SHA512 9257ca92e2157a49e84359d8e184eff64abdfbe7c1b640412a1e0f2e3b46a33c70ce640095fd68b7d098609e891db03944d43024f85c2900a7e19cb29f9996cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt

MD5 fd21495235fe9162e6f5944071247fe6
SHA1 fdd9654a957ec791b8f2e611758e7f2d77b4a39d
SHA256 7685741a69d6b38d7140b1ff2d962e44d84368c0d4e10970d61c877e26fde192
SHA512 5d27b99fbbcf9152de152ef11d6bdf3fae880ba996fe1b0a7036321615a380ad6083f8c027fe3f14984ebe449aed1a1de257bb3876cc4797ffba18687ccfdf37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt

MD5 1f7c543b7266254f20361a550fec6e90
SHA1 1a59dea57ff792f401d3bfec5aee0751f175f858
SHA256 48ebc0c73d42c79cba9b093992ca4dd4e183a7eb5ec93224606321a7f02db8a9
SHA512 5129cfa578c4f7fcb5c5f9fd1f083d89c06aa4793a0917729ff95f4f035443cf78f39ddb40f1a301f979bc1da2d139f057c2757f0bd0188fe872acbbe2e227f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt~RFe587114.TMP

MD5 00d4511316d5d2bbac596df9a008f89e
SHA1 fa3f79f5622c7934be8c2b96fdcd5febe676a5bf
SHA256 754ad1a1fb996403261af21c3ef86a6a9aa19ff2c6fe1941243dd9a895810c7b
SHA512 c859a4a712bebbdc126b1abfff7e9755ba406ab883a26391b8e92469b05fe0d5d354e7366b9243ef5fd1f169d9055a2e2583b3a2120666283553b7a91da5623f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\79a4fad4-c5dd-48de-81e9-7df022e8f5bb\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt

MD5 b89d6f4363af345130c74349f814e3da
SHA1 08c93776545f2b6bace68ab63de178e2f89cc10a
SHA256 1e4481632c434347ae2dd5b8122e9fec3caeb739c066bfdfb50e8e5adbdb7f18
SHA512 d77a3f549c83843e9db3d01df96c92205ac2308a518c4b7e191d54c2089d512a23b5c8d71c38860a754d17dbfd6b88946a8d3abc55f7789c065e41f51d9c903f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2beb0213504d07fc_0

MD5 4fdce658e695434a3e58d77d44d59d35
SHA1 0c6e8a0fd5c416a1b982fa84e67cbdb8eceeee9f
SHA256 66467c946f3109bca8b535d48cb2e23c6017c12d4b08626921fbde1ecf92cf0a
SHA512 e5423fca00043d99e89f13aa4aeee2b978b87ab38235f260a924276de7c0d9355f2e41eaf1ed8ed2d60318aaa73bec1bb734e03518f359f27d0f9a31df29782c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\d10f805e771d7acb_0

MD5 975e278ebbcbcd4517c5593753259336
SHA1 b85bb7a57b8d3fae287a8ee5a58e48a6b6e41310
SHA256 75c1e3346655a3841620edab6bd6eaff708cafc58e9d35b91788951e4f7d4599
SHA512 0d7425508066b2dab124fb1b4c78782a3626d455fb7a877fe717104758fe803e2f2bc303f6ff43ca35f2d3fae1f630644e9748807ed42af0e74a87b524bd0af3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8a579830291b1a29e4f5e9758b2dd9e6
SHA1 c22b3404838211eb406f0cc95d50763e945170d2
SHA256 b0dde628595f222f8c91afe695806e4251546f0812121605e4690aa26b5db8de
SHA512 c0db475a4580e2fe0fb386b5d22274c60b3fcea68e40cd7e2e11c75842727ec1b71fc5c59b206728caa2e974f13fbd6fa06ac433a75b6b95a51aa73b67440a3a

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 a6eb5eecb5b5501c4048a3283b2945a1
SHA1 76c949d5be55a0241bb72486ee967e07189a0819
SHA256 eeabc52a96c3f4e639fcc3ecca70862cee78ca4b6c9ddcb0dd8bf65a2785a950
SHA512 75fe17459a02a9320770398406b0a9ff009289f355a5e7a27164810c44a5dfffd2d6bbdee022c92b695d2c2e46dda88c76e3ee244bcc9bb204f200eb99eb1d0c

