Malware Analysis Report

2025-01-18 22:28

Sample ID 240504-v778sscg61
Target https://filedm.com/FwZXy
Tags
adware discovery execution persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://filedm.com/FwZXy was found to be: Likely malicious.

Malicious Activity Summary

adware discovery execution persistence spyware stealer

Downloads MZ/PE file

Sets file execution options in registry

Creates new service(s)

Modifies Installed Components in the registry

Sets service image path in registry

Reads user/profile data of web browsers

Registers COM server for autorun

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Drops desktop.ini file(s)

Checks installed software on the system

Installs/modifies Browser Helper Object

Enumerates connected drives

Adds Run key to start application

Checks for any installed AV software in registry

Drops file in System32 directory

Checks system information in the registry

Launches sc.exe

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

NSIS installer

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Delays execution with timeout.exe

Enumerates system info in registry

System policy modification

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Modifies registry class

NTFS ADS

Modifies system certificate store

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Creates scheduled task(s)

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 17:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 17:38

Reported

2024-05-04 18:09

Platform

win10v2004-20240426-en

Max time kernel

1798s

Max time network

1686s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filedm.com/FwZXy

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AviraOptimizerHost\ImagePath = "\"C:\\Program Files (x86)\\Avira\\Optimizer Host\\Avira.OptimizerHost.exe\"" C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\setup84434809.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\avira__sptl1___lavasoft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\ACSSignedIC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\MicrosoftEdgeWebview_X64_124.0.2478.80.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\ACSSignedIC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.ReportingTool.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
N/A N/A C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe N/A
N/A N/A C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
N/A N/A C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0U9EV.tmp\Avira_Optimizer_Host.tmp N/A
N/A N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
N/A N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
N/A N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9CF7AD9-813E-4A4B-963D-3D12E983DD07}\BGAUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\MicrosoftEdge_X64_124.0.2478.67.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\ThreadingModel = "Both" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\RuntimeVersion = "v4.0.30319" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\ = "mscoree.dll" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\RuntimeVersion = "v4.0.30319" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\ = "mscoree.dll" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\ThreadingModel = "Both" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=EE5F351270044E48833F9831C3841596" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9CF7AD9-813E-4A4B-963D-3D12E983DD07}\BGAUpdate.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\AutomaticErrorReporting C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\LimitSentryEvents C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\SentrySessionTrackingEnabled C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "31" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\Power Profiles C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Name C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "80" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\RegistryCleaner C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\UserInterface C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\RTO C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Uninstalled C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedFirewallSdk = "true" C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security\ConnectServices C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Number C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Type = 0700140057000000 C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "70" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "6" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\UILanguage = "en-us" C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "78" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedFirewallSdk C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\CalculateBootTime = "0" C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Adress C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Uninstalled C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UploadErrorReports C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\General C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\\General C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Value C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "83" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Subscription C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Check C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\NcpSmartScanEventBasedMessagingEnabled = "false" C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\BootOptimizer C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Launcher\AcpNamedPipeName = "Avira.Launcher.AcpNamedPipe" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\\Logging C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\Version C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface\UiLanguage C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "33" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
Key opened \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Avira\Security\UserInterface C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "56" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Adress C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\LicenseState C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\MyA C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Number C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\AutomaticRestart C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "43" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface\UiLanguage = "en-us" C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UseGlobalUninstaller C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
Key opened \REGISTRY\MACHINE\Software\Wow6432Node\Avira\Speedup\Logging C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\DebugOutput C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "35" C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Subscription C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\OperaGX.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\OperaGX.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\OperaGX.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\OperaGX.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Avira\Security\is-IG4BI.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-P7RIU.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\qu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\th.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\pl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\Locales\af.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\Locales\am.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\is-NS7FJ.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\en-GB.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\is-48AQN.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\gu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\is-6MDML.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\copilot_provider_msix\package_metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\eventlog_provider.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\pt-BR\is-3A2K7.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-Q9S90.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\BHO\ie_to_edge_stub.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\Sigma\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\fil.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\EdgeWebView.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Trust Protection Lists\Mu\CompatExceptions C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Trust Protection Lists\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Notifications\SoftLandingAssetDark.gif C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\nl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\BHO\ie_to_edge_bho.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\System Speedup\Help\is-RBMMV.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\gd.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\msedgeupdateres_el.dll C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\msedgeupdateres_kok.dll C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\cookie_exporter.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-AP195.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Trust Protection Lists\Sigma\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\is-G9AME.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-EGEMD.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Avira\System Speedup\amd64\is-TQVIE.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Trust Protection Lists\Mu\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\ja.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Locales\ko.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\Locales\ro.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\x86\is-IQ9E6.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-KDQI0.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-NJ39C.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\he.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-CPB54.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\identity_proxy\win11\identity_helper.Sparse.Internal.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\is-P37JN.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File created C:\Program Files (x86)\Avira\System Speedup\is-L5ACI.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
File created C:\Program Files (x86)\Avira\Security\is-BQ21N.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\ug.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\edge_feedback\mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\is-GIF2R.tmp C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Locales\ro.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Fonts\is-DTI9M.tmp C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL\Avira.Spotlight.UI.Application.exe = "1" C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Avira.Spotlight.UI.Application.exe = "11001" C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationDescription = "Browse the web" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationCompany = "Microsoft Corporation" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959} C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\LocalService = "edgeupdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a03000000010000001400000002faf3e291435468607857694df5e45b688518680f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 14000000010000001400000055e481d11180bed889b908a331f9a1240916b970030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34310f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d820000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b68851868140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343114000000010000001400000055e481d11180bed889b908a331f9a1240916b97020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\setup84434809.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a00300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Users\Admin\AppData\Local\setup84434809.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 C:\Users\Admin\AppData\Local\setup84434809.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 991159.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.ReportingTool.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe N/A
Token: 33 N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup84434809.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\avira__sptl1___lavasoft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-0U9EV.tmp\Avira_Optimizer_Host.tmp N/A
N/A N/A C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2140 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 3372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2140 wrote to memory of 668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filedm.com/FwZXy

