Analysis Overview
Threat Level: Known bad
The file https://www.dobreprogramy.pl/adobe-reader-xi,program,windows,6628430196016769 was found to be: Known bad.
Malicious Activity Summary
Cobalt Strike reflective loader
Cobaltstrike
Drops file in Drivers directory
Downloads MZ/PE file
Checks BIOS information in registry
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Blocklisted process makes network request
Checks for any installed AV software in registry
Enumerates connected drives
Modifies powershell logging option
Adds Run key to start application
Checks installed software on the system
Checks system information in the registry
Drops file in System32 directory
AutoIT Executable
Drops file in Program Files directory
Enumerates physical storage devices
Modifies system certificate store
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 15:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 15:34
Reported
2024-06-26 15:36
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Cobalt Strike reflective loader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Cobaltstrike
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV | C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV | C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
Modifies powershell logging option
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD96F9183ADE69B6DF458457F594566C_0B30ED1FB81688B36E482671AA637917 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49855FCDFA62840A2838AEF1EFAC3C9B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_330B78668586CC1C5060B7886AA9A046 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07A7CCFBD28A674D95D3BF853C9007C6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\rsVPNSvc\WireGuard\log.bin | C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_ACC1A26A3F5A815A00C8D5589432921F | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_A9EE277304DA2D14A89C02B3BCD726BA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49855FCDFA62840A2838AEF1EFAC3C9B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_3A58CFC115108405B8F1F6C1914449B7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A76F24BEACC5A31C76BB70908923C3E0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07A7CCFBD28A674D95D3BF853C9007C6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_ACC1A26A3F5A815A00C8D5589432921F | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7850C7BAFAC9456B4B92328A61976502_A9EE277304DA2D14A89C02B3BCD726BA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD96F9183ADE69B6DF458457F594566C_0B30ED1FB81688B36E482671AA637917 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A76F24BEACC5A31C76BB70908923C3E0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D97B1EC1F43DD6ED4FE7AB95E144BC_330B78668586CC1C5060B7886AA9A046 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nl-NL.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-it-IT.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nb-NO.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\VPN\DotRas.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3159551003\icon_laptop.png | C:\Users\Admin\AppData\Local\Temp\_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-cs-CZ.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.css | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\VPN\OpenVPN\legacy\i386\OemVista.inf | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Principal.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-CA.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\downloadscan.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-shared-pt-PT.js | C:\Users\Admin\AppData\Local\Temp\_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-install-ko-KR.js | C:\Users\Admin\AppData\Local\Temp\_files\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Xml.XPath.XDocument.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\preprocessors.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\vulkan-1.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.ComponentModel.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Threading.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3159551003\settingmanager.cab | C:\Users\Admin\AppData\Local\Temp\_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\chromebasedbrowserversion.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\x64\rsYara-x64.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-tr-TR.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.Tools.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-FR.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.ComponentModel.TypeConverter.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Runtime.Serialization.Xml.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Diagnostics.StackTrace.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_0.png | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nl-NL.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\ipc_stats_handler.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_ai.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-BR.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\el.pak | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\DNS\lists\smart_threat_intelligence_feeds.txt | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-install-tr-TR.js | C:\Users\Admin\AppData\Local\Temp\_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxytypehandler.luc | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\download_scan_ui.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\amd64\msdia140.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\Dia2Lib.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\VPN\Microsoft.Win32.TaskScheduler.dll | C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3159551003\wa-common.css | C:\Users\Admin\AppData\Local\Temp\_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp3159551003\jslang\wa-res-install-hu-HU.js | C:\Users\Admin\AppData\Local\Temp\_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-CN.js | C:\Program Files\McAfee\Temp3159551003\installer.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \Registry\Machine\Hardware\Description\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version\ = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version\ = "1.0" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\DownloadScan.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\win32\\WSSDep.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\ = "ScannerAPI Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Programmable | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Programmable | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\ = "ScannerAPI Class" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB\Blob = 040000000100000010000000866912c070f1ecacacc2d5bca55ba1290f0000000100000020000000489ff6233f3d3c5da77604be230745657fe488cb05257da551bfd64c1f179e720b0000000100000052000000530053004c002e0063006f006d00200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f0072006900740079002000520053004100000009000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b0601050507030862000000010000002000000085666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b69140000000100000014000000dd040907a2f57a7d5253129295ee3880250da6591d00000001000000100000000d48ee33d7f1af8f4b002527f82a344a030000000100000014000000b7ab3308d1ea4477ba1480125a6fbda936490cbb190000000100000010000000787d09f953c59978ecd8d6e44b38e24f2000000001000000e1050000308205dd308203c5a00302010202087b2c9bd316803299300d06092a864886f70d01010b0500307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f7269747920525341301e170d3136303231323137333933395a170d3431303231323137333933395a307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f726974792052534130820222300d06092a864886f70d01010105000382020f003082020a0282020100f90fdda32b7dcbd02afeec6785a6e72e1bba77e1e3f5afa4ecfa4a5d91c457476b18776b76f2fd93e43d0fc2169e0b66c356949e178385ce56eff216fd0062f5220954e865174e41b9e04f4697aa1bc8b86e625e69b15fdb2a027efc6ccaf341d8edd0e8fc3f6148edb003141d100e4b19e0bb4eec8665ff36f35e67020b9d865561fd7a38edfee21900b76fa1506275743ca0fac82592b46e7a22c7f81ea1e3b2dd9131ab2b1d04ffa54a0437e985a4332bfde2d655347c19a44a68c7b2a8d3b7caa19388ebc197bc8cf91dd922842474c7043d6aa92993ccebb85be1fe5f25aa3458c8c123549d1b9811c3389c7e3d866ca50f40867c02f45c024f28cbae719f0f3ac833fe112535eafcbac5603dd97c18d5b2a9d37578037222ca3ac31fef2ce52ea9fa9e2cb65146fdaf03d6ea6068ea8516366b85e91ec0b3ddc424dc802a81416d943ec8e0c98141009e5ebf7fc50898a2182c4240b3f96f38274b4e80f43d8147e0887cea1cceb5755c512e1c2b7f1a7228e700b5d174c6d7e49fad0793b6533535fc37e4c3f65d16be2173de920af8a0636abc96926a3ef8bc65559bdef50d892604fc251aa62569cbc26dca7ce2595f97acebef2ec8bcd71b593c2bccf219c8936b276319cffce926f8ca719b7f93fe3467844e99ebfcb378093370ba66a676ed1b73eb1aa50dc422132094560a4e2c6c4eb1fdcf9c09baa233ed870203010001a3633061301d0603551d0e04160414dd040907a2f57a7d5253129295ee3880250da659300f0603551d130101ff040530030101ff301f0603551d23041830168014dd040907a2f57a7d5253129295ee3880250da659300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002018119429fb269d1c1e1e7061f19572937124ad6893588e32af1bb37003fc252b7485903d786af4b98ba5973bb51891bb1ea7f9405b91f95599af1e11d05c1da766e3b194070c3239a6ea1bb079d81d9c7044e38addc4f9951f8a38433f0185a547a73d46b2bce52268f77b9cd82c3e0a21c82d33acbfc581993174c17571c5beb1f02345f49d6bfc19639da3bc04c6180b25bb53890fb38050de45ee447fab94786498d3f628dd87d8706574fb0eb913eba70f61a93296ccdebbed634c18bba940f7a0546e2088717518ea7ab43472e02327775cb690ea862540abef330fcb9f82bea220fbf6b52d1ae6c285b1740ffbc86502a4520147dd4922c1bfd8eb6bac7edeec633315b723088fc60f8d415add8ec5b98fe5453f78dbbad21b40b1fe714d3fe081a2ba5eb4ec15e093dd081f7ee155990b21de939e0afbe6a349bd3630fee777b2a07597b52d8188176520f7da90009fc952cc32ca357cf53d0fd82bd7f5266cc906349616ea70591a3279790bb6887f0f52483dbf6cd8a2442ed14eb77258d3891395fe44abf8d78b1b6e9cbc2ca05bd56a00af5f37e1d5fa100b989c86e7268fcef0ec6e8a570b80e34eb2c0a0636190ba556837746ab692db9fa18622b665270eecb69f4260e467c2b5da410bc4d38b611bbcfa1f912bd744075eba29acd9c5e9ef53485aeb80f1285821cdb00655fb273f539070a9041e5727b9 | C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB | C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB\Blob = 