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 281e5efcad09b6fc5c2686858e3b506f
SHA1 bcd5a44caede3194fc731ecc50148d491bfc53b9
SHA256 60fcd17212dae30a7af331116dc2496c0b35c0f47c5170ed476e65505372e8d5
SHA512 9fe0e0249a395b38309ed263e00fd848ce0ffff385f767d4d6e35689e3e8e939805cdd1ead6b931b5cf8afa16ac32e1ce96ef82284a0d901015ea5340fdb7516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt

MD5 8cb2ea6dd08a6bd274e499553aa8c8e5
SHA1 97721ac92f9ad117e1d47b8987f56fe454b5b53d
SHA256 8fbd038bdb4a3d1980f8bca7a893629f369c7e09fdfaa53876ec1bf36ed7cd3a
SHA512 310fa4cd412d6b84c0c1652791f55388a43fd0c6133b23c9128376272fdf9ee443b3a57b7bb953c8f1087f1217c8f99fc29008f5771a051003686a6abf324e66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 61d6f1b0372adc2d96bdb3888512568a
SHA1 a411ae9a28a04f6c46cb158e84b360f19c3e5b82
SHA256 20b591ca2dee4912535a6ab94eeda9ec190aa54eeb728b7600dc21a969e51994
SHA512 ef1d754eb1b026cfe0962fe4f9c1aa3ade516ef7db691027b44202cdd62bfb70d2e61d980690c5c7cf232c53daa92d228eca92522dd1b6b5d30b6cb1fa7c2482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587c30.TMP

MD5 4affcaafbb51b8affbb2ccdae11dd61e
SHA1 2d9c58a94df3341ea9a08313f1c9af24e27f0fe7
SHA256 0af47b1a83e21bc725c60f54df89b00ca0f3b9b1e29648bcdf2b77a2b52b342a
SHA512 34cec42feac70d8d5253c0ff4c08d1713745bf47182398f85a0353b5598e84629ae132ef99b87a3cd509324340b821e05688ba23eae0e014f299fa3726f4520a

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 e605ab1a72964020bb97b16271e4a0d9
SHA1 f29b645c884dcc22ee40d152bd18f9463c13ad69
SHA256 72914ef6d1fa2f9aef489dcade612d096a5cc0697aee604a74c48867d3b189b8
SHA512 7ad68bf87c217ebbaf81a04fc1ed74e452922901dabb7179aea27726a64ffe7ed45e52b40e1d6990d34d5d3426640c947f78a99e3741d41baac819b5688571d3

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 eb5900a0a79285a5ff900d41c30a5d8e
SHA1 217db86b18b23250dcd69e464519738409cbcfef
SHA256 0d83f98186a9d9e3b185541d62bc6fbdf66a5368ba155e1deb0835e3157d17cf
SHA512 7315542516d4d3ea397a9ebf372bbb6e69f0eba7126e4773ce7f36456024f56510a525e98b9db9345a3204667347ed8d0f28c00c2f07c1e3d19d061a5c13159f

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 226fc04a84ab495bb582e29af05cab09
SHA1 693c538235bbeb2c07cfc8a9cd850bc51315ff3f
SHA256 ebec8378a0c96e153357237529109a6d9e5bd111602bf9c9dc7a5a50734914ab
SHA512 42c14cd4b4fc7335a3a5001054534ac292d3e336124586a4ffa45085cc6eaabb2158c8e8c892a68dc23d36ece26c1d7bea47b6edea16e0be2e8a63b25527894c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dea9f9a3a65522dfc86f1ef01ae7d46d
SHA1 af322595b739255aa2647fb7d62ffdbdeedb8068
SHA256 e015c23a820113383dc126e4c1670612cf73c8e740c143d213d6fb9f3adc2420
SHA512 1517eb1fa2b13c573bda14bd619b4565ffced2d33b8d9e0dfd54e9ed62a34747eee9567e46ea35ea19b7cef6e93ceed6621586c61c2ae4723bb98cfc5a2721b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a92b9ac00e3ebf12313c911b5b9181a7
SHA1 7e3cd9b75e6d946a82ded232ae8499ad2a80fcaa
SHA256 999c7a7a753fdc9ed74ccb05b02ddca911bd7025c79c5bb33a23ca68ad51c097
SHA512 9561d4a73e2e1ff2f55a317bbcf04beb39b49787e7db49b832b62b87acb03177ba24069ffe9ba5427752b06bcdbf9d1e0bdab2f782704e9dd33a2e616d88c1a6