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7fff201c46f8,0x7fff201c4708,0x7fff201c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8

C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe

"C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe"

C:\Users\Admin\AppData\Local\setup84434809.exe

C:\Users\Admin\AppData\Local\setup84434809.exe hhwnd=917792 hreturntoinstaller hextras=id:d8d090d10951db6-AU-FwZXy

C:\Users\Admin\AppData\Local\setup84434809.exe

C:\Users\Admin\AppData\Local\setup84434809.exe hready

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "PID eq 2804" /fo csv

C:\Windows\SysWOW64\find.exe

find /I "2804"

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\avira__sptl1___lavasoft.exe

"avira__sptl1___lavasoft.exe" Silent=true AcceptEula=true LaunchUi=true

C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.9962\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira__sptl1___lavasoft.exe Silent=true AcceptEula=true LaunchUi=true

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Create /Xml "C:\Users\Admin\AppData\Local\Temp\.CR.32404\Avira_Security_Installation.xml" /F /TN "Avira_Security_Installation"

C:\Users\Admin\AppData\Local\Temp\.CR.9962\ACSSignedIC.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\ACSSignedIC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6980 /prefetch:8

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2a0,0x2d0,0x6a974208,0x6a974214,0x6a974220

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGX.exe" --version

C:\Users\Admin\AppData\Local\OperaGX.exe

"C:\Users\Admin\AppData\Local\OperaGX.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7080 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240504174012" --session-guid=255eeb1b-95b8-4865-ad3b-035a40714982 --server-tracking-blob=MjU4ZmY5NGRmOGY1ZDc1MWU5Yjg1NDNhOTQ2MmQ0OTAzYTkzNGViMWM2N2VkMmY1MTRiMGIxY2MzZmRlOTYzMDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0wYWY4MzI2OTgyOTM0Yjg1OThkNmFjODg0MWE4YzNjOCZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNDg0NDQwOC4xMjg2IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiIwYWY4MzI2OTgyOTM0Yjg1OThkNmFjODg0MWE4YzNjOCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjY4NjNmNjM2LWRmZDMtNDE2YS05NzFmLTY0Y2QxMjEzZWZkYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E803000000000000