5c000000010000000400000000100000190000000100000010000000787d09f953c59978ecd8d6e44b38e24f030000000100000014000000b7ab3308d1ea4477ba1480125a6fbda936490cbb1d00000001000000100000000d48ee33d7f1af8f4b002527f82a344a140000000100000014000000dd040907a2f57a7d5253129295ee3880250da65962000000010000002000000085666a562ee0be5ce925c1d8890a6f76a87ec16d4d7d5f29ea7419cf20123b6909000000010000004c000000304a06082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080b0000000100000052000000530053004c002e0063006f006d00200052006f006f0074002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900200052005300410000000f0000000100000020000000489ff6233f3d3c5da77604be230745657fe488cb05257da551bfd64c1f179e72040000000100000010000000866912c070f1ecacacc2d5bca55ba1292000000001000000e1050000308205dd308203c5a00302010202087b2c9bd316803299300d06092a864886f70d01010b0500307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f7269747920525341301e170d3136303231323137333933395a170d3431303231323137333933395a307c310b3009060355040613025553310e300c06035504080c0554657861733110300e06035504070c07486f7573746f6e31183016060355040a0c0f53534c20436f72706f726174696f6e3131302f06035504030c2853534c2e636f6d20526f6f742043657274696669636174696f6e20417574686f726974792052534130820222300d06092a864886f70d01010105000382020f003082020a0282020100f90fdda32b7dcbd02afeec6785a6e72e1bba77e1e3f5afa4ecfa4a5d91c457476b18776b76f2fd93e43d0fc2169e0b66c356949e178385ce56eff216fd0062f5220954e865174e41b9e04f4697aa1bc8b86e625e69b15fdb2a027efc6ccaf341d8edd0e8fc3f6148edb003141d100e4b19e0bb4eec8665ff36f35e67020b9d865561fd7a38edfee21900b76fa1506275743ca0fac82592b46e7a22c7f81ea1e3b2dd9131ab2b1d04ffa54a0437e985a4332bfde2d655347c19a44a68c7b2a8d3b7caa19388ebc197bc8cf91dd922842474c7043d6aa92993ccebb85be1fe5f25aa3458c8c123549d1b9811c3389c7e3d866ca50f40867c02f45c024f28cbae719f0f3ac833fe112535eafcbac5603dd97c18d5b2a9d37578037222ca3ac31fef2ce52ea9fa9e2cb65146fdaf03d6ea6068ea8516366b85e91ec0b3ddc424dc802a81416d943ec8e0c98141009e5ebf7fc50898a2182c4240b3f96f38274b4e80f43d8147e0887cea1cceb5755c512e1c2b7f1a7228e700b5d174c6d7e49fad0793b6533535fc37e4c3f65d16be2173de920af8a0636abc96926a3ef8bc65559bdef50d892604fc251aa62569cbc26dca7ce2595f97acebef2ec8bcd71b593c2bccf219c8936b276319cffce926f8ca719b7f93fe3467844e99ebfcb378093370ba66a676ed1b73eb1aa50dc422132094560a4e2c6c4eb1fdcf9c09baa233ed870203010001a3633061301d0603551d0e04160414dd040907a2f57a7d5253129295ee3880250da659300f0603551d130101ff040530030101ff301f0603551d23041830168014dd040907a2f57a7d5253129295ee3880250da659300e0603551d0f0101ff040403020186300d06092a864886f70d01010b050003820201002018119429fb269d1c1e1e7061f19572937124ad6893588e32af1bb37003fc252b7485903d786af4b98ba5973bb51891bb1ea7f9405b91f95599af1e11d05c1da766e3b194070c3239a6ea1bb079d81d9c7044e38addc4f9951f8a38433f0185a547a73d46b2bce52268f77b9cd82c3e0a21c82d33acbfc581993174c17571c5beb1f02345f49d6bfc19639da3bc04c6180b25bb53890fb38050de45ee447fab94786498d3f628dd87d8706574fb0eb913eba70f61a93296ccdebbed634c18bba940f7a0546e2088717518ea7ab43472e02327775cb690ea862540abef330fcb9f82bea220fbf6b52d1ae6c285b1740ffbc86502a4520147dd4922c1bfd8eb6bac7edeec633315b723088fc60f8d415add8ec5b98fe5453f78dbbad21b40b1fe714d3fe081a2ba5eb4ec15e093dd081f7ee155990b21de939e0afbe6a349bd3630fee777b2a07597b52d8188176520f7da90009fc952cc32ca357cf53d0fd82bd7f5266cc906349616ea70591a3279790bb6887f0f52483dbf6cd8a2442ed14eb77258d3891395fe44abf8d78b1b6e9cbc2ca05bd56a00af5f37e1d5fa100b989c86e7268fcef0ec6e8a570b80e34eb2c0a0636190ba556837746ab692db9fa18622b665270eecb69f4260e467c2b5da410bc4d38b611bbcfa1f912bd744075eba29acd9c5e9ef53485aeb80f1285821cdb00655fb273f539070a9041e5727b9 | C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 492270.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe | N/A |
| N/A | N/A | C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe | N/A |
| N/A | N/A | C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe | N/A |
| N/A | N/A | C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe | N/A |
| N/A | N/A | C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe | N/A |
| N/A | N/A | C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dobreprogramy.pl/adobe-reader-xi,program,windows,6628430196016769
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba57446f8,0x7ffba5744708,0x7ffba5744718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5140 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x3a4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe
"C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe"
C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe
"C:\Users\Admin\Downloads\adobe-reader-xi-6628430196016769-AsystentPobierania_v1.012.321.744.exe"
C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe" -ip:"dui=d494ac732c1bacb33c2e70ea26ad5777b73c4bd3&dit=20240626153564366&is_silent=true&oc=DOT_RAV_Cross_Tri_NCB&p=e037&a=100&b=em&se=true" -vp:"dui=d494ac732c1bacb33c2e70ea26ad5777b73c4bd3&dit=20240626153564366&oc=DOT_RAV_Cross_Tri_NCB&p=e037&a=100&oip=26&ptl=7&dta=true" -dp:"dui=d494ac732c1bacb33c2e70ea26ad5777b73c4bd3&dit=20240626153564366&oc=DOT_RAV_Cross_Tri_NCB&p=e037&a=100" -i -v -d
C:\Users\Admin\AppData\Local\Temp\_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp3159551003\installer.exe
"C:\Program Files\McAfee\Temp3159551003\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Users\Admin\AppData\Local\Temp\ylex5els.exe
"C:\Users\Admin\AppData\Local\Temp\ylex5els.exe" /silent
C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe
"C:\Users\Admin\Downloads\AdbeRdr11000_pl_PL.exe"
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wp.pl/?src02=dp_desktop&src01=3t88r
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffba57446f8,0x7ffba5744708,0x7ffba5744718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\setup.exe /msi DISABLE_CACHE=1
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\SysWOW64\msiexec.exe
msiexec.exe /i "C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1045-7B44-AB0000000001}\AcroRead.msi" DISABLE_CACHE=1 REBOOT="ReallySuppress"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1D4138840424E7744EE0AA1F98ADDAE8 C
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,684665535934199260,4267468866921225205,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6076 /prefetch:2
C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe"
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe" -i -i
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
"C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe"
\??\c:\program files\reasonlabs\epp\rsHelper.exe
"c:\program files\reasonlabs\epp\rsHelper.exe"
\??\c:\program files\reasonlabs\VPN\ui\VPN.exe
"c:\program files\reasonlabs\VPN\ui\VPN.exe" --minimized --focused --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\VPN\ui\app.asar" --engine-path="c:\program files\reasonlabs\VPN" --minimized --focused --first-run
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
\??\c:\program files\reasonlabs\EPP\ui\EPP.exe
"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2612 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --mojo-platform-channel-handle=2816 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3268 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2576 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2952 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3344 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3892 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN" --app-user-model-id=com.reasonlabs.vpn --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3896 --field-trial-handle=2616,i,15149230970840705628,2495111598189080258,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4308 --field-trial-handle=2588,i,2675094646971967400,12646265563073763967,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dobreprogramy.pl | udp |
| PL | 212.77.98.131:443 | www.dobreprogramy.pl | tcp |
| US | 8.8.8.8:53 | www.wp.pl | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | v.wpimg.pl | udp |
| PL | 212.77.99.26:443 | v.wpimg.pl | tcp |
| PL | 212.77.98.9:443 | www.wp.pl | tcp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| GB | 142.250.180.2:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | ads.businessclick.com | udp |
| US | 8.8.8.8:53 | an.facebook.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.pushpushgo.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.98.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.99.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.98.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | i.connectad.io | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | wirtualn-d.openx.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | wp.hit.gemius.pl | udp |
| PL | 212.77.101.100:443 | wp.hit.gemius.pl | tcp |
| US | 8.8.8.8:53 | ls.hit.gemius.pl | udp |
| PL | 146.59.30.100:443 | ls.hit.gemius.pl | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.101.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| PL | 212.77.99.26:443 | v.wpimg.pl | tcp |
| US | 8.8.8.8:53 | 100.30.59.146.in-addr.arpa | udp |
| PL | 212.77.98.131:443 | www.dobreprogramy.pl | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.180.27:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | s-eu-1.pushpushgo.com | udp |
| DE | 51.195.31.125:443 | s-eu-1.pushpushgo.com | tcp |
| GB | 142.250.180.27:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | 27.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.31.195.51.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| DK | 37.157.3.26:443 | adx.adform.net | tcp |
| US | 104.22.55.206:443 | i.connectad.io | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | delivery.clickonometrics.pl | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| FR | 91.134.222.90:443 | delivery.clickonometrics.pl | tcp |
| DE | 3.122.39.66:443 | btlr.sharethrough.com | tcp |
| DE | 3.122.39.66:443 | btlr.sharethrough.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| NL | 89.149.192.240:443 | prg.smartadserver.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.55.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.222.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.39.122.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wideo.wp.pl | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| PL | 212.77.106.3:443 | wideo.wp.pl | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | ssp.wp.pl | udp |
| PL | 212.77.99.29:443 | ssp.wp.pl | tcp |
| US | 8.8.8.8:53 | pixel6.wp.pl | udp |
| US | 8.8.8.8:53 | ssp.goadservices.com | udp |
| PL | 212.77.99.121:443 | ssp.goadservices.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.106.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 29.99.77.212.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 98f1d1a1d5506573d523553265bb5a2d.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | 98f1d1a1d5506573d523553265bb5a2d.safeframe.googlesyndication.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | tcp |
| DK | 37.157.6.232:443 | c1.adform.net | tcp |
| NL | 89.149.192.201:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.213.1:443 | cdn.ampproject.org | tcp |