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 366c7e70ddbe22a04bf1f6254fd3cb76
SHA1 f3d8b0b389fe3d64a80a08b5a80753bcbef4168e
SHA256 aa450962dbb7d8eda90f7c5743b98e7538fee31e9ee9fc3d2624f440d53cb76e
SHA512 0105db53a43327fecd7c675f1170e905987d7465c705b438cfa5586a40a3ea4e1694484bedacca50663ae542724a6d02bb93f22ee8bebc87959bc41a3872296c

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 dead5e62c4ee85e1774f35920da74f80
SHA1 b80658882970141941de0b3850d2ec1e683fab6c
SHA256 3b073ee252205366207c1c67fb84e4a084eaffef6f5531a62bc69e03c15c3713
SHA512 300e214c29b88303f5c216339870ead09d1ea8d2abd04503bb776662aa61130dc0e0d3385bf0e6b76f08e5267cd94ec6d84943811a9c23884127082e817ea0f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 42b0f78656e4705404c7bed87afaf54f
SHA1 d31d72e0daa3625473f1d454b1ae881951cdf39e
SHA256 db2d96f41e0de90a5f01035678c4ec2b95558f018e07ff9b217cb81deb0ea06a
SHA512 639332537a2e487c61bb248f8d1119375604a3cb93b469f2ded4a1320e0a28edfa736d35614b854da708b424c58aa5a3f9f4e85d75658e1802d629a3ce86810d

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 747e9fea893d38221e003fff69ca1581
SHA1 071a0dbf2fca5a685aaa459c364ed1db2113b16d
SHA256 28957f90652e842e5705125b10b56be5b53f818be212e5c2c764fb4491c3227a
SHA512 eda637a69b128c3f46e190945abee5fb632d5460ca482273266138088b2e66ed42c76bade8724eda37389129555c07740c5e58548cb55400218d157e34042d5f

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 eaeca6b0b5d667fb2eb511bc10efd72c
SHA1 65656fb5325d9142e6405bb9cc3bfc0b91fece99
SHA256 f62dfbfd9c53204a6217407279f22bfc55b46258a27cf5198357e5e1cba72a43
SHA512 0e06e8ccfa3e765d8b6f4d1c521b0ae06ff174f3a885e440f99787d5760f8646b130bdb9e9f2f5db5f7281873862e0a874b4b7232095637326b3079a531920e2

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 1c54a439d22e2dd58798712bdd1f2997
SHA1 33e4ab63aafa949c9bd9f1c4cd8c9381b4a97c64
SHA256 c0ce2aafdbf664383f6b6403e0c73a6a311733a1d3180baa4314c31bc2a62980
SHA512 89857fac027a2ad88499fbc8db9e491719814afc1bfdc8fa593a4516573212f86d598878b2757c541a3fe8d469c7c255b7c14bf25069035d269cc93b2bbfa128

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 09cb0f4f077adc38f8af8550eed69319
SHA1 c97cb066a313df0c9384782924c15eb50ad5e1a7
SHA256 af4cc3bfebb4f886c77ae9140c3c47d7274fb720db31f16240f42d79050101dc
SHA512 bca50e8b975789a17faa2114ce2c66955cf7bd0d6cbbefe14e8416031e2f352fce542521bf545d64b270034980fd58a99c5ba690a9cccc018f44c8785b2fd69c

memory/6296-3425-0x000001CFD19B0000-0x000001CFD1A06000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\6e734b5c-c1aa-4f3a-9e07-4ca39be12251\index-dir\the-real-index

MD5 9f65bddd86a0ec60c8aafa47adf5b7d3
SHA1 cc790e0bed89513f4a0e184a90f9d559d7719721
SHA256 e76908239123212c478b69e6ba255af198bea8f3739578b5e68f9b63359c436e
SHA512 8869ce5bdb780a1962d1eccbdbb3c2289ef217ce7c011cc4d6ae8418c680afe8be7c46977a2d268bee6c6298f6e77e43798e529c9e77ff38b9f80e3188094cb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\d5537ac5-916b-4829-a683-74d44c747017\index-dir\the-real-index