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2b4,0x2b8,0x2bc,0x268,0x2c0,0x69d44208,0x69d44214,0x69d44220

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt

C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\7853b6d2-120a-45eb-8ad0-58504150a281\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /install

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x8f4f48,0x8f4f58,0x8f4f64

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU9872.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRBNzc3NTYtNzQ1NC00OUUxLUIwREQtNTMxMEFCMDY0RjNDfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0OEFBMDQ2Ni01QUZELTQzOTktQjcwMC0xNTFCOTc2NTdBRkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2MTcwOTM4MTYiIGluc3RhbGxfdGltZV9tcz0iMTAxOSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{6DA77756-7454-49E1-B0DD-5310AB064F3C}" /silent /offlinedir "{E0324AB3-6216-4F47-B79D-01C1FCB722D2}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRBNzc3NTYtNzQ1NC00OUUxLUIwREQtNTMxMEFCMDY0RjNDfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7REYxRjk3MDctRTgxQS00MzVCLUFEODgtMjkxMkRFQjNDNjI5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxMzU4OTQiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODYzMzY4MTAwMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjIxNDY4NjY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\MicrosoftEdgeWebview_X64_124.0.2478.80.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\MicrosoftEdgeWebview_X64_124.0.2478.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\MicrosoftEdgeWebview_X64_124.0.2478.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F472E783-D718-4393-A68B-AAF3FDA7F7C8}\EDGEMITMP_DA87E.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff63c2d88c0,0x7ff63c2d88cc,0x7ff63c2d88d8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5448 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,10294362132168908245,14383871909641586274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkRBNzc3NTYtNzQ1NC00OUUxLUIwREQtNTMxMEFCMDY0RjNDfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7QjUyODE1NUEtNjVGOC00Qzg0LTk5NzUtOURGNThCN0RCN0I5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNC4wLjI0NzguODAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2NDk5MDU1NDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjUwMjE4MjE4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTY2MTc2MDg1NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2ODAxNzQ3OTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxMzYyOTI1NDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjE3Mjc5NjQ3MiIgdG90YWw9IjE3Mjc5NjQ3MiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNDU2MTIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240504174148608.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V4

C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp

"C:\Users\Admin\AppData\Local\Temp\is-O0HBJ.tmp\avira_spotlight_setup_lavasoft.tmp" /SL5="$402B0,34114105,924672,C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240504174148608.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V4

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" create AviraSecurityUpdater DisplayName= "Avira Security Updater" binPath= "\"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe\"" start= delayed-auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc.exe" description AviraSecurityUpdater "Avira Security Updater"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Update /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\UpdateFallbackTask.xml"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Service_SCM_Watchdog /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\WatchdogServiceControlManagerTimeout.xml"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Systray /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\SystrayAutostart.xml"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Maintenance /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-HSQ2O.tmp\MaintenanceTask.xml"

C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe" Action=RegisterFallbackUpdater AllowMultipleInstances=true UnpackInCurrentDirectory=true

C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira__sptl1___lavasoft.exe Action=RegisterFallbackUpdater AllowMultipleInstances=true

C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\ACSSignedIC.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\ACSSignedIC.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Avira_Security_Installation"

C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.ReportingTool.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\.CR.8518\Avira.Spotlight.Bootstrapper.ReportingTool.exe" /TrackUnsentEvents

C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe

"C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240504174155337.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=lavasoft /Spotlight

C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-J9GC7.tmp\avira_system_speedup.tmp" /SL5="$B021C,35770327,916992,C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240504174155337.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=lavasoft /Spotlight