| GB | 216.58.213.1:443 | cdn.ampproject.org | tcp |
| GB | 216.58.213.1:443 | cdn.ampproject.org | tcp |
| GB | 216.58.213.1:443 | cdn.ampproject.org | tcp |
| GB | 216.58.213.1:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 121.99.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 185.235.86.163:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.230:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| FR | 178.32.197.53:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cdn.connectad.io | udp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| US | 8.8.8.8:53 | t.visx.net | udp |
| BE | 35.210.138.51:443 | t.visx.net | tcp |
| US | 18.245.175.44:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | sync-eu.connectad.io | udp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| DE | 18.196.242.157:443 | ih.adscale.de | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| US | 35.244.159.8:443 | wirtualn-d.openx.net | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| SE | 23.34.233.229:443 | eus.rubiconproject.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 64.158.223.137:443 | equativ-match.dotomi.com | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.138.210.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.242.196.18.in-addr.arpa | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.244.159.8:443 | wirtualn-d.openx.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | sync.ortb.152media.info | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| GB | 185.83.71.234:443 | sync.ortb.152media.info | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.71.83.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| BR | 142.250.79.3:443 | csi.gstatic.com | tcp |
| BR | 142.250.79.3:443 | csi.gstatic.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.79.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dobfilesdownloadpl.com | udp |
| FR | 18.164.52.112:443 | dobfilesdownloadpl.com | tcp |
| FR | 18.164.52.112:443 | dobfilesdownloadpl.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | wptv.wpcdn.pl | udp |
| PL | 212.77.98.33:443 | wptv.wpcdn.pl | tcp |
| US | 8.8.8.8:53 | wptv-cdn-3.wpcdn.pl | udp |
| PL | 193.222.135.70:443 | wptv-cdn-3.wpcdn.pl | tcp |
| PL | 193.222.135.70:443 | wptv-cdn-3.wpcdn.pl | tcp |
| PL | 193.222.135.70:443 | wptv-cdn-3.wpcdn.pl | tcp |
| PL | 193.222.135.70:443 | wptv-cdn-3.wpcdn.pl | tcp |
| US | 8.8.8.8:53 | 112.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.98.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.135.222.193.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.ssl.com | udp |
| US | 54.87.121.74:80 | www.ssl.com | tcp |
| US | 8.8.8.8:53 | crls.ssl.com | udp |
| FR | 18.244.28.22:80 | crls.ssl.com | tcp |
| US | 8.8.8.8:53 | 74.121.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.97.6.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3c7zd9zl88a58.cloudfront.net | udp |
| FR | 52.222.153.214:443 | d3c7zd9zl88a58.cloudfront.net | tcp |
| FR | 18.244.28.22:80 | crls.ssl.com | tcp |
| US | 8.8.8.8:53 | 214.153.222.52.in-addr.arpa | udp |
| FR | 52.222.153.214:443 | d3c7zd9zl88a58.cloudfront.net | tcp |
| US | 8.8.8.8:53 | download.dpcdn.pl | udp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| FR | 52.222.153.214:443 | d3c7zd9zl88a58.cloudfront.net | tcp |
| PL | 212.77.98.32:443 | download.dpcdn.pl | tcp |
| FR | 52.222.201.28:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 52.33.187.168:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 32.98.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.187.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| US | 2.20.12.89:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 89.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| FR | 52.222.201.28:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | www.wp.pl | udp |
| US | 8.8.8.8:53 | fonts.wpcdn.pl | udp |
| PL | 212.77.98.32:443 | fonts.wpcdn.pl | tcp |
| PL | 212.77.98.32:443 | fonts.wpcdn.pl | tcp |
| PL | 212.77.98.32:443 | fonts.wpcdn.pl | tcp |
| US | 8.8.8.8:53 | finanse.wp.pl | udp |
| US | 8.8.8.8:53 | agrobiznes.money.pl | udp |
| US | 8.8.8.8:53 | direct.money.pl | udp |
| US | 8.8.8.8:53 | fotoblogia.pl | udp |
| US | 8.8.8.8:53 | gadzetomania.pl | udp |
| US | 8.8.8.8:53 | gry.wp.pl | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | gwiazdy.wp.pl | udp |
| US | 8.8.8.8:53 | kobieta.wp.pl | udp |
| US | 8.8.8.8:53 | komorkomania.pl | udp |
| US | 8.8.8.8:53 | msp.money.pl | udp |
| US | 8.8.8.8:53 | o2.pl | udp |
| US | 8.8.8.8:53 | parenting.pl | udp |
| US | 8.8.8.8:53 | pilot.wp.pl | udp |
| US | 8.8.8.8:53 | poczta.wp.pl | udp |
| US | 8.8.8.8:53 | pogoda.wp.pl | udp |
| US | 8.8.8.8:53 | turystyka.wp.pl | udp |
| US | 8.8.8.8:53 | tv.wp.pl | udp |
| US | 8.8.8.8:53 | www.o2.pl | udp |
| US | 8.8.8.8:53 | www.totalmoney.pl | udp |
| US | 8.8.8.8:53 | portal.abczdrowie.pl | udp |
| US | 8.8.8.8:53 | praca.money.pl | udp |
| US | 8.8.8.8:53 | prawo.money.pl | udp |
| US | 8.8.8.8:53 | sportowefakty.wp.pl | udp |
| US | 8.8.8.8:53 | tech.wp.pl | udp |
| US | 8.8.8.8:53 | video.wp.pl | udp |
| US | 8.8.8.8:53 | wawalove.wp.pl | udp |
| US | 8.8.8.8:53 | wiadomosci.wp.pl | udp |
| US | 8.8.8.8:53 | wroclaw.wp.pl | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.google.pl | udp |
| US | 8.8.8.8:53 | vibez.pl | udp |
| US | 8.8.8.8:53 | www.money.pl | udp |
| US | 8.8.8.8:53 | www.pudelek.pl | udp |
| US | 8.8.8.8:53 | pixel6.wp.pl | udp |
| US | 8.8.8.8:53 | autokult.pl | udp |
| US | 8.8.8.8:53 | listownik.wp.pl | udp |
| US | 8.8.8.8:53 | pysznosci.pl | udp |
| US | 8.8.8.8:53 | znajdzlekarza.abczdrowie.pl | udp |
| US | 8.8.8.8:53 | survey.survicate.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rt.inistrack.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| PL | 137.74.7.134:443 | rt.inistrack.net | tcp |
| PL | 137.74.7.134:443 | rt.inistrack.net | tcp |
| GB | 143.244.38.136:443 | survey.survicate.com | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | dot.wp.pl | udp |
| PL | 212.77.100.82:443 | dot.wp.pl | tcp |
| US | 8.8.8.8:53 | 134.7.74.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | surveys-static.survicate.com | udp |
| GB | 143.244.38.136:443 | surveys-static.survicate.com | tcp |
| US | 2.20.12.89:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | 82.100.77.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| DE | 52.57.224.82:443 | btlr.sharethrough.com | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| PL | 212.77.99.29:443 | ssp.wp.pl | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| FR | 51.178.195.209:443 | prg.smartadserver.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.224.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.152.214.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 18.245.199.156:443 | aax.amazon-adsystem.com | tcp |
| BE | 104.68.84.174:443 | home.mcafee.com | tcp |
| US | 8.8.8.8:53 | ssp.goadservices.com | udp |
| PL | 212.77.99.121:443 | ssp.goadservices.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.228.200:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 174.84.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.199.245.18.in-addr.arpa | udp |
| FR | 18.164.52.40:443 | script.hotjar.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 44.236.121.164:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | e.autokult.pl | udp |
| US | 8.8.8.8:53 | film.wp.pl | udp |
| US | 8.8.8.8:53 | jastrzabpost.pl | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | moto.wp.pl | udp |
| US | 8.8.8.8:53 | rozrywka.o2.pl | udp |
| US | 8.8.8.8:53 | www.benchmark.pl | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | zywienie.abczdrowie.pl | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| NL | 89.149.192.201:443 | rtb-csync.smartadserver.com | tcp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | udp |
| PL | 212.77.106.3:443 | wideo.wp.pl | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 200.228.220.67.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 185.235.86.163:443 | ag.gbc.criteo.com | tcp |
| PL | 212.77.98.9:443 | www.wp.pl | tcp |
| US | 8.8.8.8:53 | 164.121.236.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.52.164.18.in-addr.arpa | udp |
| FR | 185.235.86.230:443 | gem.gbc.criteo.com | tcp |
| US | 44.236.121.164:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | csc3-2010-crl.verisign.com | udp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 35.244.159.8:443 | wirtualn-d.openx.net | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| US | 18.245.199.21:443 | update.reasonsecurity.com | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| US | 3.165.113.92:443 | electron-shell.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 21.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.113.165.3.in-addr.arpa | udp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| FR | 18.244.28.10:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| US | 2.20.12.102:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 10.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 52.201.189.129:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 129.189.201.52.in-addr.arpa | udp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| SE | 23.34.233.128:80 | www.microsoft.com | tcp |
| US | 18.245.199.21:443 | update.reasonsecurity.com | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| FR | 18.244.28.10:443 | cdn.reasonsecurity.com | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| FR | 52.222.149.64:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 64.149.222.52.in-addr.arpa | udp |
| US | 52.201.189.129:443 | track.analytics-data.io | tcp |
| FR | 52.222.149.64:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 44.206.171.65:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 65.171.206.44.in-addr.arpa | udp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | mc6.reasonsecurity.com | udp |
| US | 52.43.110.0:443 | mc6.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 0.110.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| FR | 18.244.28.10:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| FR | 18.244.28.10:443 | cdn.reasonsecurity.com | tcp |
| FR | 18.244.28.10:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 18.245.199.21:443 | update.reasonsecurity.com | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| FR | 18.244.28.10:443 | cdn.reasonsecurity.com | tcp |
| US | 3.214.152.143:443 | track.analytics-data.io | tcp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| US | 3.214.152.143:443 | tcp | |
