Analysis Overview
Threat Level: Likely malicious
The file https://filedm.com/FwZXy was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Sets file execution options in registry
Creates new service(s)
Modifies Installed Components in the registry
Sets service image path in registry
Reads user/profile data of web browsers
Registers COM server for autorun
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Drops desktop.ini file(s)
Checks installed software on the system
Installs/modifies Browser Helper Object
Enumerates connected drives
Adds Run key to start application
Checks for any installed AV software in registry
Drops file in System32 directory
Checks system information in the registry
Launches sc.exe
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
NSIS installer
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Delays execution with timeout.exe
Enumerates system info in registry
System policy modification
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates processes with tasklist
Modifies registry class
NTFS ADS
Modifies system certificate store
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Creates scheduled task(s)
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-04 17:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-04 17:38
Reported
2024-05-04 18:09
Platform
win10v2004-20240426-en
Max time kernel
1798s
Max time network
1686s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AviraOptimizerHost\ImagePath = "\"C:\\Program Files (x86)\\Avira\\Optimizer Host\\Avira.OptimizerHost.exe\"" | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\setup84434809.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\ThreadingModel = "Both" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\ = "mscoree.dll" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\RuntimeVersion = "v4.0.30319" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\ = "mscoree.dll" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\ThreadingModel = "Both" | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=EE5F351270044E48833F9831C3841596" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9CF7AD9-813E-4A4B-963D-3D12E983DD07}\BGAUpdate.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\AutomaticErrorReporting | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\LimitSentryEvents | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\SentrySessionTrackingEnabled | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "31" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\Power Profiles | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Name | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "80" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper | C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\RegistryCleaner | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\UserInterface | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\RTO | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Uninstalled | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedFirewallSdk = "true" | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security\ConnectServices | C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Number | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Type = 0700140057000000 | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "70" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "6" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\UILanguage = "en-us" | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "78" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedFirewallSdk | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\CalculateBootTime = "0" | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Adress | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Uninstalled | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UploadErrorReports | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\General | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\\General | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Value | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "83" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Subscription | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Check | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\NcpSmartScanEventBasedMessagingEnabled = "false" | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\BootOptimizer | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Launcher\AcpNamedPipeName = "Avira.Launcher.AcpNamedPipe" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\\Logging | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\Version | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface\UiLanguage | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "33" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Avira\Security\UserInterface | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "56" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Adress | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\LicenseState | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\MyA | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Number | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\AutomaticRestart | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "43" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface\UiLanguage = "en-us" | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UseGlobalUninstaller | C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Wow6432Node\Avira\Speedup\Logging | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\DebugOutput | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "35" | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Subscription | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\is-DTI9M.tmp | C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\Avira.Spotlight.UI.Application.exe = "1" | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Avira.Spotlight.UI.Application.exe = "11001" | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL | C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationDescription = "Browse the web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationCompany = "Microsoft Corporation" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xml | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959} | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\LocalService = "edgeupdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a03000000010000001400000002faf3e291435468607857694df5e45b688518680f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 14000000010000001400000055e481d11180bed889b908a331f9a1240916b970030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34310f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d820000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b68851868140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343114000000010000001400000055e481d11180bed889b908a331f9a1240916b97020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\setup84434809.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a00300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 | C:\Users\Admin\AppData\Local\setup84434809.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 | C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 | C:\Users\Admin\AppData\Local\setup84434809.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 991159.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filedm.com/FwZXy
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7fff201c46f8,0x7fff201c4708,0x7fff201c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe
"C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe"
C:\Users\Admin\AppData\Local\setup84434809.exe
C:\Users\Admin\AppData\Local\setup84434809.exe hhwnd=917792 hreturntoinstaller hextras=id:d8d090d10951db6-AU-FwZXy
C:\Users\Admin\AppData\Local\setup84434809.exe
C:\Users\Admin\AppData\Local\setup84434809.exe hready
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "PID eq 2804" /fo csv
C:\Windows\SysWOW64\find.exe