MD5 af859ccf67c910f31712dee4bf732c75
SHA1 6c41c5cfc102a0b60d22f11f58d90fffb1b263ca
SHA256 823b6cea9d7fa8c9d63b25c23b7f87a0ec1e1be30cba8cb67dc3f98138249955
SHA512 554cfbf145e8bbc57c287eea6fd67a065dfeef9c954c0ddca92c3113d6839db9617463429738584b71cb1ad0bf64aa13dc71b3edb536255319cfa690a850f009

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\6e734b5c-c1aa-4f3a-9e07-4ca39be12251\index-dir\the-real-index~RFe58ca7f.TMP

MD5 b061c546786b0425d9fee951de304abb
SHA1 ef3ff48b5302ea2ca1892e3e5201922b0b4c2bfa
SHA256 58aabb4168bf39df743cb2567667254054c973a74e43b8bda524d7bef414fc8a
SHA512 0d5dd05f22130467495267c4b2dd6a4543a50bbb6a2b2bf17d088f62552c998487c497854a25062bc20c9beb36bd0683f69c4ef51f75b919c7210cd929ba8c75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt

MD5 e67e9d0a1e1643f25323c89dfcb73fd1
SHA1 74e6196b92fc1b7382fcedbeb6e79d7285821765
SHA256 c1493531aeec64c428b9ef3aa623b98fd666556d060a4abdbb6f12393352a980
SHA512 e1054c971b058466a8d2d509462995bca06c18e467c7d6d1ead860d81f6845e28e16a5883c1bde8bf4875b3bc54c1e73389c3fc2ddfbc57254d3d7309efc6c5d

memory/6296-5084-0x000001CFD1A10000-0x000001CFD1A4A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\2870a65b\99ddd989_dec7da01\rsJSON.DLL

MD5 2ec13fba08ff20ac219f762509a766ff
SHA1 7a62fda6e3ca22d1edd181eca1c1a090accd1b28
SHA256 a66998441cf5a6be98d78abe2d2f3121012b7b30a45ffc9111dbd812c9a6d795
SHA512 86f2e480ef397ac48e376115f65c06d9b41e5daae2d98e27480cadb13474d86fa3acea20f9ced640344b3c6d3a5f4bc3072b8b529e55c52ac793da9d2c09dbff

memory/6296-5096-0x000001CFD1A90000-0x000001CFD1AC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\5c431604\99ddd989_dec7da01\rsLogger.DLL

MD5 bdf6337eef10d89ead58c97c4cc86eac
SHA1 d7ec026d4587bce1efd0fbd9d1d0099f6410b8e4
SHA256 247f904657ae110f6158598725de7de006318822e2f4739c6dc3407347a839cf
SHA512 185da0bb41b85192c7e79537d8796a8a56b0314a2f90a6a9f1fb9146bd673050e30315b4a7f1f50d090962fed334a76a49932e392ac44d3857d6997998f9b0cf

memory/6296-5106-0x000001CFD1A90000-0x000001CFD1ABA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\e7542aae\8718d589_dec7da01\rsAtom.DLL

MD5 ff00eb531015f056aa090d84c51cbeb5
SHA1 3eefa935448df905cdb9bbc8caf64e681185d638
SHA256 3ad34654b29f9b72c110a1e02f8b49546603a16175bb78e3635ab767dcc4c81c
SHA512 1e2c0bd5650717d3318b06ab22c2371ebbe734fef90b220ecdc14b79caa64022c166c799c7e5657ac0523ec9706424a67237942897feee775df2bdc98640afdb

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 7d5bfa735b37c024084376ffc80265ab
SHA1 bc174aed63f19aee2eaa7356e2a87faf7d00834e
SHA256 6bf70561c66fe78df0d7453ce789b0f176a9bc229b2997821a24904c733d1a74
SHA512 5441f765d32da2ba20e9440177619abb91cf7c75d004616cf3103b5b864ab7f012140d7a0d48ffef7998af5b813b15eb6f56778a5c77a7adc5e16a4dbadf9571

memory/6296-5117-0x000001CFD1BD0000-0x000001CFD1BFE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\8238a7f2\423fdc89_dec7da01\rsServiceController.DLL