| US | 3.214.152.143:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4056_RZKOHNBNTKFHDJFL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d312041e5afa24a5869df81a0d87fd6b |
| SHA1 | 85392078a414c6ee93eb4d8b5470d867687bfd77 |
| SHA256 | 8939ed45ea4fd287f449c808ab78a47bcc8011d6a7949771d2c01fc82ea6b137 |
| SHA512 | 5a4ddf4ebca50a81a364fe1b3e956efcfcfc3d685f3da2911e3ae93c2588fabf5502f88f881514b7a417124e8cf9c50dc2643921125c08123246b65848286d14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt
| MD5 | d0a1e9ce5b94a629311d83281fb14f0a |
| SHA1 | 2f99462b248cdbca07645813e397fd072744397b |
| SHA256 | 4f7eef48530a3d234c4feb3e91d322d530eba21ffb595e942cf32d8e245dc32e |
| SHA512 | b610beff04e43c41d4d51b177a8bbd01649b41e38e7cf521c1c1575cd497a9fede6d9f6b5c0fd30d97ed05ec9e1dde09fc5013f0e39216a049187722d91ef087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.dobreprogramy.pl_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt~RFe575d14.TMP
| MD5 | ab09eaa3cdba03eb3cf2915e0495ff4d |
| SHA1 | cf3309d199a4a74732b567ac779b07d32bebf759 |
| SHA256 | 8ca9184e3ac6fca1247ab02a8fdae79b9c4199983de87c4b8afbdea99a6de817 |
| SHA512 | 2977ddaa9acdc1c2195b3f6e93dc571acf11c36e288ce99149c20b1311db72706ed75e66fb28c0ae08618748d40d786931017b363eae36008e56c410d734feed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e6952ec35fdd2c10091b19a190996f4 |
| SHA1 | 740d8e20a577de3efbf672c13ad4c344769cb2be |
| SHA256 | a51fb4a1f51f7a382051fdee7cd934971bafcd9d644b6b88f0b1f9a9a6f3bd6e |
| SHA512 | f2ba41665680a088ccbfd5687aca5e8da8abd4d322df299eee9cc89dcf0c1f52a7842d6b4f49337dccba8cd29103b5dfc83335770526b2da9a384350fda1f968 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29ee602ef5253c7eb25fadb786249ac0 |
| SHA1 | 0af0a9ec2d8d465248bf1b342794a2536fd929f2 |
| SHA256 | 34d1ee2f53ccf9da41f0283f37f39b83cbbd4706d34e8b1c7673ac642546e1f7 |
| SHA512 | edd8bb7f7d486c7cd3838ae475aeeb09dd5ead13cf922617276c0dfffe02f9c896bf8270f57dd0dd8224732c024ccf960e3e95dda66eba4c8991ca5765a281ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 1ab1923427c859fb67362ae97137702d |
| SHA1 | 2323d6000cdfc0c4ee47cde0928d7f0fa2679f53 |
| SHA256 | 9e72d0199bb4a06a1fe88a5faa693c03579b17fd718ab5eedcdbfcec912f843a |
| SHA512 | ba9d496801915fa2930a19b8558142af28b5e6a625e29256d9f7e097dd919ad626fbabf9929447c3e9e25d2ce2e22a4dc284d212e6e60b39f282880da16a7035 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
| MD5 | efd00929c97729ee1bdd5aa1f9f7f1d2 |
| SHA1 | e398c3a6475ef38952f2deb435f563707bdf37a6 |
| SHA256 | 8bba11882e1c4ddcac0618cb1c437e2a21965c76297b649dfd3a734b8b461f16 |
| SHA512 | 3acff56c431eece36dca8fc726c52667661ca49a07f4f07cff0f751a97fea4a0359ab47bb0a8ee5ee5df522c71710ad30dea3d0fa582a93c94ac2e5f4136ce89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0
| MD5 | 05b3ee26eda5fbd4c683b36770a0c95f |
| SHA1 | 32d55d21a8e3e709c68fc7aedda3f8de41d55986 |
| SHA256 | 8b75aee4322dd72538687da9101cbeb7ef54cb87786a4be578ca3693411c0d88 |
| SHA512 | 95bab027026c119623f10f69bc96a86bb8f6d9acc3d466f397a28d0592c41c116121ac5a6e1f629f9e00c5d1d83f2f9dcf5a245ad05001b2167fa9b188dc983c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\b6c28cea6ed9dfc1_0
| MD5 | e6574a620f40a04c373bd1a30c7ebe2c |
| SHA1 | ea70d8ddc13f1c9c8b6465784c3a3894b5c1cdaa |
| SHA256 | 5ab7408fad549e564e63e809d616b63e55a92078e0e49fe02a7af3b819edda88 |
| SHA512 | 6b4429e9787f46233940b9dcd2e1e124040623f1012d67bee9a4510078e94cf8ad6b667f913ddbaa8e01d11788b0637941625ded2a084569dd9572ef171ff1f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_0
| MD5 | f94ce9ef26a2df14025a49f5a7fc61ce |
| SHA1 | 86f8319fee14833304b0100a36e8c4abffb6f51a |
| SHA256 | a8a666229395b3fcbe42836617733c83dc8dd7dcfaea7042a3cc3bd8d61a30fe |
| SHA512 | 54655f76e4d15a721870b8d2ef89f6a5f6b1221ad2fe5a91414732bf569f413f18a9519649161a495253c3b70a87fbdd81aaf1188cfab138f163179ee66433b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0
| MD5 | a361c21b3630c5e9dd0fb1c9fce89f07 |
| SHA1 | 5cf424de067783290b64289b5df3b2acc413c150 |
| SHA256 | fd73acecf7b77b12a7467e50c56580b06a8b0714f6602745863786444a8c5f74 |
| SHA512 | 7eaa9a8666fdddd9be00174aa64826b99852089f1c7556bf87ad0afe167c2774953dff21e99c29c7f019a239fcdbb9460b0f73644257f3acfa23cc945787a2e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0
| MD5 | 5e50c988a7cbc53caeea98c32c5f47cd |
| SHA1 | a830ec1d93d0b04d0dcd467513d38c772b169e0f |
| SHA256 | eb3719bd10f2f51a06b551f50fa54cfb9e73349dd20a1f54f9c010fc397b5626 |
| SHA512 | 7174f404d3543d79403fcb88a2a564eb8d5ac7ea7b753a300f1d11959f57195cdb249c6c55ef0604bdbb6cf3a1258a45fb6238b61c0871bbc2663cb24c19142b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 6cea2f5052f766b4ef937cd43152f09a |
| SHA1 | 117dfead81e7539a8872822d93f852cb5323d75a |
| SHA256 | 019c9f6224cb7bbbc137255da2ca68fc52a2df7964c0e35b7c421bec1efb8eaa |
| SHA512 | 2abd8634c149467487a45e15951f2ac73dcb2299ac7c2ff1eddb84594e093997be6da9b7b98e0f73e2fe4461fa7ff9f9ace87b693e62221cd95bff285e5ae825 |
C:\Users\Admin\Downloads\Unconfirmed 492270.crdownload
| MD5 | 390c6c6b3f54a28218dedec3e9770b49 |
| SHA1 | 132778a8aa06087a19fbb9d4ffe376910b91f6ef |
| SHA256 | 4f4be04142c835f2cf90888cf8f782b60fef6e60177f75919adee695caf7f1df |
| SHA512 | 5545ff149e1a3de1877e3fedc092c344fe704fb80b8075bcb71049e6cbb0637782123bd2de55f8e80e284e6c43448448f22e835d72bdfd33e13c42602bf76d82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0029627883f06ebb40c9aa8fd78018ee |
| SHA1 | 08c332d73457d8fe04f41d4d536e6df8e6e389b7 |
| SHA256 | 52726787700ef731bd91159ddb53b875ba180b5cdf0a687227ab02c12e50bf7b |
| SHA512 | aace8528262bdb54a7f79ff544df209bda4bc305e74c2acec8185b628103879cd827ecd6ac5673d1eb9daa6fbf8ad367cb2516680e288b788c7c4b824df8d68f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 971c01e075709c9df88ca64dcf3456c0 |
| SHA1 | a9bb532895a8e6fc1ef8077b48e4903a3e460211 |
| SHA256 | ff14881ad9d201db86f08f0ce177f61af69ec2537c13e9fcabc860df39d8d84e |
| SHA512 | 8b98db52532d42a10351ee01a13ee3cd9f87f9b364493963419f818b348600e509951d231af7659ba5532d05a0b3d7d8b1a740b21c44c8a0d2470aff8a07884f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a086.TMP
| MD5 | 1d1934b7d057a6023d3f7855930acc5f |
| SHA1 | 31644913ed45109dc63b99530d70b9aa7cc57b83 |
| SHA256 | c5a250220ab9450f5d44fdb14139b672c24d57b592521c203f9353768ad19918 |
| SHA512 | ed55c2558cca3f4f939949dcdefa63d81a8e0b836cf9b87663f7f0245ab07ae20b1e9fa1321d2a9bc0812eae2c607ca10c5e0e8072789fcadd77cc2c761e77ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\d5537ac5-916b-4829-a683-74d44c747017\index-dir\the-real-index
| MD5 | 1c1dde266dc8887273d9ae28ddfb5071 |
| SHA1 | 59246134ee1ae7c1e46672c146b08276d4aad932 |
| SHA256 | 51553ef842cbc906aaabea4000a8d6923d5a0c86b1ef4e5c240389f8c89896db |
| SHA512 | c13b89d1151d48bb5a5e074a5a70f6770d6648ca325aba608432bca1ba88c78fe16f7c802a8470b4c749e3dc6702ab4d6a418aeee4ee7ddeba9475a9d0a63d2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\d5537ac5-916b-4829-a683-74d44c747017\index-dir\the-real-index
| MD5 | b1e20b88c5272275be14270da9666500 |
| SHA1 | a5fffc9a737f5e6f170e75566550c088f801423f |
| SHA256 | adf65aa83750808db8108a2cce1ed10ff44dd258b185ced0fa61476dcff23a3f |
| SHA512 | 2bb9c72eaddee91ec77f19da8735c7c28fc32aa73265d2dbd5acffd38625359c532656b0a4f9b7aa1ac0bf6717a922fb7a53e364c836e61ba8ee4316b2837258 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt
| MD5 | 215c4a77eb08c5b1263496a606946dd4 |
| SHA1 | f40b06ebe8df8bc5dc44eb99337a64b3d19f88fb |
| SHA256 | 253bf97c27df85f2fec3e52d17752d9de7bb2edac9ef6f098b20eb0a6febcc56 |
| SHA512 | 146638044e911684fee302151dd72befa1a52ae1d5a4194ab9d40cb149f53b819b28a5a25c5c81ea275c787cf842374d1c97661747eaf42862f84199528e37e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 66257f7cadd0f65eb486c9f0d728820d |
| SHA1 | 93949750dc6dfc4d58ba2168da4cdb37be6a6f81 |
| SHA256 | 43824a8caed38d981bd310a906046f16fb8376bc14904d2aa7699d16c10cf082 |
| SHA512 | 092fb6dcb0e0fe6d2805d3cc19e1fee28a13d92da40173f6d07d3bb4114a5f663beb846571d987ad3f102297e1d14a2db80db0463f9c916511c453c9b3382244 |
memory/6380-484-0x0000000000360000-0x00000000004A4000-memory.dmp
memory/6380-485-0x000000001BA30000-0x000000001BF58000-memory.dmp
memory/6380-486-0x000000001B670000-0x000000001B6C0000-memory.dmp
memory/6380-487-0x000000001B780000-0x000000001B832000-memory.dmp
memory/6380-488-0x000000001B640000-0x000000001B652000-memory.dmp
memory/6380-489-0x000000001B6C0000-0x000000001B6E0000-memory.dmp
memory/6380-490-0x000000001B720000-0x000000001B752000-memory.dmp
memory/6380-491-0x000000001B6E0000-0x000000001B6FE000-memory.dmp
memory/6380-492-0x000000001B700000-0x000000001B71A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ed016a7081fc29f651b61e7a92d2e44f |
| SHA1 | d57cc2edc1aced72b061ab450b52639de1177e62 |
| SHA256 | 2e86a09b2c7b08241819e58ad42b29488c747c9c1e549309b1208c990b1f3fbb |
| SHA512 | 42e8a6c84ad9592f6baa4f0b5180f15a47b3a850b24aa48c8e488f2b0545a798a5c52c7ecf8c0a63fe003350f78073c1aa80bd1d8a66d019ce0a30a26d64090c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77CF52543AB0ECD9BF6546AAF6AC33DB
| MD5 | 30b422749de52f643d0b82f4fa0eec08 |
| SHA1 | 53ff45d98808aae7c2edaf7847fa8ae2bb2780a8 |
| SHA256 | 78e1550525bd380b406698087a3d001970fc6e962f9c355bd999663903162de9 |
| SHA512 | 6b321219bc2c89ad69c38995ea0514d695da93092dbe6966fbeef27088af5107f056a3e976d2735e49341e49ed2ce913d6ae3c5c0a3ff920a95cdafb4cc63248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77CF52543AB0ECD9BF6546AAF6AC33DB
| MD5 | 6cd2230aad1bfcd13e53fb6f5d6530eb |
| SHA1 | be358412e0c379aa339275d00dddbdcbe04d15ad |
| SHA256 | 5607415597704be97df87abe164567d0721573ed8676dae5775c0314459bfbaf |
| SHA512 | 002bb7bc5ba72992651837dda272cfbd3654b357115a8bb6d792d519cff70290406261e0f2a5e3eb9df027027965212016efdfdc438c49c851856c5eb3c5be4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54C62B182F5BF07FA8427C07B0A3AAF8_C0FCA017E5E8DC85A76F14D75ABCD153
| MD5 | ce5569ae0a2f98833ab815f80e936af8 |
| SHA1 | c770d1007c2b745dc7a0039c9cd7aca5ae577491 |
| SHA256 | d14a0fa7b924a1ed93936bd95b744204104679bb5ae17cfdc557bfb6505f0754 |
| SHA512 | 9fde390b814d1595b8eea47d85d82f97cb6b2ef0d14a61748cc8d12c7b6cde956113e5d37063e8c31ff04bc2fec1c136d3bb8ec594d4455d54029a76a6834d35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\009879608CAFAEA3D83BD836A5260DFF_494C964ABB8DFAE54253C96871A2D7F3
| MD5 | 4516e9ac4da169dbb1e1df63ff4e1c4b |
| SHA1 | 124c1a46f4c067e1e1167b58a53ecfab9df97b70 |
| SHA256 | 451f0f25ebcba0a1fa22593da76bedfc0c055a36b8c06c2d6854bf45c0407808 |
| SHA512 | d37e50782247fe85d0402ffc22b6c6adc337874cd7c4ba9170d457cf602ec751977b69e07bfffab6f213590c0a379a453d1e0a7b2807556a962d3a2f128eae5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\009879608CAFAEA3D83BD836A5260DFF_494C964ABB8DFAE54253C96871A2D7F3
| MD5 | 449d41c10538fc9ca92dbf90b5ed94f9 |
| SHA1 | 18a7c79b1223f275e0458324a55b1d0de2136d99 |