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Delete /F /TN AviraSystemSpeedupRemoval

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo

C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe

"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" -umh

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C copy "C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe" "C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /F /RU System /SC WEEKLY /TN AviraSystemSpeedupVerify /TR "\"C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe\" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART" /RL HIGHEST

C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe

"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -validatelicense

C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe

"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -initbootoptimizer

C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe

"C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\is-0U9EV.tmp\Avira_Optimizer_Host.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0U9EV.tmp\Avira_Optimizer_Host.tmp" /SL5="$602DE,1578082,832512,C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe" /VERYSILENT

C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe

"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe" /Install /Silent

C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe

"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"

C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe

"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9CF7AD9-813E-4A4B-963D-3D12E983DD07}\BGAUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A9CF7AD9-813E-4A4B-963D-3D12E983DD07}\BGAUpdate.exe" --edgeupdate-client --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0Q0M0FBNjEtRDMzQi00OEVDLUI3REUtQzRGQTM2RURFN0IyfSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDODczQUUwNS02NTQ5LTQ2QUEtQTkwOS1EMjEwMThBQ0JFOTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjE4MTg1OTkxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYxODM3NTY5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI3ODg0NTY5MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1NDQ5NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWxzbklBMkRBaDRNNXNYb2dVVkh5b29qNGhacFVobEFKNURrUkVSN2hDVyUyZkhwNVJUalVDemVEM3p2bHJ3NCUyYnlxa29RWkpXeXVZdTY2YmZuV3UxRVpudyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSI4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyNzg5MzU2NDQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1NDQ5NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWxzbklBMkRBaDRNNXNYb2dVVkh5b29qNGhacFVobEFKNURrUkVSN2hDVyUyZkhwNVJUalVDemVEM3p2bHJ3NCUyYnlxa29RWkpXeXVZdTY2YmZuV3UxRVpudyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjE2MTQ3NCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjc5MTE1OTQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyODU0NTU3MDQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI4NzE1NTY5MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwNTkiIGRvd25sb2FkX3RpbWVfbXM9IjE2NjAyOCIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTY4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\MicrosoftEdge_X64_124.0.2478.67.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7134588c0,0x7ff7134588cc,0x7ff7134588d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{811B2C8A-6696-4E53-BD32-435265772DF7}\EDGEMITMP_1A2D0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7134588c0,0x7ff7134588cc,0x7ff7134588d8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEY4QTBFNDItOUYyOS00NTM0LUJGNUEtOEY4MTE4MkY5RUY3fSIgdXNlcmlkPSJ7QzlEODQ1N0EtQjMyOS00OEYyLTlBOTQtQTlEOUZDRDMwMTRGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4RUE4RUM3Qi04NjAzLTRCMjItOUI3Ni1CM0E1NTMzNDYzRUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iNyIgY29ob3J0PSJycmZAMC44NSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI4IiByZD0iNjMyNSIgcGluZ19mcmVzaG5lc3M9IntDMjIxMzBEQy1DRDBCLTQ2RDQtQjZEMy1FNzAxODc2M0EzMUZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI3IiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTkzMTc5NDY5Nzg1MTcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM3OTQxNTk0MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM3OTU4NTk1MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NjM3NTU3NDIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMzFiZDVkNy05YzY1LTQ3NmEtOTA3NS1lMjQ5NGY4ZGE5ZTQ_UDE9MTcxNTQ0OTczMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1lODBFZGUlMmJwaW1tVlNZcFd6SHExRlN1dEg2SlY3eWpFVHFsYTVrMHNyU2ljaGhsQkFNJTJmM2JNb2x2N2YlMmIzR2hvZHZyWkJCUDBDVldvbSUyZnVSNlVHNGFBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjciLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NjM3NzU4NTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzEzMWJkNWQ3LTljNjUtNDc2YS05MDc1LWUyNDk0ZjhkYTllND9QMT0xNzE1NDQ5NzMzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWU4MEVkZSUyYnBpbW1WU1lwV3pIcTFGU3V0SDZKVjd5akVUcWxhNWswc3JTaWNoaGxCQU0lMmYzYk1vbHY3ZiUyYjNHaG9kdnJaQkJQMENWV29tJTJmdVI2VUc0YUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIGRvd25sb2FkX3RpbWVfbXM9IjI2MzE4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjYzOTA1Nzg4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjc4MzA1ODE5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTExNTE0NTY4NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQ0MCIgZG93bmxvYWRfdGltZV9tcz0iMjgzODAiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDM2ODIiLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSI4IiBhZD0iLTEiIHJkPSI2MzI1IiBwaW5nX2ZyZXNobmVzcz0iezU5ODBGODRCLUE0MUMtNEMxQS1BOUMwLTQzMDJCRjNBMDQxMn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC44MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuMjkiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins5QjlCMDQzOS01N0U1LTRFMzItOUE2RS01QjEyNEQ5Qjc3Mzl9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