MD5 9da18dc90cdc783e4d0c503949f25375
SHA1 ed0be1a19eb6391abe073901d6b54ef8292418a4
SHA256 4e7c131ee4c738212d3a6944543ae9a12c4edbbc5a892b39dc070292ad9fac47
SHA512 9f151d9d36f88aa01c9161874957ebd0a26735c8cd2eb5e7bd96930aecc6e556af56c644e84910a3e6b8aa644d4d63871f23ffe7fb48e7fd7c23e5bb3d1c0f5f

C:\Windows\System32\drivers\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/9744-5146-0x0000024A095F0000-0x0000024A0961E000-memory.dmp

memory/9744-5147-0x0000024A095F0000-0x0000024A0961E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 b2ec2559e28da042f6baa8d4c4822ad5
SHA1 3bda8d045c2f8a6daeb7b59bf52295d5107bf819
SHA256 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3
SHA512 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01

memory/9744-5160-0x0000024A09A20000-0x0000024A09A32000-memory.dmp

memory/9744-5161-0x0000024A0B230000-0x0000024A0B26C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/2808-5186-0x000001ED9C500000-0x000001ED9C866000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e509ef2dffa89a607d78ecc38e09ee11
SHA1 f231d07658dbbdf5ffa468190bd77d647f8bf1b4
SHA256 08fb5c250362d24cf72271043b81dc743609ce6763a5a9785740225c2bb397fe
SHA512 b23cbbbe67d54c7a9522476b92788746f6501dff6e568bc18abf4f3f69bba6ea8e72c28f77144b0b67feeb332e18ba1aa029b4060ea4d1adaac6cfa13650ae2e

memory/2808-5196-0x000001ED9C870000-0x000001ED9C9EC000-memory.dmp

memory/2808-5198-0x000001ED839E0000-0x000001ED83A02000-memory.dmp

memory/2808-5197-0x000001ED83990000-0x000001ED839AA000-memory.dmp

memory/2236-5200-0x00000234A2220000-0x00000234A227C000-memory.dmp

memory/2236-5201-0x00000234A3F50000-0x00000234A3F78000-memory.dmp

memory/2236-5202-0x00000234BC820000-0x00000234BC87A000-memory.dmp

memory/2236-5203-0x00000234A2220000-0x00000234A227C000-memory.dmp

memory/2236-5213-0x00000234BC7C0000-0x00000234BC7F2000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 2afb72ff4eb694325bc55e2b0b2d5592
SHA1 ba1d4f70eaa44ce0e1856b9b43487279286f76c9
SHA256 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e
SHA512 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

memory/2236-5214-0x00000234BCEA0000-0x00000234BD4B8000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 fd0e7cfaf345208087058193c14ad94f
SHA1 209f1f9a606dce22f8ad5951aa4d89db82bcc78e
SHA256 442131369df477573e1f9d28591c8b87fb53953c424a7b978c1a1bc1ea4e8da3
SHA512 83f8e72baab361f901789a20921cf0ddf9fbecc561bd744b780b6b071ee2969e7d0b147bcda162ddf0a3e438e927dd7e8f1d04d68f7e6ab4bf5c9eb15fe15548

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 705ace5df076489bde34bd8f44c09901
SHA1 b867f35786f09405c324b6bf692e479ffecdfa9c
SHA256 f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950
SHA512 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

memory/2236-5244-0x00000234BD720000-0x00000234BD97E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35a908497a13e5ff3046511c711b42f1
SHA1 4249194565ec35c8cc4ca6ead47bae6c5cce00f8
SHA256 e7b8c3d4a4812285d9c47b4585260bddea83576b7834d8cb2f9b2a528d6aac91
SHA512 eefabd3a71a887ff652b506670b27df5d0310b581463713f295e10e14836af32b60fb3bf038b0fbec89f3f3e3ad16e3e23309198ce6a8dd302be660f49544667