| SHA256 | f4de3dfc2e8480b4b5ccab7b860db1977dff5aa9716b8a8af7c4aa0264e1b8a4 |
| SHA512 | 923b8efc623ae3755d57cbf3ee1cb38e9df024a67dd64f54df763c9afdc82a6a111754de70e231c94cde2ea68f73c1a9382715b38591ea06afd0df4e1c3f9e7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\54C62B182F5BF07FA8427C07B0A3AAF8_C0FCA017E5E8DC85A76F14D75ABCD153
| MD5 | 57143f2c8d9985618b99ba579306a0f6 |
| SHA1 | 9de656e0261349e2399573beef98fc730b0cece4 |
| SHA256 | bbb67ee898dca520f660538929e79deca613797491ad1c2b1e16a924e88ed58c |
| SHA512 | bab70cd36a61e28bdb0014fd763766e5899e71368be48fa6ee17ed5c4fc31a4a255ae3c69e7eaf3e86b0cbea49a63c7a40322bf63d38b385784be1e3e0dcf4d8 |
C:\Users\Admin\AppData\Local\Temp\_files\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt
| MD5 | 773b4f2626d6d9553722d8de6e4945d3 |
| SHA1 | 14c37e22981d8fbc9227396cfa47aafb6e93ab71 |
| SHA256 | e9b30554769a8e2209a8892538b43450048ec08fd361ab745bf7cce1b9974b81 |
| SHA512 | e1f7ff2b1e8c2ad1289fcaae13e99c0ad40c201bc239095e3857b31b13645be0d1e5ed28edb55f39618d1c9542dff78040c150b5a9db27204d368fbfafbd9353 |
C:\Users\Admin\AppData\Local\Temp\_files\rsStubActivator.exe
| MD5 | e66bc638476a2ea162cfc8adceb1f703 |
| SHA1 | 3a7c2853e2c4ff9d40389a65abe57121780896af |
| SHA256 | 40e0fe7a7abde39a72753e316f65193a4e9a702d3558a3a3c3ba54860c70c503 |
| SHA512 | 7d2b25c07ec915c26effa25d3dfea4f791ed4d67966ef09f0cb3ed5497d719a6577e5f05051bf6069ec2625178fbc10c124f7fa5ffd63fe060792f9f1af401ad |
memory/848-600-0x0000013C191A0000-0x0000013C191A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_files\installer.exe
| MD5 | cbdc702ec44e244b2cb764ec3a82efcc |
| SHA1 | 3ac7e0652509171d905f06423c979a5c0d16ba1e |
| SHA256 | 2f97de96c50d73bcdcbff95fed75b2763207c8fc144d6367d2ec954c1e966b8b |
| SHA512 | 8ef13a28201c448215fc241cda74bb032c4a0c29a777de6aed32eeee8a5c428f3899a42ec74a408faee6535d08f7796d216c0bb1454fa2a67480c6a4e6ace9c6 |
C:\Program Files\McAfee\Temp3159551003\installer.exe
| MD5 | 7cdab43bc1b360d42a143943c700bbae |
| SHA1 | 9210afd1e6616bfdd20dd71c7379d1cadfeab966 |
| SHA256 | 580a2098951e804ad5cb726fbc0e78ed09464910769fa277330a3f78c0703a51 |
| SHA512 | ed28a4eec8e35aa0786f960e87079929b9fcb154b3b184f4051178a42d678eac438914f3144b9a1ff4e0c0a7a74171b594eb1ddf5d8180708677cbb7444486cb |
C:\Users\Admin\AppData\Local\Temp\mwa3D33.tmp
| MD5 | 662de59677aecac08c7f75f978c399da |
| SHA1 | 1f85d6be1fa846e4bc90f7a29540466cf3422d24 |
| SHA256 | 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb |
| SHA512 | e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0 |
C:\Program Files\McAfee\Temp3159551003\analyticsmanager.cab
| MD5 | c60ce68c2ab0f0a472f4c4d04a8d54ae |
| SHA1 | 0e56defd42bf0b3ee29432e3cdc3fbbdb9d27dfe |
| SHA256 | c5941c0d7db0b94fd30034d13ec69e9ece6133b43481d99f8d1c36236f363515 |
| SHA512 | 733a9b9805e0c255f858d1052af5d75c54a004756e10e351f2ac2983fd1502a71e06daf947e17c49eb3784d01dfabf0d8b6008c56b0ed8ac74c928cd35ab3441 |
C:\Program Files\McAfee\Temp3159551003\analyticstelemetry.cab
| MD5 | 25ada6efda1551f01db355065e53faae |
| SHA1 | 6e822cefc2dc0177ea9ad002958c218b0fae52bc |
| SHA256 | 2dfb8800d7d6e2ca15d4b6124e1bc1ffef6d17fd5d355a4fab29c68291645f96 |
| SHA512 | 38a5fb07f63d49db0afbf67935e0afd5e1fc2097511cc048789a07546980d296a979febce125dee61770ed69ad749fcc814dbd47184655d7e314f4c43d541bd5 |
C:\Program Files\McAfee\Temp3159551003\browserplugin.cab
| MD5 | 5b946a56491375ea87a336d07c648ab9 |
| SHA1 | f9c5cca74f03936d172ae8d8e7c532c95ee8be10 |
| SHA256 | a459c1c14309214cc705871932f6aff9b95df2c95024a8ec6caeae18ced49c29 |
| SHA512 | 0e3d09a425827d7e1c88b63c9bd7614751e9445daab2118aceedd9ab0dc2493e0167180cb01d295b446954bc77ca926d144f958578fea77aeff4e8d54c1dcf98 |
memory/6592-769-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
C:\Program Files\McAfee\Temp3159551003\downloadscan.cab
| MD5 | 5eaf2b2662a9926d835fcd1e0016facf |
| SHA1 | 0d9ca8500393479fa954d0519ac39aedd07fda32 |
| SHA256 | 70d1d190ddc32a61576bf2454fdf066348d3076c1a83918bc76e90224f68ba02 |
| SHA512 | 873a5b7c0da923aa79f8733a9e42600a6d794f536edde8c3bfc8da19f853cfcb879d88529a43b96b8ef1d9c94f051564f783c00b4c24ceccd39a6850289ec399 |
C:\Program Files\McAfee\Temp3159551003\eventmanager.cab
| MD5 | 570b642237d02474854bcf1dcb17b762 |
| SHA1 | 12a7b4306775a555cb9a6135cbe5a9a3dba9ff4c |
| SHA256 | fa8e179685aeff6cbe9578ae2f3e34a5bcb045b5697d5b7e3416ec2ef8a25881 |
| SHA512 | e98cc2b45caae213acd3062f3c8b1b82a71cc124a8910f2ab6a463a2628d832d9dca17e6f2e5f933287c668538d70486635f3d7efec093889ea107c20fd0a919 |
memory/6592-773-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ylex5els.exe
| MD5 | 18f5084eee5d30552acf7fe31b1c914a |
| SHA1 | 91f82d63a3e0b1d98822bb34c4ebfd2c9f932cc5 |
| SHA256 | 2ae99d0324150b36ae77ba813857288789fae43054e369c64ac0a5f953442cd4 |
| SHA512 | 1a541f05c92c2a651c2738a1a4d17016e9f34ac8bc8d1afdfd4e7fdf58a722e2bebb45b778003781a468720a4075e2402ebc5b95727abfab64b00691d1312eba |
C:\Program Files\McAfee\Temp3159551003\l10n.cab
| MD5 | 9064bf5ea7cb9acd2a4b5efb0dd90a2a |
| SHA1 | a142a9281c3ddac96186b1b7c7a1ff6ba0ef3dda |
| SHA256 | 8a2aa601fa77e3587e153840c1896028422335e9b3b2fd00fdc462f677e0c687 |
| SHA512 | 362bf6865c0586e8001566fc5cfde2decefd24fccbe93339090d9f816ab4203b4476bfb378ebd69b25c2bd8bb5b7c1ca7aa4cbb284888b43e37d4adf86fffbc3 |
C:\Program Files\McAfee\Temp3159551003\logicmodule.cab
| MD5 | 59f879d459c452486543ff8f84981710 |
| SHA1 | 4f56f3a41be2a44adb5ad0e4a01fd9b808df49c0 |
| SHA256 | 73c5bf76c7f680b0f28b969a9748a3cd7923e1f84eb00484ea5929276e839f8c |
| SHA512 | f9b9d614f4f5692a0c024ccf3b79fd21e2f9d7e6dc951da01c6745d57322b0f2f5e33efcad6e222eef2244a5312b8faee300e73d3855bb78e2217fe850341477 |
memory/6592-783-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-782-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
C:\Program Files\McAfee\Temp3159551003\browserhost.cab
| MD5 | f2d4152850d4e2ceb0f318f2f11cf021 |
| SHA1 | 004dc3db926cff0345d91a3fdd3bd241b9ddd0f6 |
| SHA256 | f1933558644045dbc893cef9a23d735b5a45ae7350696c1da9faab616638f56d |
| SHA512 | f7692e406698ab617e859df616621b03f4227b0c43b41ac984e4302021f275fddc650d640d8864fe05b0886b742d4beddbdbfeabe62d4a22de8ef7f2f7264041 |
memory/6592-767-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-766-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-765-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-764-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
C:\Program Files\McAfee\Temp3159551003\lookupmanager.cab
| MD5 | 182315f2c8bbf146aae9706d3720f492 |
| SHA1 | cf1c2e2982f97d9e2d8fc1f285d56dd3f485e954 |
| SHA256 | 173c4f5b70453c0fd1c175841418d4cad4d669f373f99bbdce1fdc1440ba2bdb |
| SHA512 | 7f378afe22bb4a2330d6704f253ab4da2d3f571a719e672dea7e0d88b644a895cb883c5154b0bbc40e302b3d8d7307dff0ef9fe2c7dc79c2ba963a2932d37718 |
memory/6592-789-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
C:\Program Files\McAfee\Temp3159551003\logicscripts.cab
| MD5 | f3d9744bc01d08dc8981b0d2bc054fff |
| SHA1 | e3bcbd89982144ececf7ec07f41551f982da5966 |
| SHA256 | f23c6a8782ea8da307ca628dc9f8c4551808d0c59317ee966b190b7462719ad1 |
| SHA512 | 22e5d3b28ee18965b0eab4c2474e33caab52311dc53639b528b2ac7b7ffcfa259222615471fc3e5c432f9f00fb1c899ec96dcbc9127dfa20b4a95bb9e9e71d82 |
C:\Program Files\McAfee\Temp3159551003\mfw-webadvisor.cab
| MD5 | 2dd394a5a4385ebb09c3cd47be84c0a4 |
| SHA1 | d9ca7feb947776ca5fb6f2260fe29de763c2216b |
| SHA256 | 3c09814cf00e096773875e1d2d402bb35412ab0e62a3a24006b1757552fbddf0 |
| SHA512 | 9dc5f1a3436aa58558ae031e5bd5fd0f443f416923425a9e4bcbb22a509ef81da603310c9f962f6a3e8465feb95797a3c3df81086f617d7e8e4f1d8bc7ba2e43 |
memory/6592-794-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-793-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
C:\Program Files\McAfee\Temp3159551003\mfw-nps.cab
| MD5 | f8b177c8ca906c97c8ac9999ad9366ab |
| SHA1 | ac1227646dc1df0bfedc430abb8bcdb6d5cfb066 |
| SHA256 | 427a030c28264bcf224703b7ae439a405be762c797aaf988342b2409a5c3bf40 |
| SHA512 | af105f43d497f63b28792a0fa23f630267bb671dbc814f6b82815c58458a281251a7948b871d4ad3b8cc5b2501cd28653427b6e954d3a1d0d2138f98d57e59fa |
C:\Program Files\McAfee\Temp3159551003\mfw-mwb.cab
| MD5 | 4574be184f0eb83b10106c7cb4789bab |
| SHA1 | ef7eccd4a3c89a598b0ca421a255f25b74c1c909 |
| SHA256 | a2de49125043942f1e7611b670a5316bfa4cc6e29cd84de0371f822fb88b976f |
| SHA512 | 995c6dabd71cbb928a29733cdc367fcfc5aaa6b613b9e6fc2269a8e46bfdca70418e8d3f41987bedfee1f002cffb3833dc726beafa995f809aa4764a80d53e1c |
C:\Program Files\McAfee\Temp3159551003\mfw.cab
| MD5 | a47358e143069bf156ff5d0196743453 |
| SHA1 | 9ee25fdb797e5663e2285a405dea937e6314e20b |
| SHA256 | 299e548ac813083d8d0da9d01d93eb15f2c56a378e960b193dd53d05e2dc0357 |
| SHA512 | 2d7213b6274377a9b73f10ac830381824e9655871b3baef0a053e58d2fd7dc0803861655349f75f76884cb4f457b11ff465bf1ee9edee121ba4e908fbb4a2bea |
memory/6592-828-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-909-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-910-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-911-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6296-913-0x000001CFB8C90000-0x000001CFB8CD2000-memory.dmp
memory/6296-912-0x000001CFB6FA0000-0x000001CFB70B0000-memory.dmp
memory/6296-925-0x000001CFB74A0000-0x000001CFB74D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\27273\config.bin
| MD5 | 7263d156f11cf6795342c15d1ab22fd8 |
| SHA1 | 26fb120fe923649725928d9c6157b21733f0897e |
| SHA256 | 6549e436c3242b8bae82a0ceebad6acb8a7526e2c6a546d34fd73bd960f7ba66 |
| SHA512 | 91d17456421a8741239296e95f72453fc646e35c211319e7b3dc927b707be524c94324124d77f50f6c8a1e9b7f13affef21f21d16e333227719d0725ee0ed90c |
memory/6592-937-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-936-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-935-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-934-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-933-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-931-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-932-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-941-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-962-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6592-992-0x00007FF6C1990000-0x00007FF6C19A0000-memory.dmp
memory/6592-981-0x00007FF6B0070000-0x00007FF6B0080000-memory.dmp
memory/6592-1110-0x00007FF6C2190000-0x00007FF6C21A0000-memory.dmp
memory/6592-1115-0x00007FF67D480000-0x00007FF67D490000-memory.dmp