Network

Country Destination Domain Proto
US 8.8.8.8:53 filedm.com udp
US 104.21.60.113:443 filedm.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 113.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 getfiledirect.com udp
US 104.21.67.38:443 getfiledirect.com tcp
US 104.21.67.38:443 getfiledirect.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 38.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 192.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.dlsft.com udp
US 35.190.60.70:443 www.dlsft.com tcp
US 8.8.8.8:53 70.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 flow.lavasoft.com udp
US 104.16.148.130:443 flow.lavasoft.com tcp
US 8.8.8.8:53 130.148.16.104.in-addr.arpa udp
US 8.8.8.8:53 dlsft.com udp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 sos.adaware.com udp
US 104.16.212.94:443 sos.adaware.com tcp
US 8.8.8.8:53 filedm.com udp
US 104.21.60.113:443 filedm.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 2.21.17.29:80 x2.c.lencr.org tcp
US 8.8.8.8:53 94.212.16.104.in-addr.arpa udp
US 8.8.8.8:53 29.17.21.2.in-addr.arpa udp
US 104.16.212.94:443 sos.adaware.com tcp
US 8.8.8.8:53 package.avira.com udp
US 23.220.113.161:443 package.avira.com tcp
US 8.8.8.8:53 webcf.quickdriverupdater.com udp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
US 8.8.8.8:53 161.113.220.23.in-addr.arpa udp
US 8.8.8.8:53 www.freevpn.win udp
US 172.67.141.75:443 www.freevpn.win tcp
US 8.8.8.8:53 download2021.pdf-suite.com udp
US 104.21.57.28:443 download2021.pdf-suite.com tcp
US 8.8.8.8:53 127.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 75.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 28.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 download.enigmasoftware.com udp
DE 18.245.86.53:443 download.enigmasoftware.com tcp
US 8.8.8.8:53 spyhunter-download-v2.b-cdn.net udp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
US 8.8.8.8:53 53.86.245.18.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 104.16.148.130:443 flow.lavasoft.com tcp
US 23.220.113.161:443 package.avira.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
DE 108.138.7.127:443 webcf.quickdriverupdater.com tcp
US 23.220.113.161:443 package.avira.com tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 8.8.8.8:53 www.ovardu.com udp
US 172.67.174.4:443 www.ovardu.com tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 172.67.141.75:443 www.freevpn.win tcp
US 23.220.113.161:443 package.avira.com tcp
US 23.220.113.161:443 package.avira.com tcp
US 23.220.113.161:443 package.avira.com tcp
US 23.220.113.161:443 package.avira.com tcp
US 23.220.113.161:443 package.avira.com tcp
US 23.220.113.161:443 package.avira.com tcp
US 23.220.113.161:443 package.avira.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 api.mixpanel.com udp
US 8.8.8.8:53 api.my.avira.com udp
US 130.211.34.183:443 api.mixpanel.com tcp
DE 3.123.247.118:443 api.my.avira.com tcp
US 8.8.8.8:53 4.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 183.34.211.130.in-addr.arpa udp
US 8.8.8.8:53 118.247.123.3.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.146:80 msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
GB 104.91.71.144:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 146.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 144.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 19.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 features.opera-api2.com udp
NL 185.26.182.106:443 features.opera-api2.com tcp
US 8.8.8.8:53 api.config.opr.gg udp
US 104.18.25.17:443 api.config.opr.gg tcp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.24:443 download.opera.com tcp
US 8.8.8.8:53 download3.operacdn.com udp
US 2.16.106.162:443 download3.operacdn.com tcp
US 8.8.8.8:53 106.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 24.216.145.82.in-addr.arpa udp
US 8.8.8.8:53 17.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 162.106.16.2.in-addr.arpa udp
US 8.8.8.8:53 package.avira.com udp
US 23.220.113.161:443 package.avira.com tcp
US 8.8.8.8:53 a.directfiledl.com udp
DE 167.235.218.62:80 a.directfiledl.com tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
US 8.8.8.8:53 62.218.235.167.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 130.211.34.183:443 api.mixpanel.com tcp
US 130.211.34.183:443 api.mixpanel.com tcp
US 8.8.8.8:53 sentry.avira.net udp
DE 18.195.247.94:443 sentry.avira.net tcp
US 8.8.8.8:53 94.247.195.18.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 89.58.114.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 104.123.50.171:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 171.50.123.104.in-addr.arpa udp
US 8.8.8.8:53 api.mixpanel.com udp
US 130.211.34.183:443 api.mixpanel.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