find /I "2804"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\avira__sptl1___lavasoft.exe
"avira__sptl1___lavasoft.exe" Silent=true AcceptEula=true LaunchUi=true
C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira__sptl1___lavasoft.exe Silent=true AcceptEula=true LaunchUi=true
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /Xml "C:\Users\Admin\AppData\Local\Temp\.CR.32404\Avira_Security_Installation.xml" /F /TN "Avira_Security_Installation"
C:\Users\Admin\AppData\Local\Temp\.CR.9962\ACSSignedIC.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\ACSSignedIC.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6980 /prefetch:8
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2a0,0x2d0,0x6a974208,0x6a974214,0x6a974220
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe" --version
C:\Users\Admin\AppData\Local\OperaGX.exe
"C:\Users\Admin\AppData\Local\OperaGX.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7080 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240504174012" --session-guid=255eeb1b-95b8-4865-ad3b-035a40714982 --server-tracking-blob=MjU4ZmY5NGRmOGY1ZDc1MWU5Yjg1NDNhOTQ2MmQ0OTAzYTkzNGViMWM2N2VkMmY1MTRiMGIxY2MzZmRlOTYzMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0wYWY4MzI2OTgyOTM0Yjg1OThkNmFjODg0MWE4YzNjOCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNDg0NDQwOC4xMjg2IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiIwYWY4MzI2OTgyOTM0Yjg1OThkNmFjODg0MWE4YzNjOCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjY4NjNmNjM2LWRmZDMtNDE2YS05NzFmLTY0Y2QxMjEzZWZkYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E803000000000000
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2b4,0x2b8,0x2bc,0x268,0x2c0,0x69d44208,0x69d44214,0x69d44220
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /install
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x8f4f48,0x8f4f58,0x8f4f64
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRBNzc3NTYtNzQ1NC00OUUxLUIwREQtNTMxMEFCMDY0RjNDfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0OEFBMDQ2Ni01QUZELTQzOTktQjcwMC0xNTFCOTc2NTdBRkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2MTcwOTM4MTYiIGluc3RhbGxfdGltZV9tcz0iMTAxOSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{6DA77756-7454-49E1-B0DD-5310AB064F3C}" /silent /offlinedir "{E0324AB3-6216-4F47-B79D-01C1FCB722D2}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRBNzc3NTYtNzQ1NC00OUUxLUIwREQtNTMxMEFCMDY0RjNDfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REYxRjk3MDctRTgxQS00MzVCLUFEODgtMjkxMkRFQjNDNjI5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxMzU4OTQiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODYzMzY4MTAwMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjIxNDY4NjY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\MicrosoftEdgeWebview_X64_124.0.2478.80.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\MicrosoftEdgeWebview_X64_124.0.2478.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\MicrosoftEdgeWebview_X64_124.0.2478.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff63c2d88c0,0x7ff63c2d88cc,0x7ff63c2d88d8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRBNzc3NTYtNzQ1NC00OUUxLUIwREQtNTMxMEFCMDY0RjNDfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7QjUyODE1NUEtNjVGOC00Qzg0LTk5NzUtOURGNThCN0RCN0I5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNC4wLjI0NzguODAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2NDk5MDU1NDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjUwMjE4MjE4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTY2MTc2MDg1NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2ODAxNzQ3OTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxMzYyOTI1NDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjE3Mjc5NjQ3MiIgdG90YWw9IjE3Mjc5NjQ3MiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNDU2MTIiLz48L2FwcD48L3JlcXVlc3Q-
C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240504174148608.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V4
C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp
"C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp" /SL5="$402B0,34114105,924672,C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240504174148608.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V4
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create AviraSecurityUpdater DisplayName= "Avira Security Updater" binPath= "\"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe\"" start= delayed-auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" description AviraSecurityUpdater "Avira Security Updater"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Update /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\UpdateFallbackTask.xml"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Service_SCM_Watchdog /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\WatchdogServiceControlManagerTimeout.xml"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Systray /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\SystrayAutostart.xml"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Maintenance /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\MaintenanceTask.xml"
C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe" Action=RegisterFallbackUpdater AllowMultipleInstances=true UnpackInCurrentDirectory=true
C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira__sptl1___lavasoft.exe Action=RegisterFallbackUpdater AllowMultipleInstances=true
C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\ACSSignedIC.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\ACSSignedIC.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Avira_Security_Installation"
C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.ReportingTool.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.ReportingTool.exe" /TrackUnsentEvents
C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe
"C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240504174155337.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=lavasoft /Spotlight
C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp" /SL5="$B021C,35770327,916992,C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240504174155337.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=lavasoft /Spotlight
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /F /TN AviraSystemSpeedupRemoval
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" -umh
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C copy "C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe" "C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /F /RU System /SC WEEKLY /TN AviraSystemSpeedupVerify /TR "\"C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe\" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART" /RL HIGHEST
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -validatelicense
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -initbootoptimizer
C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe
"C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-0U9EV.tmp\Avira_Optimizer_Host.tmp
"C:\Users\Admin\AppData\Local\Temp\is-0U9EV.tmp\Avira_Optimizer_Host.tmp" /SL5="$602DE,1578082,832512,C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe" /VERYSILENT
C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe" /Install /Silent
C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"