memory/6592-1208-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1215-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1188-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1185-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1173-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1171-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1162-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6592-1158-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1153-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6592-1136-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6592-1134-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6592-1117-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6592-1114-0x00007FF67D480000-0x00007FF67D490000-memory.dmp
memory/6592-1113-0x00007FF67D480000-0x00007FF67D490000-memory.dmp
memory/6592-1111-0x00007FF6C2190000-0x00007FF6C21A0000-memory.dmp
memory/6592-1102-0x00007FF6C2190000-0x00007FF6C21A0000-memory.dmp
memory/6592-1183-0x00007FF65CE50000-0x00007FF65CE60000-memory.dmp
memory/6592-1097-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1093-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1074-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1054-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1046-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1144-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6592-1036-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1034-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1032-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-1141-0x00007FF690020000-0x00007FF690030000-memory.dmp
memory/6296-1008-0x000001CFD1510000-0x000001CFD154A000-memory.dmp
memory/6592-1013-0x00007FF686340000-0x00007FF686350000-memory.dmp
memory/6592-955-0x00007FF6901E0000-0x00007FF6901F0000-memory.dmp
memory/6592-1004-0x00007FF67B8E0000-0x00007FF67B8F0000-memory.dmp
memory/6592-940-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-939-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-938-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-944-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-943-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6592-942-0x00007FF6605B0000-0x00007FF6605C0000-memory.dmp
memory/6296-1828-0x000001CFD15E0000-0x000001CFD160A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89a4f12dac53be4f54a3733fadd91282 |
| SHA1 | ea77f12fc719dec49c86a407e923fc07a65e39a7 |
| SHA256 | bfdea91d3b1c1b077b35e48ccf3fa7d869dfdd0c399a1e5dcd72e3b630767def |
| SHA512 | ffca61b2804c14cb25a40b4bcf96589acb1fe9f08928febdef1f12947b99ae3d29b38337248f01be813f4c76445722a6832977b600071b61d0c632dde866fbe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
| MD5 | eac39505f05faad57b95742057c3b941 |
| SHA1 | 24f0f4833b7e6c82d772a451d6864b31e1ef9743 |
| SHA256 | cdf5a200c8661c1c0124e8989b1b138dab25130b32ed49e461edc9b725f0a0d6 |
| SHA512 | 71643f8c4d838e8cf7bc5c664dc41e48d31dd1f3bf60f2b0bd477efb07a912cfacb29a60d76e199bfa776e439f10c0c28e5e35d4498f2f97941bf64dadacf4a2 |
memory/6296-2146-0x000001CFD2180000-0x000001CFD21D8000-memory.dmp
C:\Program Files\ReasonLabs\EPP\Uninstall.exe
| MD5 | 8157d03d4cd74d7df9f49555a04f4272 |
| SHA1 | eae3dad1a3794c884fae0d92b101f55393153f4e |
| SHA256 | cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74 |
| SHA512 | 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7 |
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
| MD5 | cc7167823d2d6d25e121fc437ae6a596 |
| SHA1 | 559c334cd3986879947653b7b37e139e0c3c6262 |
| SHA256 | 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916 |
| SHA512 | d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | ad8771a2fc444045d567a41fad693a44 |
| SHA1 | aaece159444e6f21cede4777c0dbc9516c859858 |
| SHA256 | 36c8358590f9e712c468479761248d330b33363ad0d205ed6bf1bf9a7d032cf0 |
| SHA512 | 50f6b8c303d35421754347754d725019763ff2a184eba1a709292c966e4a50fb96a45a9ddcba0abccd872e6bc273dfb5b5bd4815c74cbf0f69fbee9542fc934a |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | c7ca71a7f472503fd07dd8674e70907a |
| SHA1 | c30ba3338ccc2c5b0eec860f64064dbcb6cf698c |
| SHA256 | 70bf1ff3b3d6c8f2b0fd141253569f606aca663a21e80cd479049a7346ec600b |
| SHA512 | 11943457887df84fa6dd33e1e90ea5f88c3b938eed668bb70e7502d8017a560cdda79e9602135a3e76d276567808192c34093d07de1dc80e8262a7c931ea5a7a |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 274d8fd8742b224f4d86e7bd2c0f415d |
| SHA1 | b18341c62d1bee34d1d5a9f099674842a6157ff3 |
| SHA256 | 1650228d537a7004a940b99182d0780f0f74c2e863bf0fabaef0650e90337ce5 |
| SHA512 | 94ae68ebf9747e6204fe43b91968ce53401e5b0dee3fb33152032bf51ffb34e338efe8b6be91dba54ebea9e2b3efd58984a09098b140e31d333752b7b4f74a51 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 4eb5f7625dc3342df0be16b2a0c57054 |
| SHA1 | f00598356f9ac6f5d4ca9b3bcd3ec77f12403031 |
| SHA256 | 9fce59a39e2c107414e7df6265c0161139d872df56d0877b36acf91515cfd22e |
| SHA512 | 70c3610e5cded34b99aebc0f8a493f511e29794ba60570ca992e970ad28822631a03ed33842761df493e2b7f3820961d769365ee9f0f1964bcd355baa40ef54c |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 1cebf356878f1571668164306c4f1d86 |
| SHA1 | a35efcffcadf84e2ad1024618a0ae46f5e546622 |
| SHA256 | 99e0ba25d498dd7b92e3d2f646473f3a77efb3db09ffc7de39812387cbaa5c1e |
| SHA512 | 042c0d437f11c1629513c667899679d02a6c4868a21ab5a8184d7a5638d0b0bf7913f8e318da07d7d4ed4a7b849f90ea4fe211c74d8f05936cf81c62fdeb6f8d |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 0ab749bd8528f67ee383502bb00156f1 |
| SHA1 | 060c383761d475db5ca9ffb2830e7b9987fbc321 |
| SHA256 | 7c278656adc33bc53824be05637ac380df4216ad2de9563622e24766a4de3713 |
| SHA512 | 0d9557d39db5dcec18cb434434547f22ac48dfcad1b48cace524c76e0ce0019cbbd831b2dd0e9222a4aabb341bf2fe47d1ac0776d9e647ae7964f603f47b7e82 |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 22aaf4a6312fee68f5e7155ca2d36595 |
| SHA1 | 08c1b2ee2083747ff92d30ab74b246f2abb58865 |
| SHA256 | fab251f5b4255a31e309b14cc203d89a9ea0d0f89d618dde6b725fe5fdf3301b |
| SHA512 | 9257ca92e2157a49e84359d8e184eff64abdfbe7c1b640412a1e0f2e3b46a33c70ce640095fd68b7d098609e891db03944d43024f85c2900a7e19cb29f9996cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt
| MD5 | fd21495235fe9162e6f5944071247fe6 |
| SHA1 | fdd9654a957ec791b8f2e611758e7f2d77b4a39d |
| SHA256 | 7685741a69d6b38d7140b1ff2d962e44d84368c0d4e10970d61c877e26fde192 |
| SHA512 | 5d27b99fbbcf9152de152ef11d6bdf3fae880ba996fe1b0a7036321615a380ad6083f8c027fe3f14984ebe449aed1a1de257bb3876cc4797ffba18687ccfdf37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt
| MD5 | 1f7c543b7266254f20361a550fec6e90 |
| SHA1 | 1a59dea57ff792f401d3bfec5aee0751f175f858 |
| SHA256 | 48ebc0c73d42c79cba9b093992ca4dd4e183a7eb5ec93224606321a7f02db8a9 |
| SHA512 | 5129cfa578c4f7fcb5c5f9fd1f083d89c06aa4793a0917729ff95f4f035443cf78f39ddb40f1a301f979bc1da2d139f057c2757f0bd0188fe872acbbe2e227f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt~RFe587114.TMP
| MD5 | 00d4511316d5d2bbac596df9a008f89e |
| SHA1 | fa3f79f5622c7934be8c2b96fdcd5febe676a5bf |
| SHA256 | 754ad1a1fb996403261af21c3ef86a6a9aa19ff2c6fe1941243dd9a895810c7b |
| SHA512 | c859a4a712bebbdc126b1abfff7e9755ba406ab883a26391b8e92469b05fe0d5d354e7366b9243ef5fd1f169d9055a2e2583b3a2120666283553b7a91da5623f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\79a4fad4-c5dd-48de-81e9-7df022e8f5bb\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\700daf1c668d1022f4956b3cb58e229858710867\index.txt
| MD5 | b89d6f4363af345130c74349f814e3da |
| SHA1 | 08c93776545f2b6bace68ab63de178e2f89cc10a |
| SHA256 | 1e4481632c434347ae2dd5b8122e9fec3caeb739c066bfdfb50e8e5adbdb7f18 |
| SHA512 | d77a3f549c83843e9db3d01df96c92205ac2308a518c4b7e191d54c2089d512a23b5c8d71c38860a754d17dbfd6b88946a8d3abc55f7789c065e41f51d9c903f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2beb0213504d07fc_0
| MD5 | 4fdce658e695434a3e58d77d44d59d35 |
| SHA1 | 0c6e8a0fd5c416a1b982fa84e67cbdb8eceeee9f |
| SHA256 | 66467c946f3109bca8b535d48cb2e23c6017c12d4b08626921fbde1ecf92cf0a |
| SHA512 | e5423fca00043d99e89f13aa4aeee2b978b87ab38235f260a924276de7c0d9355f2e41eaf1ed8ed2d60318aaa73bec1bb734e03518f359f27d0f9a31df29782c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\d10f805e771d7acb_0
| MD5 | 975e278ebbcbcd4517c5593753259336 |
| SHA1 | b85bb7a57b8d3fae287a8ee5a58e48a6b6e41310 |
| SHA256 | 75c1e3346655a3841620edab6bd6eaff708cafc58e9d35b91788951e4f7d4599 |
| SHA512 | 0d7425508066b2dab124fb1b4c78782a3626d455fb7a877fe717104758fe803e2f2bc303f6ff43ca35f2d3fae1f630644e9748807ed42af0e74a87b524bd0af3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8a579830291b1a29e4f5e9758b2dd9e6 |
| SHA1 | c22b3404838211eb406f0cc95d50763e945170d2 |
| SHA256 | b0dde628595f222f8c91afe695806e4251546f0812121605e4690aa26b5db8de |
| SHA512 | c0db475a4580e2fe0fb386b5d22274c60b3fcea68e40cd7e2e11c75842727ec1b71fc5c59b206728caa2e974f13fbd6fa06ac433a75b6b95a51aa73b67440a3a |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | a6eb5eecb5b5501c4048a3283b2945a1 |
| SHA1 | 76c949d5be55a0241bb72486ee967e07189a0819 |
| SHA256 | eeabc52a96c3f4e639fcc3ecca70862cee78ca4b6c9ddcb0dd8bf65a2785a950 |
| SHA512 | 75fe17459a02a9320770398406b0a9ff009289f355a5e7a27164810c44a5dfffd2d6bbdee022c92b695d2c2e46dda88c76e3ee244bcc9bb204f200eb99eb1d0c |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 281e5efcad09b6fc5c2686858e3b506f |
| SHA1 | bcd5a44caede3194fc731ecc50148d491bfc53b9 |
| SHA256 | 60fcd17212dae30a7af331116dc2496c0b35c0f47c5170ed476e65505372e8d5 |
| SHA512 | 9fe0e0249a395b38309ed263e00fd848ce0ffff385f767d4d6e35689e3e8e939805cdd1ead6b931b5cf8afa16ac32e1ce96ef82284a0d901015ea5340fdb7516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt
| MD5 | 8cb2ea6dd08a6bd274e499553aa8c8e5 |
| SHA1 | 97721ac92f9ad117e1d47b8987f56fe454b5b53d |
| SHA256 | 8fbd038bdb4a3d1980f8bca7a893629f369c7e09fdfaa53876ec1bf36ed7cd3a |
| SHA512 | 310fa4cd412d6b84c0c1652791f55388a43fd0c6133b23c9128376272fdf9ee443b3a57b7bb953c8f1087f1217c8f99fc29008f5771a051003686a6abf324e66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 61d6f1b0372adc2d96bdb3888512568a |
| SHA1 | a411ae9a28a04f6c46cb158e84b360f19c3e5b82 |
| SHA256 | 20b591ca2dee4912535a6ab94eeda9ec190aa54eeb728b7600dc21a969e51994 |
| SHA512 | ef1d754eb1b026cfe0962fe4f9c1aa3ade516ef7db691027b44202cdd62bfb70d2e61d980690c5c7cf232c53daa92d228eca92522dd1b6b5d30b6cb1fa7c2482 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587c30.TMP
| MD5 | 4affcaafbb51b8affbb2ccdae11dd61e |
| SHA1 | 2d9c58a94df3341ea9a08313f1c9af24e27f0fe7 |
| SHA256 | 0af47b1a83e21bc725c60f54df89b00ca0f3b9b1e29648bcdf2b77a2b52b342a |
| SHA512 | 34cec42feac70d8d5253c0ff4c08d1713745bf47182398f85a0353b5598e84629ae132ef99b87a3cd509324340b821e05688ba23eae0e014f299fa3726f4520a |
C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt
| MD5 | e605ab1a72964020bb97b16271e4a0d9 |
| SHA1 | f29b645c884dcc22ee40d152bd18f9463c13ad69 |
| SHA256 | 72914ef6d1fa2f9aef489dcade612d096a5cc0697aee604a74c48867d3b189b8 |
| SHA512 | 7ad68bf87c217ebbaf81a04fc1ed74e452922901dabb7179aea27726a64ffe7ed45e52b40e1d6990d34d5d3426640c947f78a99e3741d41baac819b5688571d3 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | eb5900a0a79285a5ff900d41c30a5d8e |