memory/8416-5257-0x000001DBC90B0000-0x000001DBC90D4000-memory.dmp

memory/8416-5258-0x000001DBE18F0000-0x000001DBE1920000-memory.dmp

memory/8416-5259-0x000001DBE19F0000-0x000001DBE1A28000-memory.dmp

memory/8416-5260-0x000001DBE1A30000-0x000001DBE1A62000-memory.dmp

memory/8416-5261-0x000001DBE2020000-0x000001DBE20A4000-memory.dmp

memory/8416-5382-0x000001DBE1AD0000-0x000001DBE1B2E000-memory.dmp

memory/3184-5383-0x000001A774810000-0x000001A774838000-memory.dmp

memory/8416-5384-0x000001DBE1A70000-0x000001DBE1AA4000-memory.dmp

memory/3184-5386-0x000001A776FA0000-0x000001A777134000-memory.dmp

memory/8416-5385-0x000001DBE19B0000-0x000001DBE19D8000-memory.dmp

memory/3184-5387-0x000001A774810000-0x000001A774838000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 6895e7ce1a11e92604b53b2f6503564e
SHA1 6a69c00679d2afdaf56fe50d50d6036ccb1e570f
SHA256 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177
SHA512 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog

MD5 789f18acca221d7c91dcb6b0fb1f145f
SHA1 204cc55cd64b6b630746f0d71218ecd8d6ff84ce
SHA256 a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63
SHA512 eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62

memory/8416-5415-0x000001DBE20F0000-0x000001DBE211E000-memory.dmp

memory/8416-5417-0x000001DBE25B0000-0x000001DBE2919000-memory.dmp

memory/8416-5416-0x000001DBE2180000-0x000001DBE21DE000-memory.dmp

memory/8416-5418-0x000001DBE2120000-0x000001DBE216F000-memory.dmp

memory/3144-5420-0x00000229FC7A0000-0x00000229FC7CE000-memory.dmp

memory/3144-5419-0x00000229FD980000-0x00000229FDC70000-memory.dmp

memory/8416-5421-0x000001DBE2BB0000-0x000001DBE2E36000-memory.dmp

memory/8416-5424-0x000001DBE2290000-0x000001DBE22F6000-memory.dmp

memory/3144-5435-0x00000229FCFF0000-0x00000229FD028000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\b1331bd1\47105276_eeb0da01\rsStubLib.dll

MD5 fa4e3d9b299da1abc5f33f1fb00bfa4f
SHA1 9919b46034b9eff849af8b34bc48aa39fb5b6386
SHA256 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96
SHA512 d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680

memory/8416-5455-0x000001DBE1920000-0x000001DBE1946000-memory.dmp

memory/8416-5454-0x000001DBE2300000-0x000001DBE233A000-memory.dmp

C:\Program Files\ReasonLabs\VPN\Uninstall.exe

MD5 410d4e81be560d860339e12ac63acb68
SHA1 06a9f74874c76eba0110cdd720dd1e66aa9c271a
SHA256 e4a8d1e07f851be8070dd9b74255e9dd8b49262c338bfb6ef1537edd8f088498
SHA512 4bbffeef276ce9b8fdd6d767ba00066309eee0f65e49cea999d48d1e8688c73d7011ed1301a668c69814457caad3981167a1e3fe2021329dd8fc05659103fb3a

memory/8416-5465-0x000001DBE2250000-0x000001DBE227A000-memory.dmp

memory/8416-5466-0x000001DBE29D0000-0x000001DBE2A36000-memory.dmp

memory/8416-5467-0x000001DBE41F0000-0x000001DBE4794000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bee6c876767708544b99e3eeb2038692
SHA1 2c63b224901e4a675397e0eb0a9a17224d4d6739
SHA256 0a3728160044993c3b3e614bd1c581f461df71a3e42d9c5becb46f0c07f5a5ae
SHA512 28cda74a45b529e1faf0974f97479150e0c02e326e0002ea533e9c71bd8fe042f1e8d69a181ecc19d1100beef11cb74910105b509d1b9f22455017c0552bdd47