\??\pipe\LOCAL\crashpad_2140_JXDQXSKJOWQBXCMX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a503760716ad22db492be66cf334efb1
SHA1 2cbddd831aa56bda4bcff7b8c3f86792f8ac4735
SHA256 71ac9068d961174e46a18f2fa20be27cc37885dcbf148dc17f18b3864f1b78e1
SHA512 53b38d1165f9c8755c781cedb5d366c48caf2122c6dd251819ee61d7a745a79593de90dd887ed838979070409aec799a90837bc2d166ea80992d3a855dee87e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e0634684b33fd4f0ecc8d7cd44957c4
SHA1 e3e3b4fd74450548f31e3bbe9112c61bde148c56
SHA256 39a25051a346872c6f015148f300fa9fbe8608c9790097dfbb0eb5540ee2eb2f
SHA512 8a68fc094c8b6b94bd5d1dd25972f2912449c93172653588d5cf02494223c738d6f8994dc50600d6309c888ffdfeb9bd05041496207bbf7e3fde64e792a04bae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72167c525775f7f300a8f70b2b348de7
SHA1 14edd298a3d1acb891b2b74eb8c6927227258b22
SHA256 890f3466581b0474b61b029be173be4d4f6dad0ab23b96a0f240da4e4f72d768
SHA512 78a014d586fdf68f9a5ec3b52e3a383159fc3336345e5260edb5386fe6a93f85c3fd62488fe0c4120e9154f91fb764621dcc9eaae06570a977080c63db869b14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71317e20871f5e879fcec751bcd8a137
SHA1 dc95a6c80efb2a11a9e6dd1a3c16d186f19995b5
SHA256 14036ec6e9ddcfc7d7b8639348a69eadfc5a8d03b222ce10dd305fcc27b185b4
SHA512 b9bb53baa6c6acd7e879e1e39dc7668abdcf3690c3261c565dfde020be48dc7ffc16db84f75d3c5ab9dfe121fc4287914eb81edc7733598b8470236a2034aab2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b6cc969f0a39b97ecdc138d0475b463
SHA1 896088ec19a148bf35be022a22923fc2113b7633
SHA256 d823580e85ad5ed56a34c70cd06de4837bcac996681cbe3d40aabb8a27f54703
SHA512 81437871e655f1e1516f00e670b8cbcc7c5acc81b9ae1765f98a41d2c7410ff6b11e44b54b2b995807023da3b5fcdac5b14093ce96c22beed60db9487fd09784