| SHA1 | 217db86b18b23250dcd69e464519738409cbcfef |
| SHA256 | 0d83f98186a9d9e3b185541d62bc6fbdf66a5368ba155e1deb0835e3157d17cf |
| SHA512 | 7315542516d4d3ea397a9ebf372bbb6e69f0eba7126e4773ce7f36456024f56510a525e98b9db9345a3204667347ed8d0f28c00c2f07c1e3d19d061a5c13159f |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 226fc04a84ab495bb582e29af05cab09 |
| SHA1 | 693c538235bbeb2c07cfc8a9cd850bc51315ff3f |
| SHA256 | ebec8378a0c96e153357237529109a6d9e5bd111602bf9c9dc7a5a50734914ab |
| SHA512 | 42c14cd4b4fc7335a3a5001054534ac292d3e336124586a4ffa45085cc6eaabb2158c8e8c892a68dc23d36ece26c1d7bea47b6edea16e0be2e8a63b25527894c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dea9f9a3a65522dfc86f1ef01ae7d46d |
| SHA1 | af322595b739255aa2647fb7d62ffdbdeedb8068 |
| SHA256 | e015c23a820113383dc126e4c1670612cf73c8e740c143d213d6fb9f3adc2420 |
| SHA512 | 1517eb1fa2b13c573bda14bd619b4565ffced2d33b8d9e0dfd54e9ed62a34747eee9567e46ea35ea19b7cef6e93ceed6621586c61c2ae4723bb98cfc5a2721b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a92b9ac00e3ebf12313c911b5b9181a7 |
| SHA1 | 7e3cd9b75e6d946a82ded232ae8499ad2a80fcaa |
| SHA256 | 999c7a7a753fdc9ed74ccb05b02ddca911bd7025c79c5bb33a23ca68ad51c097 |
| SHA512 | 9561d4a73e2e1ff2f55a317bbcf04beb39b49787e7db49b832b62b87acb03177ba24069ffe9ba5427752b06bcdbf9d1e0bdab2f782704e9dd33a2e616d88c1a6 |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 366c7e70ddbe22a04bf1f6254fd3cb76 |
| SHA1 | f3d8b0b389fe3d64a80a08b5a80753bcbef4168e |
| SHA256 | aa450962dbb7d8eda90f7c5743b98e7538fee31e9ee9fc3d2624f440d53cb76e |
| SHA512 | 0105db53a43327fecd7c675f1170e905987d7465c705b438cfa5586a40a3ea4e1694484bedacca50663ae542724a6d02bb93f22ee8bebc87959bc41a3872296c |
C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt
| MD5 | dead5e62c4ee85e1774f35920da74f80 |
| SHA1 | b80658882970141941de0b3850d2ec1e683fab6c |
| SHA256 | 3b073ee252205366207c1c67fb84e4a084eaffef6f5531a62bc69e03c15c3713 |
| SHA512 | 300e214c29b88303f5c216339870ead09d1ea8d2abd04503bb776662aa61130dc0e0d3385bf0e6b76f08e5267cd94ec6d84943811a9c23884127082e817ea0f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 42b0f78656e4705404c7bed87afaf54f |
| SHA1 | d31d72e0daa3625473f1d454b1ae881951cdf39e |
| SHA256 | db2d96f41e0de90a5f01035678c4ec2b95558f018e07ff9b217cb81deb0ea06a |
| SHA512 | 639332537a2e487c61bb248f8d1119375604a3cb93b469f2ded4a1320e0a28edfa736d35614b854da708b424c58aa5a3f9f4e85d75658e1802d629a3ce86810d |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 747e9fea893d38221e003fff69ca1581 |
| SHA1 | 071a0dbf2fca5a685aaa459c364ed1db2113b16d |
| SHA256 | 28957f90652e842e5705125b10b56be5b53f818be212e5c2c764fb4491c3227a |
| SHA512 | eda637a69b128c3f46e190945abee5fb632d5460ca482273266138088b2e66ed42c76bade8724eda37389129555c07740c5e58548cb55400218d157e34042d5f |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | eaeca6b0b5d667fb2eb511bc10efd72c |
| SHA1 | 65656fb5325d9142e6405bb9cc3bfc0b91fece99 |
| SHA256 | f62dfbfd9c53204a6217407279f22bfc55b46258a27cf5198357e5e1cba72a43 |
| SHA512 | 0e06e8ccfa3e765d8b6f4d1c521b0ae06ff174f3a885e440f99787d5760f8646b130bdb9e9f2f5db5f7281873862e0a874b4b7232095637326b3079a531920e2 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | 1c54a439d22e2dd58798712bdd1f2997 |
| SHA1 | 33e4ab63aafa949c9bd9f1c4cd8c9381b4a97c64 |
| SHA256 | c0ce2aafdbf664383f6b6403e0c73a6a311733a1d3180baa4314c31bc2a62980 |
| SHA512 | 89857fac027a2ad88499fbc8db9e491719814afc1bfdc8fa593a4516573212f86d598878b2757c541a3fe8d469c7c255b7c14bf25069035d269cc93b2bbfa128 |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 09cb0f4f077adc38f8af8550eed69319 |
| SHA1 | c97cb066a313df0c9384782924c15eb50ad5e1a7 |
| SHA256 | af4cc3bfebb4f886c77ae9140c3c47d7274fb720db31f16240f42d79050101dc |
| SHA512 | bca50e8b975789a17faa2114ce2c66955cf7bd0d6cbbefe14e8416031e2f352fce542521bf545d64b270034980fd58a99c5ba690a9cccc018f44c8785b2fd69c |
memory/6296-3425-0x000001CFD19B0000-0x000001CFD1A06000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\6e734b5c-c1aa-4f3a-9e07-4ca39be12251\index-dir\the-real-index
| MD5 | 9f65bddd86a0ec60c8aafa47adf5b7d3 |
| SHA1 | cc790e0bed89513f4a0e184a90f9d559d7719721 |
| SHA256 | e76908239123212c478b69e6ba255af198bea8f3739578b5e68f9b63359c436e |
| SHA512 | 8869ce5bdb780a1962d1eccbdbb3c2289ef217ce7c011cc4d6ae8418c680afe8be7c46977a2d268bee6c6298f6e77e43798e529c9e77ff38b9f80e3188094cb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\d5537ac5-916b-4829-a683-74d44c747017\index-dir\the-real-index
| MD5 | af859ccf67c910f31712dee4bf732c75 |
| SHA1 | 6c41c5cfc102a0b60d22f11f58d90fffb1b263ca |
| SHA256 | 823b6cea9d7fa8c9d63b25c23b7f87a0ec1e1be30cba8cb67dc3f98138249955 |
| SHA512 | 554cfbf145e8bbc57c287eea6fd67a065dfeef9c954c0ddca92c3113d6839db9617463429738584b71cb1ad0bf64aa13dc71b3edb536255319cfa690a850f009 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\6e734b5c-c1aa-4f3a-9e07-4ca39be12251\index-dir\the-real-index~RFe58ca7f.TMP
| MD5 | b061c546786b0425d9fee951de304abb |
| SHA1 | ef3ff48b5302ea2ca1892e3e5201922b0b4c2bfa |
| SHA256 | 58aabb4168bf39df743cb2567667254054c973a74e43b8bda524d7bef414fc8a |
| SHA512 | 0d5dd05f22130467495267c4b2dd6a4543a50bbb6a2b2bf17d088f62552c998487c497854a25062bc20c9beb36bd0683f69c4ef51f75b919c7210cd929ba8c75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\fe88ab6004dfd221c903dadea38c7148c89dac45\index.txt
| MD5 | e67e9d0a1e1643f25323c89dfcb73fd1 |
| SHA1 | 74e6196b92fc1b7382fcedbeb6e79d7285821765 |
| SHA256 | c1493531aeec64c428b9ef3aa623b98fd666556d060a4abdbb6f12393352a980 |
| SHA512 | e1054c971b058466a8d2d509462995bca06c18e467c7d6d1ead860d81f6845e28e16a5883c1bde8bf4875b3bc54c1e73389c3fc2ddfbc57254d3d7309efc6c5d |
memory/6296-5084-0x000001CFD1A10000-0x000001CFD1A4A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\2870a65b\99ddd989_dec7da01\rsJSON.DLL
| MD5 | 2ec13fba08ff20ac219f762509a766ff |
| SHA1 | 7a62fda6e3ca22d1edd181eca1c1a090accd1b28 |
| SHA256 | a66998441cf5a6be98d78abe2d2f3121012b7b30a45ffc9111dbd812c9a6d795 |
| SHA512 | 86f2e480ef397ac48e376115f65c06d9b41e5daae2d98e27480cadb13474d86fa3acea20f9ced640344b3c6d3a5f4bc3072b8b529e55c52ac793da9d2c09dbff |
memory/6296-5096-0x000001CFD1A90000-0x000001CFD1AC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\5c431604\99ddd989_dec7da01\rsLogger.DLL
| MD5 | bdf6337eef10d89ead58c97c4cc86eac |
| SHA1 | d7ec026d4587bce1efd0fbd9d1d0099f6410b8e4 |
| SHA256 | 247f904657ae110f6158598725de7de006318822e2f4739c6dc3407347a839cf |
| SHA512 | 185da0bb41b85192c7e79537d8796a8a56b0314a2f90a6a9f1fb9146bd673050e30315b4a7f1f50d090962fed334a76a49932e392ac44d3857d6997998f9b0cf |
memory/6296-5106-0x000001CFD1A90000-0x000001CFD1ABA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\e7542aae\8718d589_dec7da01\rsAtom.DLL
| MD5 | ff00eb531015f056aa090d84c51cbeb5 |
| SHA1 | 3eefa935448df905cdb9bbc8caf64e681185d638 |
| SHA256 | 3ad34654b29f9b72c110a1e02f8b49546603a16175bb78e3635ab767dcc4c81c |
| SHA512 | 1e2c0bd5650717d3318b06ab22c2371ebbe734fef90b220ecdc14b79caa64022c166c799c7e5657ac0523ec9706424a67237942897feee775df2bdc98640afdb |
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 7d5bfa735b37c024084376ffc80265ab |
| SHA1 | bc174aed63f19aee2eaa7356e2a87faf7d00834e |
| SHA256 | 6bf70561c66fe78df0d7453ce789b0f176a9bc229b2997821a24904c733d1a74 |
| SHA512 | 5441f765d32da2ba20e9440177619abb91cf7c75d004616cf3103b5b864ab7f012140d7a0d48ffef7998af5b813b15eb6f56778a5c77a7adc5e16a4dbadf9571 |
memory/6296-5117-0x000001CFD1BD0000-0x000001CFD1BFE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\8238a7f2\423fdc89_dec7da01\rsServiceController.DLL
| MD5 | 9da18dc90cdc783e4d0c503949f25375 |
| SHA1 | ed0be1a19eb6391abe073901d6b54ef8292418a4 |
| SHA256 | 4e7c131ee4c738212d3a6944543ae9a12c4edbbc5a892b39dc070292ad9fac47 |
| SHA512 | 9f151d9d36f88aa01c9161874957ebd0a26735c8cd2eb5e7bd96930aecc6e556af56c644e84910a3e6b8aa644d4d63871f23ffe7fb48e7fd7c23e5bb3d1c0f5f |
C:\Windows\System32\drivers\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/9744-5146-0x0000024A095F0000-0x0000024A0961E000-memory.dmp
memory/9744-5147-0x0000024A095F0000-0x0000024A0961E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | b2ec2559e28da042f6baa8d4c4822ad5 |
| SHA1 | 3bda8d045c2f8a6daeb7b59bf52295d5107bf819 |
| SHA256 | 115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3 |
| SHA512 | 11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01 |
memory/9744-5160-0x0000024A09A20000-0x0000024A09A32000-memory.dmp
memory/9744-5161-0x0000024A0B230000-0x0000024A0B26C000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
memory/2808-5186-0x000001ED9C500000-0x000001ED9C866000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e509ef2dffa89a607d78ecc38e09ee11 |
| SHA1 | f231d07658dbbdf5ffa468190bd77d647f8bf1b4 |
| SHA256 | 08fb5c250362d24cf72271043b81dc743609ce6763a5a9785740225c2bb397fe |
| SHA512 | b23cbbbe67d54c7a9522476b92788746f6501dff6e568bc18abf4f3f69bba6ea8e72c28f77144b0b67feeb332e18ba1aa029b4060ea4d1adaac6cfa13650ae2e |
memory/2808-5196-0x000001ED9C870000-0x000001ED9C9EC000-memory.dmp
memory/2808-5198-0x000001ED839E0000-0x000001ED83A02000-memory.dmp
memory/2808-5197-0x000001ED83990000-0x000001ED839AA000-memory.dmp
memory/2236-5200-0x00000234A2220000-0x00000234A227C000-memory.dmp
memory/2236-5201-0x00000234A3F50000-0x00000234A3F78000-memory.dmp
memory/2236-5202-0x00000234BC820000-0x00000234BC87A000-memory.dmp
memory/2236-5203-0x00000234A2220000-0x00000234A227C000-memory.dmp
memory/2236-5213-0x00000234BC7C0000-0x00000234BC7F2000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 2afb72ff4eb694325bc55e2b0b2d5592 |
| SHA1 | ba1d4f70eaa44ce0e1856b9b43487279286f76c9 |
| SHA256 | 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e |
| SHA512 | 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e |
memory/2236-5214-0x00000234BCEA0000-0x00000234BD4B8000-memory.dmp
C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt
| MD5 | fd0e7cfaf345208087058193c14ad94f |
| SHA1 | 209f1f9a606dce22f8ad5951aa4d89db82bcc78e |
| SHA256 | 442131369df477573e1f9d28591c8b87fb53953c424a7b978c1a1bc1ea4e8da3 |
| SHA512 | 83f8e72baab361f901789a20921cf0ddf9fbecc561bd744b780b6b071ee2969e7d0b147bcda162ddf0a3e438e927dd7e8f1d04d68f7e6ab4bf5c9eb15fe15548 |
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 705ace5df076489bde34bd8f44c09901 |
| SHA1 | b867f35786f09405c324b6bf692e479ffecdfa9c |
| SHA256 | f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950 |
| SHA512 | 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7 |
memory/2236-5244-0x00000234BD720000-0x00000234BD97E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35a908497a13e5ff3046511c711b42f1 |
| SHA1 | 4249194565ec35c8cc4ca6ead47bae6c5cce00f8 |