memory/3144-5479-0x00000229FD600000-0x00000229FD65E000-memory.dmp

memory/3144-5481-0x00000229FD730000-0x00000229FD73A000-memory.dmp

memory/3144-5480-0x00000229FD700000-0x00000229FD716000-memory.dmp

memory/3144-5482-0x00000229FDD20000-0x00000229FDD28000-memory.dmp

memory/3144-5483-0x00000229FDD30000-0x00000229FDD3A000-memory.dmp

memory/3144-5484-0x00000229FEB50000-0x00000229FEB72000-memory.dmp

memory/3144-5501-0x00000229FD7F0000-0x00000229FD7F8000-memory.dmp

C:\Program Files\ReasonLabs\VPN\ui\VPN.exe

MD5 4d7d8dc78eed50395016b872bb421fc4
SHA1 e546044133dfdc426fd4901e80cf0dea1d1d7ab7
SHA256 b20d4193fdf0fe9df463c9573791b9b8a79056812bb1bba2db1cf00dd2df4719
SHA512 6c0991c3902645a513bdee7288ad30c34e33fca69e2f2f45c07711f7b2fdc341336d6f07652e0d9e40fbac39c35940eda0715e19ef9dfa552a46e09e23f56fdf

memory/6296-5794-0x000001CFD0D50000-0x000001CFD0D98000-memory.dmp

C:\Program Files\ReasonLabs\VPN\rsEngine.Core.dll

MD5 96cbdd0c761ad32e9d5822743665fe27
SHA1 c0a914d4aa6729fb8206220f84695d2f8f3a82ce
SHA256 cc3f60b37fec578938ee12f11a6357c45e5a97bd3bccdeb8e5efb90b1649a50b
SHA512 4dde7e5fb64ee253e07a40aaf8cbc4ddaaeeeafc6aeb33e96bc76c8110f26e2c3809a47266cb7503cbc981c6cb895f3eaae8743d07d6434997684e8d6a3d8eb0

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\b5b436d7\ad669397_dec7da01\rsJSON.DLL

MD5 8528610b4650860d253ad1d5854597cb
SHA1 def3dc107616a2fe332cbd2bf5c8ce713e0e76a1
SHA256 727557ec407cadd21aa26353d04e6831a98d1fa52b8d37d48e422d3206f9a9c4
SHA512 dd4ff4b6d8bc37771416ceb8bd2f30d8d3d3f16ef85562e8485a847a356f3644d995942e9b1d3f9854c5b56993d9488e38f5175f3f430e032e4091d97d4d1f7d

memory/6296-6219-0x000001CFD0E40000-0x000001CFD0E78000-memory.dmp

memory/6296-6232-0x000001CFD0EC0000-0x000001CFD0EF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\57b83388\ad669397_dec7da01\rsLogger.DLL

MD5 148dc2ce0edbf59f10ca54ef105354c3
SHA1 153457a9247c98a50d08ca89fad177090249d358
SHA256 efe944c3ae3ad02011e6341aa9c2aab25fb8a17755ea2596058d70f8018122a4
SHA512 10630bd996e9526147b0e01b16279e96a6f1080a95317629ecb61b83f9ebee192c08201873ff5df2de82d977558b2eeb0e4808667083cd0f3bf9f195db4890d5

memory/6296-6242-0x000001CFD0EC0000-0x000001CFD0EEA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\6eba594a\e8a18e97_dec7da01\rsAtom.DLL

MD5 3ae6f007b30db9507cc775122f9fc1d7
SHA1 ada34eebb84a83964e2d484e8b447dca8214e8b7
SHA256 892a7ee985715c474a878f0f27f6832b9782d343533e68ae405cd3f20d303507
SHA512 5dd37e9f2ac9b2e03e0d3fd6861c5a7dcb71af232672083ac869fc7fae34ac1e1344bdfabe21c98b252edd8df641f041c95ea669dc4ebb495bf269d161b63e5f

C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\ab9e8ae8\ad669397_dec7da01\rsServiceController.DLL