C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9CF7AD9-813E-4A4B-963D-3D12E983DD07}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9CF7AD9-813E-4A4B-963D-3D12E983DD07}\BGAUpdate.exe" --edgeupdate-client --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0Q0M0FBNjEtRDMzQi00OEVDLUI3REUtQzRGQTM2RURFN0IyfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDODczQUUwNS02NTQ5LTQ2QUEtQTkwOS1EMjEwMThBQ0JFOTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjE4MTg1OTkxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYxODM3NTY5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI3ODg0NTY5MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1NDQ5NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWxzbklBMkRBaDRNNXNYb2dVVkh5b29qNGhacFVobEFKNURrUkVSN2hDVyUyZkhwNVJUalVDemVEM3p2bHJ3NCUyYnlxa29RWkpXeXVZdTY2YmZuV3UxRVpudyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSI4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyNzg5MzU2NDQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1NDQ5NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWxzbklBMkRBaDRNNXNYb2dVVkh5b29qNGhacFVobEFKNURrUkVSN2hDVyUyZkhwNVJUalVDemVEM3p2bHJ3NCUyYnlxa29RWkpXeXVZdTY2YmZuV3UxRVpudyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjE2MTQ3NCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjc5MTE1OTQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyODU0NTU3MDQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI4NzE1NTY5MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwNTkiIGRvd25sb2FkX3RpbWVfbXM9IjE2NjAyOCIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTY4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\MicrosoftEdge_X64_124.0.2478.67.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7134588c0,0x7ff7134588cc,0x7ff7134588d8
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7134588c0,0x7ff7134588cc,0x7ff7134588d8
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEY4QTBFNDItOUYyOS00NTM0LUJGNUEtOEY4MTE4MkY5RUY3fSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4RUE4RUM3Qi04NjAzLTRCMjItOUI3Ni1CM0E1NTMzNDYzRUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iNyIgY29ob3J0PSJycmZAMC44NSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI4IiByZD0iNjMyNSIgcGluZ19mcmVzaG5lc3M9IntDMjIxMzBEQy1DRDBCLTQ2RDQtQjZEMy1FNzAxODc2M0EzMUZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI3IiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTkzMTc5NDY5Nzg1MTcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM3OTQxNTk0MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM3OTU4NTk1MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NjM3NTU3NDIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMzFiZDVkNy05YzY1LTQ3NmEtOTA3NS1lMjQ5NGY4ZGE5ZTQ_UDE9MTcxNTQ0OTczMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1lODBFZGUlMmJwaW1tVlNZcFd6SHExRlN1dEg2SlY3eWpFVHFsYTVrMHNyU2ljaGhsQkFNJTJmM2JNb2x2N2YlMmIzR2hvZHZyWkJCUDBDVldvbSUyZnVSNlVHNGFBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjciLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NjM3NzU4NTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1NDQ5NzMzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWU4MEVkZSUyYnBpbW1WU1lwV3pIcTFGU3V0SDZKVjd5akVUcWxhNWswc3JTaWNoaGxCQU0lMmYzYk1vbHY3ZiUyYjNHaG9kdnJaQkJQMENWV29tJTJmdVI2VUc0YUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIGRvd25sb2FkX3RpbWVfbXM9IjI2MzE4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjYzOTA1Nzg4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjc4MzA1ODE5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTExNTE0NTY4NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ0MCIgZG93bmxvYWRfdGltZV9tcz0iMjgzODAiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDM2ODIiLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSI4IiBhZD0iLTEiIHJkPSI2MzI1IiBwaW5nX2ZyZXNobmVzcz0iezU5ODBGODRCLUE0MUMtNEMxQS1BOUMwLTQzMDJCRjNBMDQxMn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC44MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuMjkiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins5QjlCMDQzOS01N0U1LTRFMzItOUE2RS01QjEyNEQ5Qjc3Mzl9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getfiledirect.com | udp |
| US | 104.21.67.38:443 | getfiledirect.com | tcp |
| US | 104.21.67.38:443 | getfiledirect.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.18.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | flow.lavasoft.com | udp |
| US | 104.16.148.130:443 | flow.lavasoft.com | tcp |
| US | 8.8.8.8:53 | 130.148.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | sos.adaware.com | udp |
| US | 104.16.212.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 2.21.17.29:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 94.212.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.17.21.2.in-addr.arpa | udp |
| US | 104.16.212.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | package.avira.com | udp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 8.8.8.8:53 | webcf.quickdriverupdater.com | udp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| US | 8.8.8.8:53 | 161.113.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.freevpn.win | udp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 8.8.8.8:53 | download2021.pdf-suite.com | udp |
| US | 104.21.57.28:443 | download2021.pdf-suite.com | tcp |
| US | 8.8.8.8:53 | 127.7.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 28.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.enigmasoftware.com | udp |
| DE | 18.245.86.53:443 | download.enigmasoftware.com | tcp |
| US | 8.8.8.8:53 | spyhunter-download-v2.b-cdn.net | udp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| US | 8.8.8.8:53 | 53.86.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 104.16.148.130:443 | flow.lavasoft.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| DE | 108.138.7.127:443 | webcf.quickdriverupdater.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 172.67.141.75:443 | www.freevpn.win | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 8.8.8.8:53 | api.my.avira.com | udp |
| US | 130.211.34.183:443 | api.mixpanel.com | tcp |
| DE | 3.123.247.118:443 | api.my.avira.com | tcp |
| US | 8.8.8.8:53 | 4.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.34.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.247.123.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.146:80 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| GB | 104.91.71.144:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.216.19:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.19:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.106:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.24:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| US | 2.16.106.162:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 106.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.106.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | package.avira.com | udp |
| US | 23.220.113.161:443 | package.avira.com | tcp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 8.8.8.8:53 | 62.218.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 130.211.34.183:443 | api.mixpanel.com | tcp |
| US | 130.211.34.183:443 | api.mixpanel.com | tcp |
| US | 8.8.8.8:53 | sentry.avira.net | udp |
| DE | 18.195.247.94:443 | sentry.avira.net | tcp |
| US | 8.8.8.8:53 | 94.247.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 20.114.58.89:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 89.58.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| FR | 104.123.50.171:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.50.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.mixpanel.com | udp |
| US | 130.211.34.183:443 | api.mixpanel.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 191.2.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_2140_JXDQXSKJOWQBXCMX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a503760716ad22db492be66cf334efb1 |
| SHA1 | 2cbddd831aa56bda4bcff7b8c3f86792f8ac4735 |
| SHA256 | 71ac9068d961174e46a18f2fa20be27cc37885dcbf148dc17f18b3864f1b78e1 |
| SHA512 | 53b38d1165f9c8755c781cedb5d366c48caf2122c6dd251819ee61d7a745a79593de90dd887ed838979070409aec799a90837bc2d166ea80992d3a855dee87e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e0634684b33fd4f0ecc8d7cd44957c4 |
| SHA1 | e3e3b4fd74450548f31e3bbe9112c61bde148c56 |
| SHA256 | 39a25051a346872c6f015148f300fa9fbe8608c9790097dfbb0eb5540ee2eb2f |
| SHA512 | 8a68fc094c8b6b94bd5d1dd25972f2912449c93172653588d5cf02494223c738d6f8994dc50600d6309c888ffdfeb9bd05041496207bbf7e3fde64e792a04bae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72167c525775f7f300a8f70b2b348de7 |
| SHA1 | 14edd298a3d1acb891b2b74eb8c6927227258b22 |
| SHA256 | 890f3466581b0474b61b029be173be4d4f6dad0ab23b96a0f240da4e4f72d768 |