| SHA256 | e7b8c3d4a4812285d9c47b4585260bddea83576b7834d8cb2f9b2a528d6aac91 |
| SHA512 | eefabd3a71a887ff652b506670b27df5d0310b581463713f295e10e14836af32b60fb3bf038b0fbec89f3f3e3ad16e3e23309198ce6a8dd302be660f49544667 |
memory/8416-5257-0x000001DBC90B0000-0x000001DBC90D4000-memory.dmp
memory/8416-5258-0x000001DBE18F0000-0x000001DBE1920000-memory.dmp
memory/8416-5259-0x000001DBE19F0000-0x000001DBE1A28000-memory.dmp
memory/8416-5260-0x000001DBE1A30000-0x000001DBE1A62000-memory.dmp
memory/8416-5261-0x000001DBE2020000-0x000001DBE20A4000-memory.dmp
memory/8416-5382-0x000001DBE1AD0000-0x000001DBE1B2E000-memory.dmp
memory/3184-5383-0x000001A774810000-0x000001A774838000-memory.dmp
memory/8416-5384-0x000001DBE1A70000-0x000001DBE1AA4000-memory.dmp
memory/3184-5386-0x000001A776FA0000-0x000001A777134000-memory.dmp
memory/8416-5385-0x000001DBE19B0000-0x000001DBE19D8000-memory.dmp
memory/3184-5387-0x000001A774810000-0x000001A774838000-memory.dmp
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 1068bade1997666697dc1bd5b3481755 |
| SHA1 | 4e530b9b09d01240d6800714640f45f8ec87a343 |
| SHA256 | 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51 |
| SHA512 | 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 6895e7ce1a11e92604b53b2f6503564e |
| SHA1 | 6a69c00679d2afdaf56fe50d50d6036ccb1e570f |
| SHA256 | 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177 |
| SHA512 | 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState
| MD5 | 362ce475f5d1e84641bad999c16727a0 |
| SHA1 | 6b613c73acb58d259c6379bd820cca6f785cc812 |
| SHA256 | 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899 |
| SHA512 | 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b |
C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog
| MD5 | 789f18acca221d7c91dcb6b0fb1f145f |
| SHA1 | 204cc55cd64b6b630746f0d71218ecd8d6ff84ce |
| SHA256 | a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63 |
| SHA512 | eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62 |
memory/8416-5415-0x000001DBE20F0000-0x000001DBE211E000-memory.dmp
memory/8416-5417-0x000001DBE25B0000-0x000001DBE2919000-memory.dmp
memory/8416-5416-0x000001DBE2180000-0x000001DBE21DE000-memory.dmp
memory/8416-5418-0x000001DBE2120000-0x000001DBE216F000-memory.dmp
memory/3144-5420-0x00000229FC7A0000-0x00000229FC7CE000-memory.dmp
memory/3144-5419-0x00000229FD980000-0x00000229FDC70000-memory.dmp
memory/8416-5421-0x000001DBE2BB0000-0x000001DBE2E36000-memory.dmp
memory/8416-5424-0x000001DBE2290000-0x000001DBE22F6000-memory.dmp
memory/3144-5435-0x00000229FCFF0000-0x00000229FD028000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\bcda62e6-025b-4363-af30-9d8a32721c55\UnifiedStub-installer.exe\assembly\dl3\b1331bd1\47105276_eeb0da01\rsStubLib.dll
| MD5 | fa4e3d9b299da1abc5f33f1fb00bfa4f |
| SHA1 | 9919b46034b9eff849af8b34bc48aa39fb5b6386 |
| SHA256 | 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96 |
| SHA512 | d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680 |
memory/8416-5455-0x000001DBE1920000-0x000001DBE1946000-memory.dmp
memory/8416-5454-0x000001DBE2300000-0x000001DBE233A000-memory.dmp
C:\Program Files\ReasonLabs\VPN\Uninstall.exe
| MD5 | 410d4e81be560d860339e12ac63acb68 |
| SHA1 | 06a9f74874c76eba0110cdd720dd1e66aa9c271a |
| SHA256 | e4a8d1e07f851be8070dd9b74255e9dd8b49262c338bfb6ef1537edd8f088498 |
| SHA512 | 4bbffeef276ce9b8fdd6d767ba00066309eee0f65e49cea999d48d1e8688c73d7011ed1301a668c69814457caad3981167a1e3fe2021329dd8fc05659103fb3a |
memory/8416-5465-0x000001DBE2250000-0x000001DBE227A000-memory.dmp
memory/8416-5466-0x000001DBE29D0000-0x000001DBE2A36000-memory.dmp
memory/8416-5467-0x000001DBE41F0000-0x000001DBE4794000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bee6c876767708544b99e3eeb2038692 |
| SHA1 | 2c63b224901e4a675397e0eb0a9a17224d4d6739 |
| SHA256 | 0a3728160044993c3b3e614bd1c581f461df71a3e42d9c5becb46f0c07f5a5ae |
| SHA512 | 28cda74a45b529e1faf0974f97479150e0c02e326e0002ea533e9c71bd8fe042f1e8d69a181ecc19d1100beef11cb74910105b509d1b9f22455017c0552bdd47 |
memory/3144-5479-0x00000229FD600000-0x00000229FD65E000-memory.dmp
memory/3144-5481-0x00000229FD730000-0x00000229FD73A000-memory.dmp
memory/3144-5480-0x00000229FD700000-0x00000229FD716000-memory.dmp
memory/3144-5482-0x00000229FDD20000-0x00000229FDD28000-memory.dmp
memory/3144-5483-0x00000229FDD30000-0x00000229FDD3A000-memory.dmp
memory/3144-5484-0x00000229FEB50000-0x00000229FEB72000-memory.dmp
memory/3144-5501-0x00000229FD7F0000-0x00000229FD7F8000-memory.dmp
C:\Program Files\ReasonLabs\VPN\ui\VPN.exe
| MD5 | 4d7d8dc78eed50395016b872bb421fc4 |
| SHA1 | e546044133dfdc426fd4901e80cf0dea1d1d7ab7 |
| SHA256 | b20d4193fdf0fe9df463c9573791b9b8a79056812bb1bba2db1cf00dd2df4719 |
| SHA512 | 6c0991c3902645a513bdee7288ad30c34e33fca69e2f2f45c07711f7b2fdc341336d6f07652e0d9e40fbac39c35940eda0715e19ef9dfa552a46e09e23f56fdf |
memory/6296-5794-0x000001CFD0D50000-0x000001CFD0D98000-memory.dmp
C:\Program Files\ReasonLabs\VPN\rsEngine.Core.dll
| MD5 | 96cbdd0c761ad32e9d5822743665fe27 |
| SHA1 | c0a914d4aa6729fb8206220f84695d2f8f3a82ce |
| SHA256 | cc3f60b37fec578938ee12f11a6357c45e5a97bd3bccdeb8e5efb90b1649a50b |
| SHA512 | 4dde7e5fb64ee253e07a40aaf8cbc4ddaaeeeafc6aeb33e96bc76c8110f26e2c3809a47266cb7503cbc981c6cb895f3eaae8743d07d6434997684e8d6a3d8eb0 |
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\b5b436d7\ad669397_dec7da01\rsJSON.DLL
| MD5 | 8528610b4650860d253ad1d5854597cb |
| SHA1 | def3dc107616a2fe332cbd2bf5c8ce713e0e76a1 |
| SHA256 | 727557ec407cadd21aa26353d04e6831a98d1fa52b8d37d48e422d3206f9a9c4 |
| SHA512 | dd4ff4b6d8bc37771416ceb8bd2f30d8d3d3f16ef85562e8485a847a356f3644d995942e9b1d3f9854c5b56993d9488e38f5175f3f430e032e4091d97d4d1f7d |
memory/6296-6219-0x000001CFD0E40000-0x000001CFD0E78000-memory.dmp
memory/6296-6232-0x000001CFD0EC0000-0x000001CFD0EF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\57b83388\ad669397_dec7da01\rsLogger.DLL
| MD5 | 148dc2ce0edbf59f10ca54ef105354c3 |
| SHA1 | 153457a9247c98a50d08ca89fad177090249d358 |
| SHA256 | efe944c3ae3ad02011e6341aa9c2aab25fb8a17755ea2596058d70f8018122a4 |
| SHA512 | 10630bd996e9526147b0e01b16279e96a6f1080a95317629ecb61b83f9ebee192c08201873ff5df2de82d977558b2eeb0e4808667083cd0f3bf9f195db4890d5 |
memory/6296-6242-0x000001CFD0EC0000-0x000001CFD0EEA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\6eba594a\e8a18e97_dec7da01\rsAtom.DLL
| MD5 | 3ae6f007b30db9507cc775122f9fc1d7 |
| SHA1 | ada34eebb84a83964e2d484e8b447dca8214e8b7 |
| SHA256 | 892a7ee985715c474a878f0f27f6832b9782d343533e68ae405cd3f20d303507 |
| SHA512 | 5dd37e9f2ac9b2e03e0d3fd6861c5a7dcb71af232672083ac869fc7fae34ac1e1344bdfabe21c98b252edd8df641f041c95ea669dc4ebb495bf269d161b63e5f |
C:\Users\Admin\AppData\Local\Temp\7zS47353E78\89982817-da50-4f89-b7be-879a9f0e8124\UnifiedStub-installer.exe\assembly\dl3\ab9e8ae8\ad669397_dec7da01\rsServiceController.DLL
| MD5 | 8e10c436653b3354707e3e1d8f1d3ca0 |
| SHA1 | 25027e364ff242cf39de1d93fad86967b9fe55d8 |
| SHA256 | 2e55bb3a9cdef38134455aaa1ef71e69e1355197e2003432e4a86c0331b34e53 |
| SHA512 | 9bd2a1ae49b2b3c0f47cfefd65499133072d50628fec7da4e86358c34cf45d1fdb436388b2dd2af0094a9b6f7a071fb8453cf291cf64733953412fdf2457d98e |
memory/6296-6264-0x000001CFD0F50000-0x000001CFD0F7E000-memory.dmp
C:\Program Files\ReasonLabs\VPN\rsEngine.config
| MD5 | 04be4fc4d204aaad225849c5ab422a95 |
| SHA1 | 37ad9bf6c1fb129e6a5e44ddbf12c277d5021c91 |
| SHA256 | 6f8a17b8c96e6c748ebea988c26f6bcaad138d1fe99b9f828cd9ff13ae6a1446 |
| SHA512 | 4e3455a4693646cdab43aef34e67dd785fa90048390003fa798a5bfcde118abda09d8688214cb973d7bbdd7c6aefc87201dceda989010b28c5fffc5da00dfc26 |
memory/7744-6277-0x0000022E98F30000-0x0000022E98F68000-memory.dmp
memory/7744-6278-0x0000022EB3360000-0x0000022EB33B4000-memory.dmp
memory/7744-6279-0x0000022EB3330000-0x0000022EB335C000-memory.dmp
memory/7744-6284-0x0000022E98F30000-0x0000022E98F68000-memory.dmp
memory/7744-6294-0x0000022EB3520000-0x0000022EB3558000-memory.dmp
memory/7744-6295-0x0000022EB3560000-0x0000022EB3592000-memory.dmp
memory/7744-6296-0x0000022EB35A0000-0x0000022EB35C4000-memory.dmp
C:\Program Files\ReasonLabs\VPN\rsVPNSvc.InstallLog
| MD5 | db3e60d6fe6416cd77607c8b156de86d |
| SHA1 | 47a2051fda09c6df7c393d1a13ee4804c7cf2477 |
| SHA256 | d6cafeaaf75a3d2742cd28f8fc7045f2a703823cdc7acb116fa6df68361efccd |
| SHA512 | aec90d563d8f54ac1dbb9e629a63d65f9df91eadc741e78ba22591ca3f47b7a5ff5a105af584d3a644280ff95074a066781e6a86e3eb7b7507a5532801eb52ee |
memory/7744-6326-0x0000022EB41E0000-0x0000022EB43EE000-memory.dmp
memory/9592-6330-0x0000021EDCB20000-0x0000021EDCB60000-memory.dmp
memory/9592-6331-0x0000021EDCB60000-0x0000021EDCBA0000-memory.dmp
memory/9592-6334-0x0000021EDCBA0000-0x0000021EDCBD4000-memory.dmp
memory/9592-6335-0x0000021EC4100000-0x0000021EC412C000-memory.dmp
memory/9592-6336-0x0000021EDCBE0000-0x0000021EDCC04000-memory.dmp
memory/9592-6337-0x0000021EDCC10000-0x0000021EDCC36000-memory.dmp
memory/8416-6338-0x000001DBE3C40000-0x000001DBE3C82000-memory.dmp
memory/8416-6340-0x000001DBE3F10000-0x000001DBE4190000-memory.dmp
memory/9592-6341-0x0000021EDCD20000-0x0000021EDCD7E000-memory.dmp
memory/9592-6344-0x0000021EDD070000-0x0000021EDD0A6000-memory.dmp
memory/9592-6345-0x0000021EDD0B0000-0x0000021EDD0D4000-memory.dmp
memory/9592-6346-0x0000021EDD0E0000-0x0000021EDD106000-memory.dmp
memory/9592-6349-0x0000021EDDD70000-0x0000021EDDDE0000-memory.dmp
memory/8416-6350-0x000001DBE3C90000-0x000001DBE3CC2000-memory.dmp
memory/8416-6351-0x000001DBE2960000-0x000001DBE2968000-memory.dmp
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp
| MD5 | d13bddae18c3ee69e044ccf845e92116 |
| SHA1 | 31129f1e8074a4259f38641d4f74f02ca980ec60 |
| SHA256 | 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0 |
| SHA512 | 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp
| MD5 | afb68bc4ae0b7040878a0b0c2a5177de |
| SHA1 | ed4cac2f19b504a8fe27ad05805dd03aa552654e |
| SHA256 | 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b |
| SHA512 | ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp
| MD5 | 10a8f2f82452e5aaf2484d7230ec5758 |
| SHA1 | 1bf814ddace7c3915547c2085f14e361bbd91959 |
| SHA256 | 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b |
| SHA512 | 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\VPN\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.5\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.5\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7db93df7-1004-4225-a605-010abccc70e8.tmp
| MD5 | 366009e9b5ab58398fa852ef62f9f1e5 |
| SHA1 | b26688b118dbe3fa9ed0a5e888cf8b2fa10b15fd |
| SHA256 | c5ebc7453fd52a0bac3a74e36ea3b4e03bcebb90f878199aed85a4d2d6a6ba61 |
| SHA512 | b2dc4eb2bf6fd8c8d4e2b440300eee2eb88840e41b2412cfa8c45d93f9a5f02fa89853056c63f8bd7a4b8deb2b5b4904222958ec284f3331b64cd11bc3ba08b0 |