MD5 8e10c436653b3354707e3e1d8f1d3ca0
SHA1 25027e364ff242cf39de1d93fad86967b9fe55d8
SHA256 2e55bb3a9cdef38134455aaa1ef71e69e1355197e2003432e4a86c0331b34e53
SHA512 9bd2a1ae49b2b3c0f47cfefd65499133072d50628fec7da4e86358c34cf45d1fdb436388b2dd2af0094a9b6f7a071fb8453cf291cf64733953412fdf2457d98e

memory/6296-6264-0x000001CFD0F50000-0x000001CFD0F7E000-memory.dmp

C:\Program Files\ReasonLabs\VPN\rsEngine.config

MD5 04be4fc4d204aaad225849c5ab422a95
SHA1 37ad9bf6c1fb129e6a5e44ddbf12c277d5021c91
SHA256 6f8a17b8c96e6c748ebea988c26f6bcaad138d1fe99b9f828cd9ff13ae6a1446
SHA512 4e3455a4693646cdab43aef34e67dd785fa90048390003fa798a5bfcde118abda09d8688214cb973d7bbdd7c6aefc87201dceda989010b28c5fffc5da00dfc26

memory/7744-6277-0x0000022E98F30000-0x0000022E98F68000-memory.dmp

memory/7744-6278-0x0000022EB3360000-0x0000022EB33B4000-memory.dmp

memory/7744-6279-0x0000022EB3330000-0x0000022EB335C000-memory.dmp

memory/7744-6284-0x0000022E98F30000-0x0000022E98F68000-memory.dmp

memory/7744-6294-0x0000022EB3520000-0x0000022EB3558000-memory.dmp

memory/7744-6295-0x0000022EB3560000-0x0000022EB3592000-memory.dmp

memory/7744-6296-0x0000022EB35A0000-0x0000022EB35C4000-memory.dmp

C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog

MD5 db3e60d6fe6416cd77607c8b156de86d
SHA1 47a2051fda09c6df7c393d1a13ee4804c7cf2477
SHA256 d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd
SHA512 aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee

memory/7744-6326-0x0000022EB41E0000-0x0000022EB43EE000-memory.dmp

memory/9592-6330-0x0000021EDCB20000-0x0000021EDCB60000-memory.dmp

memory/9592-6331-0x0000021EDCB60000-0x0000021EDCBA0000-memory.dmp

memory/9592-6334-0x0000021EDCBA0000-0x0000021EDCBD4000-memory.dmp

memory/9592-6335-0x0000021EC4100000-0x0000021EC412C000-memory.dmp

memory/9592-6336-0x0000021EDCBE0000-0x0000021EDCC04000-memory.dmp

memory/9592-6337-0x0000021EDCC10000-0x0000021EDCC36000-memory.dmp

memory/8416-6338-0x000001DBE3C40000-0x000001DBE3C82000-memory.dmp

memory/8416-6340-0x000001DBE3F10000-0x000001DBE4190000-memory.dmp

memory/9592-6341-0x0000021EDCD20000-0x0000021EDCD7E000-memory.dmp

memory/9592-6344-0x0000021EDD070000-0x0000021EDD0A6000-memory.dmp

memory/9592-6345-0x0000021EDD0B0000-0x0000021EDD0D4000-memory.dmp

memory/9592-6346-0x0000021EDD0E0000-0x0000021EDD106000-memory.dmp

memory/9592-6349-0x0000021EDDD70000-0x0000021EDDDE0000-memory.dmp

memory/8416-6350-0x000001DBE3C90000-0x000001DBE3CC2000-memory.dmp

memory/8416-6351-0x000001DBE2960000-0x000001DBE2968000-memory.dmp

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 d13bddae18c3ee69e044ccf845e92116
SHA1 31129f1e8074a4259f38641d4f74f02ca980ec60
SHA256 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0
SHA512 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 afb68bc4ae0b7040878a0b0c2a5177de
SHA1 ed4cac2f19b504a8fe27ad05805dd03aa552654e
SHA256 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b
SHA512 ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 10a8f2f82452e5aaf2484d7230ec5758
SHA1 1bf814ddace7c3915547c2085f14e361bbd91959
SHA256 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b
SHA512 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.5\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.5\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7db93df7-1004-4225-a605-010abccc70e8.tmp

MD5 366009e9b5ab58398fa852ef62f9f1e5
SHA1 b26688b118dbe3fa9ed0a5e888cf8b2fa10b15fd
SHA256 c5ebc7453fd52a0bac3a74e36ea3b4e03bcebb90f878199aed85a4d2d6a6ba61
SHA512 b2dc4eb2bf6fd8c8d4e2b440300eee2eb88840e41b2412cfa8c45d93f9a5f02fa89853056c63f8bd7a4b8deb2b5b4904222958ec284f3331b64cd11bc3ba08b0