| SHA512 | 78a014d586fdf68f9a5ec3b52e3a383159fc3336345e5260edb5386fe6a93f85c3fd62488fe0c4120e9154f91fb764621dcc9eaae06570a977080c63db869b14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 71317e20871f5e879fcec751bcd8a137 |
| SHA1 | dc95a6c80efb2a11a9e6dd1a3c16d186f19995b5 |
| SHA256 | 14036ec6e9ddcfc7d7b8639348a69eadfc5a8d03b222ce10dd305fcc27b185b4 |
| SHA512 | b9bb53baa6c6acd7e879e1e39dc7668abdcf3690c3261c565dfde020be48dc7ffc16db84f75d3c5ab9dfe121fc4287914eb81edc7733598b8470236a2034aab2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b6cc969f0a39b97ecdc138d0475b463 |
| SHA1 | 896088ec19a148bf35be022a22923fc2113b7633 |
| SHA256 | d823580e85ad5ed56a34c70cd06de4837bcac996681cbe3d40aabb8a27f54703 |
| SHA512 | 81437871e655f1e1516f00e670b8cbcc7c5acc81b9ae1765f98a41d2c7410ff6b11e44b54b2b995807023da3b5fcdac5b14093ce96c22beed60db9487fd09784 |
C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe
| MD5 | 1198daaa23f0af650c7cd4555fbef9e8 |
| SHA1 | 783f86460785027a41a84e41b42a05b4d4a1a462 |
| SHA256 | 25c846183e10bd2a146325effecddbabf0f390717fd11d597012a033e6daf600 |
| SHA512 | 1a67d52794c2047936fc4814b70dd6474837b90df7a8b5653eb8a09cf98d4df2c93fb07451a29254e2e161e9e3f0c3f87e9f5e1252a2c89f2b7f95537e80227d |
C:\Users\Admin\AppData\Local\setup84434809.exe
| MD5 | 29d3a70cec060614e1691e64162a6c1e |
| SHA1 | ce4daf2b1d39a1a881635b393450e435bfb7f7d1 |
| SHA256 | cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72 |
| SHA512 | 69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b |
memory/2804-157-0x0000000000420000-0x00000000007F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll
| MD5 | 72990c7e32ee6c811ea3d2ea64523234 |
| SHA1 | a7fcbf83ec6eefb2235d40f51d0d6172d364b822 |
| SHA256 | e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3 |
| SHA512 | 2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll
| MD5 | 1a84957b6e681fca057160cd04e26b27 |
| SHA1 | 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe |
| SHA256 | 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5 |
| SHA512 | 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll
| MD5 | 8ff1898897f3f4391803c7253366a87b |
| SHA1 | 9bdbeed8f75a892b6b630ef9e634667f4c620fa0 |
| SHA256 | 51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad |
| SHA512 | cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll
| MD5 | 6e001f8d0ee4f09a6673a9e8168836b6 |
| SHA1 | 334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38 |
| SHA256 | 6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859 |
| SHA512 | 0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6 |
memory/2804-179-0x00000000051D0000-0x00000000051E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll
| MD5 | 08112f27dcd8f1d779231a7a3e944cb1 |
| SHA1 | 39a98a95feb1b6295ad762e22aa47854f57c226f |
| SHA256 | 11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa |
| SHA512 | afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb |
memory/2804-187-0x0000000005220000-0x0000000005244000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll
| MD5 | 105a9e404f7ac841c46380063cc27f50 |
| SHA1 | ec27d9e1c3b546848324096283797a8644516ee3 |
| SHA256 | 69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b |
| SHA512 | 6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940 |
memory/2804-195-0x0000000005250000-0x0000000005278000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll
| MD5 | 6df226bda27d26ce4523b80dbf57a9ea |
| SHA1 | 615f9aba84856026460dc54b581711dad63da469 |
| SHA256 | 17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc |
| SHA512 | 988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5 |
memory/2804-203-0x0000000005280000-0x00000000052AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll
| MD5 | 8db691813a26e7d0f1db5e2f4d0d05e3 |
| SHA1 | 7c7a33553dd0b50b78bf0ca6974c77088da253eb |
| SHA256 | 3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701 |
| SHA512 | d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f |
memory/2804-211-0x00000000052E0000-0x0000000005308000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll
| MD5 | b199dcd6824a02522a4d29a69ab65058 |
| SHA1 | f9c7f8c5c6543b80fa6f1940402430b37fa8dce4 |
| SHA256 | 9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4 |
| SHA512 | 1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1 |
memory/2804-219-0x0000000005350000-0x0000000005382000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll
| MD5 | c06ac6dcfa7780cd781fc9af269e33c0 |
| SHA1 | f6b69337b369df50427f6d5968eb75b6283c199d |
| SHA256 | b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d |
| SHA512 | ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3 |
memory/2804-227-0x0000000005310000-0x000000000532A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll
| MD5 | 9d2c520bfa294a6aa0c5cbc6d87caeec |
| SHA1 | 20b390db533153e4bf84f3d17225384b924b391f |
| SHA256 | 669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89 |
| SHA512 | 7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15 |
memory/2804-235-0x00000000053C0000-0x00000000053E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll
| MD5 | 422be1a0c08185b107050fcf32f8fa40 |
| SHA1 | c8746a8dad7b4bf18380207b0c7c848362567a92 |
| SHA256 | 723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528 |
| SHA512 | dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599 |
memory/2804-243-0x00000000052D0000-0x00000000052DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll
| MD5 | be4c2b0862d2fc399c393fca163094df |
| SHA1 | 7c03c84b2871c27fa0f1914825e504a090c2a550 |
| SHA256 | c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a |
| SHA512 | d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799 |
memory/2804-251-0x00000000053F0000-0x00000000053F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll
| MD5 | 17220f65bd242b6a491423d5bb7940c1 |
| SHA1 | a33fabf2b788e80f0f7f84524fe3ed9b797be7ad |
| SHA256 | 23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f |
| SHA512 | bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e |
memory/2804-259-0x0000000005440000-0x000000000546C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll
| MD5 | 83d37fb4f754c7f4e41605ec3c8608ea |
| SHA1 | 70401de8ce89f809c6e601834d48768c0d65159f |
| SHA256 | 56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020 |
| SHA512 | f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f |
memory/2804-269-0x00000000053A0000-0x00000000053BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll
| MD5 | f931e960cc4ed0d2f392376525ff44db |
| SHA1 | 1895aaa8f5b8314d8a4c5938d1405775d3837109 |
| SHA256 | 1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870 |
| SHA512 | 7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0 |
memory/2804-286-0x0000000005AB0000-0x0000000005AC2000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
| MD5 | 2c4ee83f6b84f57ea7d7b5490454f58c |
| SHA1 | d2f153a30e9d4875da765e09b75e9af7cea7f2ab |
| SHA256 | f0ed3f54df8ea37fcf2cea41aeadd4689023d4d1e1e68c6e6023a5bd6cae1f3c |
| SHA512 | ed5edb7832605b32197360d39944ceb89faf2c9c1d6175cec9d0f8062c45d04609a0ed297646ea01164e87af23e251401e9de90461e36fce210725337bd137f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
| MD5 | 75e0455cde416122acdcdf007af1a3bd |
| SHA1 | 23f460e1ee95193f59a76e206309e3ab0bf93a84 |
| SHA256 | 48e4e53792fa3f6d836ef42f700febd39e6d3aca28fa7328c0da78b066f6b2e1 |
| SHA512 | 4ae1fa90252c15eecfd8dbc1150cbe67cb8aff822c297a5b7a3f0baa60015754d8b331b7cea17394ad13d73f79b16a2e8e95a9e1abb446019fceff6870f71093 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
| MD5 | ec95ba152315371a12b61e59736ef2af |
| SHA1 | 5420ca8697ddefc184f61745f4737305a68a4e75 |
| SHA256 | 55c56ef40fb19a4cf6d03acd5c5232286fe429d79e0f619701f32d51a5428198 |
| SHA512 | ecb8c92181c02083b06272b5d92acbbc51abcd3eee7e42e06d8df77fb2e4240d5fd2f5a1a084dc9c4f7945218fadc1f6a4532145c12dbc1887961cee79f19be9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
| MD5 | 13532de834d755cae18e11139f6ca306 |
| SHA1 | a69909c40ce0a0d748c289ed68b1269c6c036cf9 |
| SHA256 | 7533b158883e6ab2b69f4f2a9eeadc265426a585248a45f5586f391ae0e9d181 |
| SHA512 | eb07262afcf629e886b4edde2aafee3b035ae422295476ee977b7e407311f12f4d9b59f8b8020aaa0c0e000861c1328adcd9f9d9defa055cc5c991c805ceea48 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll
| MD5 | 9de86cdf74a30602d6baa7affc8c4a0f |
| SHA1 | 9c79b6fbf85b8b87dd781b20fc38ba2ac0664143 |
| SHA256 | 56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583 |
| SHA512 | dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641 |
memory/2804-303-0x0000000006190000-0x000000000621C000-memory.dmp
memory/2804-308-0x0000000006110000-0x000000000611A000-memory.dmp
memory/2804-309-0x0000000006250000-0x0000000006272000-memory.dmp
memory/2804-310-0x0000000006280000-0x00000000065D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll
| MD5 | 554c3e1d68c8b5d04ca7a2264ca44e71 |
| SHA1 | ef749e325f52179e6875e9b2dd397bee2ca41bb4 |
| SHA256 | 1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e |
| SHA512 | 58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6 |
memory/2804-316-0x0000000006740000-0x000000000674C000-memory.dmp
memory/2804-319-0x0000000006D20000-0x00000000072C4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll
| MD5 | 38cc1b5c2a4c510b8d4930a3821d7e0b |
| SHA1 | f06d1d695012ace0aef7a45e340b70981ca023ba |
| SHA256 | c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2 |
| SHA512 | 99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298 |
memory/2804-325-0x0000000007890000-0x0000000007E44000-memory.dmp
memory/2804-332-0x00000000069A0000-0x0000000006A32000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll
| MD5 | b431083586e39d018e19880ad1a5ce8f |
| SHA1 | 3bbf957ab534d845d485a8698accc0a40b63cedd |
| SHA256 | b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b |
| SHA512 | 7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll
| MD5 | 28f1996059e79df241388bd9f89cf0b1 |
| SHA1 | 6ad6f7cde374686a42d9c0fcebadaf00adf21c76 |
| SHA256 | c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce |
| SHA512 | 9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29 |
memory/2804-354-0x00000000082D0000-0x00000000082FE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html
| MD5 | 9ba0a91b564e22c876e58a8a5921b528 |
| SHA1 | 8eb23cab5effc0d0df63120a4dbad3cffcac6f1e |
| SHA256 | 2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941 |
| SHA512 | 38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2bbc7d2f1526bf5d62853347c0d43ec6 |
| SHA1 | 2aa887c62ae66b78e9ecdf6e13735640fdd992ea |
| SHA256 | 49f451b85ab7891cab10646b5440a9afa352f35823df5f9d1b64f63fdb0e464e |
| SHA512 | 8068e2fd4076cddb45d6823328772a637fbe9d2790fab9d127e416ac9d4ffbcc952b3c25053e42a3ef65ec5754126664a9026b1b075f8a2161f530a638b047dc |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis
| MD5 | bf5328e51e8ab1211c509b5a65ab9972 |
| SHA1 | 480dfb920e926d81bce67113576781815fbd1ea4 |
| SHA256 | 98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b |
| SHA512 | 92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico
| MD5 | 4003efa6e7d44e2cbd3d7486e2e0451a |
| SHA1 | a2a9ab4a88cd4732647faa37bbdf726fd885ea1e |
| SHA256 | effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508 |
| SHA512 | 86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
| MD5 | cef027c3341afbcdb83c72080df7f002 |
| SHA1 | e538f1dd4aee8544d888a616a6ebe4aeecaf1661 |
| SHA256 | e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7 |
| SHA512 | 71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf |
memory/2164-430-0x0000000000D90000-0x0000000000D9C000-memory.dmp
C:\Users\Admin\AppData\Local\Adaware\OfferInstaller.exe_Url_1hem3jux35iv1vzfopbi55gu03hcnxpl\7.14.2.0\user.config
| MD5 | f3da41e2f01ec12a28efa662df2fa963 |
| SHA1 | 9760227f497132829ec34fffec6184969043bba1 |
| SHA256 | a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2 |
| SHA512 | ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59 |
memory/2164-440-0x0000000006FC0000-0x0000000006FCA000-memory.dmp
memory/5260-448-0x0000000000D80000-0x0000000000F12000-memory.dmp
memory/5260-449-0x0000000005730000-0x00000000057A0000-memory.dmp
memory/5260-450-0x00000000057E0000-0x000000000580C000-memory.dmp
memory/5260-451-0x0000000005BD0000-0x0000000005C3C000-memory.dmp
memory/5260-452-0x0000000005C40000-0x0000000005CA0000-memory.dmp
memory/5260-453-0x0000000005B90000-0x0000000005BA6000-memory.dmp
memory/5260-454-0x0000000005CA0000-0x0000000005CAC000-memory.dmp
memory/5260-455-0x0000000005CE0000-0x0000000005D10000-memory.dmp
memory/5260-456-0x0000000005D60000-0x0000000005DA4000-memory.dmp
memory/5260-457-0x0000000005E20000-0x0000000005E4C000-memory.dmp
memory/5260-458-0x0000000005E90000-0x0000000005EC6000-memory.dmp
memory/5260-466-0x0000000005E70000-0x0000000005E84000-memory.dmp
memory/5260-467-0x0000000005E50000-0x0000000005E5A000-memory.dmp
memory/5260-468-0x0000000005F00000-0x0000000005F22000-memory.dmp
memory/5260-471-0x0000000005F30000-0x0000000005F42000-memory.dmp
memory/5260-473-0x0000000005F70000-0x0000000005F78000-memory.dmp
memory/5260-474-0x0000000006CE0000-0x0000000006D30000-memory.dmp
memory/5260-475-0x0000000006D30000-0x0000000006D6C000-memory.dmp
memory/5260-476-0x0000000006DB0000-0x0000000006DC0000-memory.dmp
memory/5260-480-0x0000000007870000-0x00000000078D6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\51ef5c95-8b8e-4547-bd5e-4f8550c70668.tmp
| MD5 | 08526c43dba41d8b40d98c4a33e3850b |
| SHA1 | 403baa8e261b93f83a22c577d39f53c108cbe9e4 |
| SHA256 | 5616c3955183ef70cf911cb72f6d55277c95dac4cca5fd19edfa14b2d657977d |
| SHA512 | a3417ded6762e544faa4519c20823829b7a135fe3fe9643f2d63be1d67adc508b194d7d7672006d24b9b3560be32e0ed635c0b6a1f649f0a96ae93422dfc0ff6 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\_locales\en\messages.json
| MD5 | 084e6401c611027c7a37ced03dc4cad6 |
| SHA1 | fb43defd1877aa79f7721487cc4dea82763e1f32 |
| SHA256 | b129c59e3a5c93071f454754c4e9c9a985ec86f9426ddc1a781938dbc6047344 |
| SHA512 | a9c896612d57dee55503869f6e91c68da3029b2b083ce2a672fa1875ed3153bbd71341c4df2a060c17c90610cd403e24546ae364782a62085c3868e118d0a3cc |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\blockedIFrame.js
| MD5 | 0fdc85565c94032f4dce86a7a787b8b6 |
| SHA1 | 17401e40e8d4e255abc54b655e902cea6aa38979 |
| SHA256 | a07ed2044e8cf301e20489b27940818bfb7d77338fdfdb8e0ff7554d1fbf6a49 |
| SHA512 | f61ffb25c80081657c59cc4265f02f53b0d16ef4dac6546327f6e8f6fbf36b1daa246d22f258c06e8aa0eab873a434d66584314f076c37418d6a1c7d60bd3c28 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\landingPage.js
| MD5 | 5eff50079fc107ded28bfe8cea8a8687 |
| SHA1 | c9ed85de0c4162bf3b575571ec8877391a2a9f66 |
| SHA256 | 84fbe1ed16cb1614d369b40a31b63de5c3e5bf0305cd7d9a16195ddcb8637935 |
| SHA512 | 817ad9b4e6383c8085763973388dd0fb620dba69e2897cfd3f95a69efb50e939a359fa713c939131b74c513367db1e88f16f7c35e539eec4ec3bc05e85a60536 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\jquery.js
| MD5 | 31c7feb42feac79c49c294d7e2360786 |
| SHA1 | 0bd82189e7dcdec830e87fc70f775900db706f6f |
| SHA256 | dc007e1b0c1d61d2ed7c00f7c3c4deb9831a1e622fb1cd68900d9bd330d38e24 |
| SHA512 | 52171e3dda6cad189929da6ab44eceae84872e7f70d5339cb85855d25c6a9b5d035a32c71d33cec72d324f94b695e4c9cc55c23299c339dd216713364c757a34 |
C:\Users\Admin\AppData\Local\Temp\41916469-24a0-4d76-9c2e-3257d9b7ead8.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\content.js
| MD5 | 7a3e8afd3d8a6281c2e4ec315ee78fb9 |
| SHA1 | c08cda369d09232f4beb9db962a3ee21ef016bf9 |
| SHA256 | 92e5d77400aa83415876f5a8d78c55c27bf5d47a48b99b73cb36f0088cee2c5f |
| SHA512 | aa77695cabe2c9d6fd8a7a68735fc7152c36ba649f49c876d716eadadb99a474cdb7ead4c4a73abcf41c0b1d40a2ea7e218956be2be790ee0abc1a05801bc8d4 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\common.js
| MD5 | 4672ef0eaf7515a69409c9c0fd3e62bd |
| SHA1 | ca920038f11d0ae10069b87f0ee32260a0d0f523 |
| SHA256 | 593ba5536ea92a87e55004874648ff12f096c71bc4dc81c084f0c59cf662cef8 |
| SHA512 | 304c5f7440e6e38127594892d993c740ce338f3b12a64923ab6793936126d0f68df27f83d0213f85926a15564ce84e81401e06448ff8fbb0d92b871db984e526 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\offers_js\cms_ss2.js
| MD5 | 16aa6b7a57ed00862d0106da2ea9281f |
| SHA1 | 229472fd4759a6ede4acff8c5841b2922ddb5b66 |
| SHA256 | ea2299d44948ae88d95e31cec8677f05a2174b70b896465ad787e19143eafe6f |
| SHA512 | 8b3a3a138a1ab98658502cb90a3cdd650e7092b1181477d86ecfcfaee18589178f714688a58fe2c924b46f834ce29faeacf0fb3413e1dcba0077739f8b47f301 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\_locales\en_US\messages.json
| MD5 | 7d1f1a13ab9860f983720e6fbc3bd93b |
| SHA1 | 50911a792e81c14a376fc32a22ccd22f0e05aadc |
| SHA256 | 0c27964dbb0e474e06a06cbf50c5720058a9c3e6f8dd69c27350bb47f59af2fb |
| SHA512 | 9940b947187abec73c154f59915cc36bc916ede860c907bf591fb71696878840eea2d1fc7fe012dd6ca7d7e8a25af545374747226054c877a2704b3e82cfa49f |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\css\ExtPermNotification.css
| MD5 | 869c9f7ad6d54c1e14e94b7fcf90f6dc |
| SHA1 | 59ed7c434f978caf6a6e0d7d59e9d8286e89a351 |
| SHA256 | 755d8a77d768cc7059cf32c28ae7a25d6d54a5f4b9841384457f459d18cf38eb |
| SHA512 | 9c7bd91bb20403742f6ef03314732e8f7a426561a59ab9ed8b3316a704d623147d5de3f46bfd7d8e529d93048aa877599dac555f669fb920e719dd7a3d332ad6 |
C:\Users\Admin\AppData\Local\Temp\8242c44d-6263-4ab9-b042-ac9ffd52bf02.tmp
| MD5 | 2abfeac7ea224741f3e59988cf399685 |
| SHA1 | 2992a6e26606473d14fa4eeaf995932a5b9fa641 |
| SHA256 | 391e3cd8a69c0b91fb6635441ca6ec45ef32accb1306ce9584baf62e62d2848a |
| SHA512 | 0b3c6d098429b8b147be6fd61729efedc544ddad930d51f0d9f3e21e7f23b9d560ec0e12d24557ed84cb63fad94a618ecde2914ffe488e41bdafde80c5c0c842 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\adguard\adguard-content.js
| MD5 | 252fd89b64e3d3ee049e24098907716a |
| SHA1 | 70c2f95c7ee683bb4b7b563fb606ec16fa612d3e |
| SHA256 | 26eba787912ef87717430e78b53dc832bd6290db089c742526933e8d8711f660 |
| SHA512 | 20d35a34598a5465fd2e3ba4e5cce61fc2d0d1ddb7f8165b98f7b30864b9dac9b0d2eb9800e62593b60e4b8afed6297fbd2da3f54011c02ce0284d612e887dea |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\css\content\search.css
| MD5 | 5c96abf57abfc0c8d233a915d8a45278 |
| SHA1 | dfb82a20642c8569408cc58e1f5329f4bd530e3b |
| SHA256 | 98b0a8047168a3c7424df463c1959578103360e8ccddd76575da1ad4addaeca7 |
| SHA512 | ff6c9d771be44ebbbac173135d86b840c74f0bbb2f72992f2151b9ad034c22a2da4e53c89fedbe68d0a31292b325e255d739d47d291fd3b614d18df9caf301a6 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\css\content\content.css
| MD5 | b176b474414092f01ce861f9da4bf2a2 |
| SHA1 | d175c77bf023434e6bdd14697d12653a4d397755 |
| SHA256 | e61a1a270d678bc281c6d857da661c2b9ab77dec18f2723dcc106463e1911c63 |
| SHA512 | 692fe6310ef028b4ee7fae0d363947084fc1bda5d95b3d9f2c52882e02e75fbeae88b6fcbcf7e954400eda5f66634a45bf2eec022da1cca19cd64cff9600842d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip\4.2.7.2353_0\manifest.json
| MD5 | c53baa16050867e10a4ca63e54395085 |
| SHA1 | 809f1522b9aad15092c9d8ae48870bc00c01eb73 |
| SHA256 | f8cebafa8009406e5a1cc63355c102a8a3a839e93b12922d7345973ca2c0db11 |
| SHA512 | f5a488d787d4a6a3b24026a1a91cadc249f5914c00e6e9708da290b36240de2a572f87c7691909b16819b0c2cf842f8921ddcbfd8117c1c6f105fe2eef16093c |
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | ed1a6fe19acd68ac0685d426a29e1102 |
| SHA1 | 06334996e5d27b37535a2d724eb1a9b84ffcdc15 |
| SHA256 | a13f1ab1fb6138e391cd7d2efe80b4726ab64e1cb012936eec187b252f00190c |
| SHA512 | 957986f164f1127ccb2a818970ad28a30a6ced312f85e5fd5e39d93a2e074e229e6189e6da8f9145c0ff11c741ca3fbcc46a25af4a2f8dda81a1a205daa3047b |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405041740120827152.dll
| MD5 | c44227f38d59c590106f011b17eb90d3 |
| SHA1 | b99b310fc2249a7879290ca5d2ad915ef588e76f |
| SHA256 | c0a24436f26dc0d4a4be90cc7c75343039f02ff058ca00da06399da839968b94 |
| SHA512 | 0edc91a06511cedabee7587401f69fccb3ade9747e1855c850806c2f0fef4402ed412dc1c68d03a70b317ee6314fa446d8541e831dbe24cabfafda17aa1b61be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 903c90d74f33ad61be46e6d875f1d1f5 |
| SHA1 | 7572c511f4af70599a74c5e0651856c2fc0b2b83 |
| SHA256 | 690842092d76ee489410941e6b306b60edee3725240f1eecd8ca378c2993b4ef |
| SHA512 | 8d2cfd44b663034e33e9cd0906d6655c10ba12056055ea3ac0847e0cca6d011b8eb544cc326a426f3bb23255515b9e8a94957fb27416d3e0ddf76c99d1aba2de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fad88551ba7d2a36f012dc640af3674b |
| SHA1 | c2694442f4c5d67288faf88d2d9e4c65551514de |
| SHA256 | 9cec9ea1db5257602140d22fe623a3305a98d468100295286427fbfc56e8ac0f |
| SHA512 | 564e96c2a2e1e6ae47355b419d7ab4334a777ce63a6c6de060581b9e140a96ba18baf4ba9b9466491cd21d684e8efab5f0eaa7dbae40d6d6650cd908b2271ce2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b8f8389-8db2-4a8d-babc-b1e8a214f331.tmp
| MD5 | 9d25c17020fcdffd1f5e45879f1a951d |
| SHA1 | 8baf1be4fffcfa17ae938b8213c496fd4762c0ca |
| SHA256 | 817ba769f9be38181f1f5f367e0987d265d8303e9fb6e893d30dfb5de12c3917 |
| SHA512 | fe8e70752463947814f0b68cd32029950cdf8b73dfad6f567aac4c07ef08e20e84fd3fbe6a5a94a763b814716a8d2dd4cfc7b0ec91e307d299ed99fcfc0feda1 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe
| MD5 | 3ad6f1d43acfdb4533ade2e597f09ecd |
| SHA1 | 295d0c6098f19c81c48a40db7a97a88b4f0632f2 |
| SHA256 | dba4515014a26c44fa8cf4c7f2502bfc29855879e5c890e037e24d09fc757cf8 |
| SHA512 | 405f9e510612899c1b1a79bcb1846f0c283e173b7a7b57de307a3c72d5462ccc323a7a93d69528bb461cdc24e4e22c7038f17276daa3bb31a8862fa6c26bd4bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b9635699f1fe53e9127daf7aae47f440 |
| SHA1 | a7c74758d96ad1085c9a173919233e205d1f40bd |
| SHA256 | fab85dcf52ce3347bf9fac0c12c9fd705b3dc213eb0cf97dcef3550888c13029 |
| SHA512 | e83f7a1a5cb10a6c4b69722f2b50d1c43c24521984e76a066de06ddc381c0234f55de32fd1ca93d973479d4485adc172fbfcded521e27a8705874f5782a46e6a |
C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe
| MD5 | 3b6bca9e1b79bf84996f8348c4225ae3 |
| SHA1 | 0cf0734fd65cd4ebf37da75fbf7a56c040cf3190 |
| SHA256 | e1c44bda2ace6d3c181d57deb0f99aa4b1e5a07efb643b0e1cdf0516ee3b71c2 |
| SHA512 | 443d48f28ecad72d6146c7520c3d2f088f631999c037d4b69b8c190751ee493bc13fb22992dbb63bddfdf9af6744beac14c12802fd7dcdc6fba7b6b36cee1500 |
C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe
| MD5 | 607875e5abf25c91fde4881a72122f52 |
| SHA1 | bb8ea4fba8fc142d0357c3249f4c2b7c737ef194 |
| SHA256 | 02d51295990c48d4418362cb3e9cac190804ad39d76faadd23f6f476f53a8777 |
| SHA512 | 44c7a58d3a6f00dbe811741a964c662d9c9e12520bf5b15267e13b80d5854aca7be45f4ac844f2318148cf8fb11aeafeac613ed2f6e652365658389bc3faab27 |
C:\Users\Admin\AppData\Local\Temp\.CR.9962\ebe92eea-0f37-4ec1-b583-8bf306bab224\VpnInstaller.exe
| MD5 | 9b41201bb6d9b439103b7a2fb1d41038 |
| SHA1 | e5c7f61421be5c5b0115c1be03ef1bbe8570c832 |
| SHA256 | f6d4a140924af35dfbc63729736310737c6356052094b19fddcb6e88d7e210ed |
| SHA512 | b06fcbac44b679dace89ad633269f02117aeef19a9fb1d481d19f8d5246c8dfd305eaf228994dce10c9f3c3151bd4aacf82c44e541ba7446b23f48f0e23c3eb5 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 24e62a7c8d7f60336e60c003af843a87 |
| SHA1 | 9576d1924d37113c301cadfd36481586cdef870c |
| SHA256 | 43f7de9fae6b79a844d7da6056ac82beadf028a347e227c2bc33d503f7eb402c |
| SHA512 | 34f33015d3e7cabdea2ef39f7f149aaf39caa534b188a34021e577d68bbc48d1d99b7b13a1303d4ebaf5c29fda0bb573f3a6cb171aa2db67cc4b25292eac4a36 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | f97be18ef8c4fd66e74d44073ff2f7b9 |
| SHA1 | 8c802c129e0511febde78bddc37baf45fea35c0a |
| SHA256 | bb2c8cb2d53c2dd3800b06d2044df02f41e461a94c04f6cee37491c81ba22b12 |
| SHA512 | 3bc2868933b1f71c8b6a53100f4487da18337d7a016424283c65562410ffbaf9658b15a19fcbb65d259d20e5f05ace2ebd1c45c21103b5d57cf9eb44a95bfb49 |
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | 989b7798f2fcf5daab163f1a2684b21c |
| SHA1 | a44b2076b2ec75897985e3056f372656eb06deb3 |
| SHA256 | caf079abb0a45f8df8a5035946a4223e5c5d421bf7378e92fc507e2ac2bad3f4 |
| SHA512 | 1b58d58bc55432ca09415fc6a4948ef1cf18a3460a2fdbc7d44779168e4689156b21a7c55d52f430bbf4f23ab147f77935ab8d0053c0af8e66bd6a0dc641a88b |
memory/6720-1884-0x0000000073CD0000-0x0000000073EF3000-memory.dmp
memory/6720-1883-0x0000000000B60000-0x0000000000B95000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Installer\setup.exe
| MD5 | 1cd79627301bfdeb1d3fba51cad868a6 |
| SHA1 | 2b71bae909047dd0374425e9df941ef93fb696dc |
| SHA256 | 74ab283991de81543bff5786ad8bebd41c243bc00beda305da00c55a60ac2093 |
| SHA512 | 839860435573bddfcbb950e2986333dd43ab5df5b2a0032fb18cd25c736e94d998b5ea1fc1e1b0c1d02a28b9615653becc4b535434bfd8a7a02f5995acf1808f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 89528fcd28f8cc01c7fadd679f7d42b8 |
| SHA1 | 34af2c48b5105cc5c294f9f22069253626d5f629 |
| SHA256 | 6f5ac25f4eb5b09c08dc127a9bd3db009230f2d06e1041e82ecbd4a0a5fdd089 |
| SHA512 | a9aaaf1b3333accb95330e6053bdb78f15c25c4d4b2774b29ad300a08779118d63cd14c9ddd939d36073ef921f9cf3f39d3ad68fc68a509db9e64ef66dc0e78a |
memory/6720-1945-0x0000000073CD0000-0x0000000073EF3000-memory.dmp
memory/6720-1951-0x0000000000B60000-0x0000000000B95000-memory.dmp
memory/6016-1953-0x0000000000400000-0x00000000004EF000-memory.dmp
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.dll
| MD5 | 60b1c6dd9d78098f3e86cfa78742adc2 |
| SHA1 | 77dde13a95ce9fdbad08d125680d09c4a8adfcea |
| SHA256 | e508c2326b9f95ab56268599f35e20129993faf7b410c693a4dc3720b630d042 |
| SHA512 | 4471dd83d920d9254495c014228f512ad53eb32eba0186375e24859ed98e66f3dcd80e862095f5a1a12330b0880b7bfef64badeb84f4769bc924f2b742a0f109 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\SharpShell.dll
| MD5 | cd36d4e1db5b30ddbd4a0ca89844c255 |
| SHA1 | 18d821c1b38560300708133e95b942a5bdf10ba4 |
| SHA256 | d0c1025a629ba0c95a061c0c478b5f55d101498e49c54640c971388d291ed00d |
| SHA512 | 8423be23e6d8ececc4d2cab2d220806827f049efc8277021feda0dd66aecdf16d6b777affb65ef1846e3d43795cf9ce7d0859f4b17ccbc88864e2ca608a35e3e |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\System.Threading.Tasks.Extensions.dll
| MD5 | 1425fad91e6290bb7c7339307f9fef26 |
| SHA1 | 3e180e7d3300d3001f0320ccb98ebe5165e57806 |
| SHA256 | 3578dc076c8b8526d0d2d98f0415d080732e1cb26811c38ab4d127e6f06da9db |
| SHA512 | b128163d2e1e3dbcd07d1ac69afd1b04c728a8bc0889d4aa3939c8034652e110a21795ca9bad474a9989ea0f31835b5cb87fee19490db880b3873242280db379 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | d5f46177b22c1f1766195162b8305614 |
| SHA1 | 3d448a5280220f680345511a55664d2ee7f9b909 |
| SHA256 | 7b02bc8be0b9258a0d959e2db6a21150833b3d7c2fa34e1821308cd198d18498 |
| SHA512 | a14b4988967f513b806668b45be5d28f3880a5fb7c960a2dcae9e43c4b8d5fbd326edfce720e890be56ab2f4fdc7861217bef635f6667e598094e2e463313cf3 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\de-DE\Antivirus.ContextMenu.resources.dll
| MD5 | 88a29d0448cbe23a630fd349b683cab9 |
| SHA1 | 83bac7391f4fb4717f327be7d9515d03e6b04e94 |
| SHA256 | c5fb68bae78e2ed9d651d98cac00d8fd0e3c1c9f7def78a0641c4b1a5b3f3e49 |
| SHA512 | 57d8e83f9834cfad3d320fd22ace3dbfb79dd014b6e1761da9c409eb2cb743015136a91a9e674e12766e9a82041e525036596606b284054bb96567b55daeb4fb |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\en-US\Antivirus.ContextMenu.resources.dll
| MD5 | c305459285a9c6a09a4497c83fd1487d |
| SHA1 | 23a9eb56e39cc66a06e5b5d1b38cf4317df89d9b |
| SHA256 | 97a8c67884afb5972bf7cc5a9229da852385c29ea08f2c75aeeab29b2ee8bb4a |
| SHA512 | 154db38dd1e972b5d8e845a2331e43de78727b5be80b1bc8ff4195812d9afa9c7a9bd851d97b6ee66d35ba097a936e61316f41deeeb932d7b5732c63948078ca |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\es-ES\Antivirus.ContextMenu.resources.dll
| MD5 | 0e42dc8532ee833fb616ee1b9961d34d |
| SHA1 | 13686b0a7c6a5184b6ad09f66d3076e7fbfdeb36 |
| SHA256 | 8aa9a4edb886e10611196bd7264f16bbe7c0b84531de0125e3b70e97e28385e4 |
| SHA512 | 0e8c182745d4b03e7fcd4925963e74c7b3efc7adbefad17931fb205f4050ad07efef9aed0c263b4e7fb54c713d196475a70e2c18dc2c126881e7668efcf352e3 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\fr-FR\Antivirus.ContextMenu.resources.dll
| MD5 | 052599539bb9de0cfb6a1876877435ce |
| SHA1 | d7bebabb22aec6ecc5f675ae4aa46b47b05a423b |
| SHA256 | 80c58b30fd0589d7062b5a02b19508f93060a63e9d3382b79564cc7371f311ed |
| SHA512 | 267069eb2fd371da7216dbf6c334bf9f4a38bf56abbad8ed0438c35c5557aab8921a5364ac4888026fe2741082c37a6f32b57936583baed3b3ee90e9c50c1a9c |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\it-IT\Antivirus.ContextMenu.resources.dll
| MD5 | cb7e93ac04a7a1278600dbc1a93fd925 |
| SHA1 | 67e3c247dc7748ca6b0fc36dc30c7d3b21c5bb9f |
| SHA256 | b9e13d7dc715d893844aaf40162fa8bf741fc361d00998f85f987e0468a52071 |
| SHA512 | 5ad065c7fa3b87c90b21c94ffa1d14863d05832cffccacc11ecd716a71a24813ec815b5762751608985e201b0a3f3296a42efe752af30494475c0071a656f2e5 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-TW\Antivirus.ContextMenu.resources.dll
| MD5 | 289f9ea72057cf5ace27cc997e0f76fa |
| SHA1 | f40d898b64c21bd21c74001a81f719da347825ee |
| SHA256 | 263b870057c1aee98d5bfc5186a2fc928dcdd8f15becc21f7a2170ab46f4d368 |
| SHA512 | a27c5262311093adc1f8a5091e4cfe971a2b522b78711aff72c72295ed57bc81bdd099d878840c4fabac166a6cdae6cfcb50b4b1be43b207c6876af01603f302 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-CN\Antivirus.ContextMenu.resources.dll
| MD5 | 02a9c1a1c562f3eb1723cc1b71914777 |
| SHA1 | 386c14c309388d48267953e851529d6c146f1ce7 |
| SHA256 | 3f1c1fc8bc46ad3f6ac022da5481f6647c7343bdbe2638886802b543a0eae8e6 |
| SHA512 | 30eb638e6767ae182f446c083f6edb82614d5d44340ef087801a29a33ace7e0b711aea5aa6641443cda2e825a8f2dccb6ed028f3093c1e465f154fbef9e15bd3 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\tr-TR\Antivirus.ContextMenu.resources.dll
| MD5 | 5de382d2cf23a804eacfd4cce737114c |
| SHA1 | beb7c79f76c4d51a780907d4ed1824a0ae39510f |
| SHA256 | 948074eb64a8f97e65caedbc9bf0854d853e315599c9234fb12cb866020a4afe |
| SHA512 | a153fa6f47b55dbd546adce617d42b87d24e9688067eaef8e102a38f8601a869b547d43f0c8ce2b44f4ff48dcdce42d6c95a1b5545017fd8a23e231f01c489b7 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ru-RU\Antivirus.ContextMenu.resources.dll
| MD5 | 92df52a07343914fa105e70d46acf440 |
| SHA1 | a3cf0be9cc4942184c7e6e7cc5db8aea7f5e6569 |
| SHA256 | 5f06dec91bca83f9966de80298e23d8aa2d8919c1085f8ca88a4ffdcbfbebc7e |
| SHA512 | f3cce2c9e250cc0b4dd93de6c0170ede17c35e87fbedf9a94fd6a34a124fa7916eefd7960050b750fa361d19881541fa655a539d7290f602fec9add3a648a80c |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\pt-BR\Antivirus.ContextMenu.resources.dll
| MD5 | 9ff1639dd991a40679280f467ce897d6 |
| SHA1 | f963300b469e579dc02f7a7d1a586e27f4632467 |
| SHA256 | 23df9024c8b0ad2edf7246dd2e7cc72cf9c58114b9c33999461ac88be3f0160c |
| SHA512 | 7c3db226b808244089eb1209fff6a2fa95e50e896db885b2d98d4f7c938d27237de3448139770b2be4b9cc96558cd83dd301596a10f7308a7f309a71283ed203 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\nl-NL\Antivirus.ContextMenu.resources.dll
| MD5 | a26310954c9c73b79c657b516a466ec6 |
| SHA1 | c29de38b0f692a3a4f4bbf951987c1a24544bb6a |
| SHA256 | b8305171ec072df6edecbc35b5b1b0b55a534b92cff9b3cc16756484f96ff98c |
| SHA512 | adab23f63f7e9d19e3b8821c9da01bc5571c4dc316eb01d540405b6b94f7ae113f94acec95d218b6519515469d3dd416417f84d663fd15c5450e1a0c9b143022 |
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ja-JP\Antivirus.ContextMenu.resources.dll
| MD5 | 3a4f265eeab0af11c8b08c04b58c3c10 |
| SHA1 | a8334f335764c95c760020d07fa4e971123f1712 |
| SHA256 | e8a4f34492e48ee755bb1f02be1b10dd32577e96fe6c13c0e67f95d68992efb6 |
| SHA512 | 56df79017c78fc32fff10a7827318833f786e38a0c3cd3f6cede01fe3f95676e09487f3af3c40b3bf1fb5252abd283185b126f3c0acb2d115dceaade7c0995c5 |
C:\Program Files (x86)\Avira\Security\Service.Plugin.Antivirus.Legacy.dll
| MD5 | 196882f3130579e2e19861f8d4c0c521 |
| SHA1 | 9e39f0d63b9f616ba6be271787a33f67c238a12a |
| SHA256 | 4b4746a7d5dfd11baeddfa12bd23a04e5d114d70d8ff7d601ec454d6070e1095 |
| SHA512 | 29cb3b57272476e2563b0ac0036ace338b423c8f25128684c4105f422a52b78687680e9113fbd4c60f340f86cf70b5e09964eb096866bbbcc84e303c91c83599 |
C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe
| MD5 | f5a09970b7f450e841001917362090ab |
| SHA1 | c4d4fb79eee8ed356ea2db28d1e85c43447d840c |
| SHA256 | d915a47215324e62752c7d1e7e8d375d39edc2bcf87fc005c1d9f4289a5476ef |
| SHA512 | ad42de7bffcfee65e9afe62224f04cee35909ce7291bd1be4af729517f6d258eb12163f2344503c9c86fe182b7ee19df0d07dc7e1369ed8feb3d5398b514b2b7 |
memory/2976-2662-0x0000000000400000-0x000000000072A000-memory.dmp
memory/6016-2663-0x0000000000400000-0x00000000004EF000-memory.dmp
memory/6264-2666-0x0000000007120000-0x000000000713A000-memory.dmp
memory/6264-2667-0x00000000074E0000-0x0000000007536000-memory.dmp
memory/4320-2673-0x0000000000B30000-0x0000000000B5E000-memory.dmp
memory/4036-2677-0x0000000000400000-0x00000000004ED000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira.Optimizer.Common.Native.Library.dll
| MD5 | b102cdd8d737a4bbdb6f661361277813 |
| SHA1 | a66c7d08024945dd18f8eede13781e24289595c3 |
| SHA256 | 1ffbe30a177463c76d6b48d92a0f4c87144d01d7a159463012e1377c36f69280 |
| SHA512 | adbb0e90ca2e29aaaac7968b9af4984ffc012b7eb79f8d11cb3e1f4510c8a7240acbe75febc651eb489402cac2d037223870e46482bb45cf409242cc3e6daa46 |
memory/540-2684-0x0000000004160000-0x0000000004606000-memory.dmp
memory/540-2691-0x00000000068D0000-0x00000000069F2000-memory.dmp
C:\Program Files (x86)\Avira\System Speedup\is-FE9FQ.tmp
| MD5 | 8df37e56713cdbffc8527c23aad51361 |
| SHA1 | b52cf7960164f551ced4efa22e49b23e36660e47 |
| SHA256 | d7150836a4e2e0e113e2650da50c5e4529c5dbaa96b6ffa89bc1b382635f4606 |
| SHA512 | 47989103af5b0303e201c404dbde54cd717fe43a3c8c5007512dc43ef84da197c54adb13409bedca3901081daaa409b2f6d68ca1a34a865a276b51ab46938063 |
memory/64-2966-0x0000000000A60000-0x0000000000A72000-memory.dmp
memory/64-2976-0x00000000053E0000-0x0000000005408000-memory.dmp
memory/64-2977-0x0000000005490000-0x0000000005504000-memory.dmp
memory/64-2978-0x0000000005660000-0x00000000056AA000-memory.dmp
memory/4204-2980-0x0000018E77B70000-0x0000018E77B80000-memory.dmp
memory/4204-2981-0x0000018E79780000-0x0000018E797A8000-memory.dmp
memory/4204-2982-0x0000018E7A030000-0x0000018E7A0A4000-memory.dmp
memory/4204-2983-0x0000018E797B0000-0x0000018E797FA000-memory.dmp
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
| MD5 | 4fc82b452c82854f84f9a3e34bbda7cd |
| SHA1 | e2ae93656203b5e0f80c0e35bcccfa689e573e91 |
| SHA256 | 473198b9ae35dfe3e62b299136d00f2095a51f9c9114e5e9b4a660168ddd9150 |
| SHA512 | 11895b785b74c8cd7b9c656042d1a800b8d519cee21287c3d8d8a6071923128eb2db8d9b0a34ec14147d1ab4a963686d252afa4e58ddfaf25acc1ff412c1bdcf |
memory/5808-2993-0x00000000000A0000-0x00000000000F4000-memory.dmp
memory/5808-2994-0x0000000004B10000-0x0000000004B24000-memory.dmp
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
| MD5 | cec6cbe43b2175d53063c84ff2209862 |
| SHA1 | 9922c769f157bcad6af2222f800d11a2a1995e2b |
| SHA256 | 6e5cd435b5e99f9c626f0cb3e2b3dbeba867daea8af2df0e229250c05583518f |
| SHA512 | bc73329771bd0b0e2f737d49dfc8d5b3385a0a044c9305c653e6660cbb60810b256f1c6593588fac8781b6ec4ad17a19405c9ce4cbe66eed5b9a575ffd34c597 |
memory/5808-2995-0x0000000004BF0000-0x0000000004C4E000-memory.dmp
memory/1480-3004-0x0000000000E80000-0x0000000000EDA000-memory.dmp
C:\Users\Admin\Desktop\desktop.ini
| MD5 | 9e36cc3537ee9ee1e3b10fa4e761045b |
| SHA1 | 7726f55012e1e26cc762c9982e7c6c54ca7bb303 |
| SHA256 | 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026 |
| SHA512 | 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790 |
C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe
| MD5 | 4836e869155973d6994b6086ced71f1a |
| SHA1 | 2f36c3e925667501475fa00ca3879822ae5ebed1 |
| SHA256 | 310665f71a31a563c9a94d1ca0d2229d3affe1fd2c1537e104fd62e23d7c2be1 |
| SHA512 | abf3c7e4e0f45ab6fdd29b365c3e1346e4adea4148e162ff455ffacb9c68a72090701348cda733d249b0eb45097d1fd2b3fc6cb61dc1fcfb3a8ff994b50b3728 |
memory/1976-3021-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/1480-3026-0x0000000005C00000-0x0000000005C2E000-memory.dmp
memory/1480-3025-0x0000000005BD0000-0x0000000005BF2000-memory.dmp
memory/1480-3030-0x0000000005D70000-0x0000000005E0A000-memory.dmp
memory/1480-3029-0x0000000005CA0000-0x0000000005CCA000-memory.dmp
memory/1480-3032-0x0000000005C90000-0x0000000005C9A000-memory.dmp
memory/1480-3033-0x0000000005CE0000-0x0000000005CEE000-memory.dmp
memory/1480-3034-0x0000000005D10000-0x0000000005D1E000-memory.dmp
memory/1480-3036-0x0000000005EE0000-0x0000000005F42000-memory.dmp
memory/1480-3035-0x0000000005D30000-0x0000000005D3C000-memory.dmp
memory/1480-3037-0x0000000005E80000-0x0000000005ECC000-memory.dmp
memory/1480-3028-0x0000000005C30000-0x0000000005C38000-memory.dmp
memory/1480-3027-0x0000000005C50000-0x0000000005C68000-memory.dmp
memory/1480-3042-0x00000000066A0000-0x00000000066C1000-memory.dmp
memory/1480-3041-0x0000000007430000-0x000000000746C000-memory.dmp
memory/1480-3043-0x0000000007850000-0x000000000785C000-memory.dmp
memory/1480-3050-0x00000000078A0000-0x00000000078A8000-memory.dmp
memory/1480-3049-0x0000000007A10000-0x0000000007A46000-memory.dmp
memory/1480-3051-0x0000000007B00000-0x0000000007BAA000-memory.dmp
memory/1480-3048-0x0000000007920000-0x0000000007932000-memory.dmp
memory/1480-3047-0x00000000079A0000-0x00000000079CA000-memory.dmp
memory/1480-3046-0x0000000007940000-0x0000000007998000-memory.dmp
memory/1480-3045-0x0000000007860000-0x000000000786A000-memory.dmp
memory/6752-3060-0x0000000000400000-0x00000000006E1000-memory.dmp
memory/4320-3063-0x0000000000400000-0x000000000071B000-memory.dmp
memory/1976-3064-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 42ef75e285531b04bd272a44a9d1f05c |
| SHA1 | 59a80fcab05b954616d908af9b02a1abdc63db26 |
| SHA256 | 5452bf34bc4618407e6955e090690e288198db1fb788544dde1137da2574891d |
| SHA512 | 6f19daab8060ddae29962852145158c4033fdb3ee148dde673e49e6c0d007623919ced9500e9c0beddfe569e400fb7a490ec8f4cbb54605ed227d75f0b3057f6 |
memory/540-3092-0x0000000000400000-0x0000000000728000-memory.dmp
memory/540-3093-0x0000000004160000-0x0000000004606000-memory.dmp
memory/540-3094-0x00000000068D0000-0x00000000069F2000-memory.dmp
memory/4036-3091-0x0000000000400000-0x00000000004ED000-memory.dmp
memory/4964-3104-0x0000000000400000-0x00000000006E1000-memory.dmp
memory/4648-3112-0x00000000070C0000-0x0000000007566000-memory.dmp
memory/4648-3117-0x00000000070C0000-0x0000000007566000-memory.dmp
memory/5708-3124-0x0000000001090000-0x00000000010A0000-memory.dmp
memory/5708-3123-0x0000000000970000-0x00000000009AC000-memory.dmp
memory/5708-3125-0x00000000056D0000-0x000000000578C000-memory.dmp
memory/5708-3126-0x0000000005900000-0x0000000005A68000-memory.dmp
memory/5708-3127-0x0000000005390000-0x00000000053AA000-memory.dmp
memory/5708-3128-0x0000000005790000-0x0000000005804000-memory.dmp
memory/5708-3129-0x0000000005610000-0x0000000005638000-memory.dmp
memory/5708-3130-0x00000000053E0000-0x00000000053F6000-memory.dmp
memory/5708-3131-0x00000000053D0000-0x00000000053E0000-memory.dmp
memory/5708-3132-0x0000000005640000-0x000000000564E000-memory.dmp
memory/5708-3133-0x0000000005810000-0x0000000005846000-memory.dmp
memory/5708-3135-0x0000000005B70000-0x0000000005C06000-memory.dmp
memory/5708-3134-0x0000000005690000-0x000000000569E000-memory.dmp
memory/5708-3136-0x0000000005870000-0x000000000587A000-memory.dmp
C:\ProgramData\Avira\Security\Logs\Elevated\Sentry\Avira.Spotlight.UI.Application\Sentry\104358A6DC134E47715BA87A769BBF11E2563EAB\1714844554_-11__6044116.envelope
| MD5 | cb73f4d33a74c6b41fb3ef8d7e7459e3 |
| SHA1 | c5e07d1d0c5ba61c7ac355596f263a8c5661e3ad |
| SHA256 | 9a635c6cccf7974a7244b1c7b2b927d2d6b7c6ef298cc2e95d6290ecadc3bae7 |
| SHA512 | 6f4b2ea961b60833064750b0fd071062ef2575ac606476e2acbf867d4e296216e7dd36171e3d3f0feccfead7d3b1791284f7fc3fbac12463795be90dc6066393 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cdc26d82d8c524a8203fabc469cd26d6 |
| SHA1 | 67e971797f2c36fd728bd4a666a36afa2e37094d |
| SHA256 | be89862373527a18bb42e3c7c40b72f7a57f29f34a57338b36865af7e15f2b94 |
| SHA512 | 833305c1eb13623d7d0233ed69853ed24708caa9906b790e20325ec9434a33efe3b26bf24c44330d1e918c0fc86a729d8482a4c70f76429c726da2e280adb0d9 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
| MD5 | 3f208f4e0dacb8661d7659d2a030f36e |
| SHA1 | 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff |
| SHA256 | d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b |
| SHA512 | 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740 |
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe
| MD5 | c31297188ec9fbaa60449f769339963e |
| SHA1 | 8502d9e0cef18137529f0a46ad6e69a1577e6cae |
| SHA256 | 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9 |
| SHA512 | 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a |