C:\Users\Admin\Downloads\Blindness V2 Exploit Revive_84434809.exe

MD5 1198daaa23f0af650c7cd4555fbef9e8
SHA1 783f86460785027a41a84e41b42a05b4d4a1a462
SHA256 25c846183e10bd2a146325effecddbabf0f390717fd11d597012a033e6daf600
SHA512 1a67d52794c2047936fc4814b70dd6474837b90df7a8b5653eb8a09cf98d4df2c93fb07451a29254e2e161e9e3f0c3f87e9f5e1252a2c89f2b7f95537e80227d

C:\Users\Admin\AppData\Local\setup84434809.exe

MD5 29d3a70cec060614e1691e64162a6c1e
SHA1 ce4daf2b1d39a1a881635b393450e435bfb7f7d1
SHA256 cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72
SHA512 69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

memory/2804-157-0x0000000000420000-0x00000000007F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

MD5 72990c7e32ee6c811ea3d2ea64523234
SHA1 a7fcbf83ec6eefb2235d40f51d0d6172d364b822
SHA256 e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3
SHA512 2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

MD5 1a84957b6e681fca057160cd04e26b27
SHA1 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe
SHA256 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5
SHA512 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

MD5 8ff1898897f3f4391803c7253366a87b
SHA1 9bdbeed8f75a892b6b630ef9e634667f4c620fa0
SHA256 51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
SHA512 cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

MD5 6e001f8d0ee4f09a6673a9e8168836b6
SHA1 334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38
SHA256 6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859
SHA512 0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

memory/2804-179-0x00000000051D0000-0x00000000051E4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

MD5 08112f27dcd8f1d779231a7a3e944cb1
SHA1 39a98a95feb1b6295ad762e22aa47854f57c226f
SHA256 11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa
SHA512 afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

memory/2804-187-0x0000000005220000-0x0000000005244000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

MD5 105a9e404f7ac841c46380063cc27f50
SHA1 ec27d9e1c3b546848324096283797a8644516ee3
SHA256 69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b
SHA512 6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

memory/2804-195-0x0000000005250000-0x0000000005278000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

MD5 6df226bda27d26ce4523b80dbf57a9ea
SHA1 615f9aba84856026460dc54b581711dad63da469
SHA256 17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc
SHA512 988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

memory/2804-203-0x0000000005280000-0x00000000052AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

MD5 8db691813a26e7d0f1db5e2f4d0d05e3
SHA1 7c7a33553dd0b50b78bf0ca6974c77088da253eb
SHA256 3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701
SHA512 d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

memory/2804-211-0x00000000052E0000-0x0000000005308000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

MD5 b199dcd6824a02522a4d29a69ab65058
SHA1 f9c7f8c5c6543b80fa6f1940402430b37fa8dce4
SHA256 9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4
SHA512 1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

memory/2804-219-0x0000000005350000-0x0000000005382000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

MD5 c06ac6dcfa7780cd781fc9af269e33c0
SHA1 f6b69337b369df50427f6d5968eb75b6283c199d
SHA256 b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d
SHA512 ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

memory/2804-227-0x0000000005310000-0x000000000532A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

MD5 9d2c520bfa294a6aa0c5cbc6d87caeec
SHA1 20b390db533153e4bf84f3d17225384b924b391f
SHA256 669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89
SHA512 7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

memory/2804-235-0x00000000053C0000-0x00000000053E4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

MD5 422be1a0c08185b107050fcf32f8fa40
SHA1 c8746a8dad7b4bf18380207b0c7c848362567a92
SHA256 723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528
SHA512 dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

memory/2804-243-0x00000000052D0000-0x00000000052DA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

MD5 be4c2b0862d2fc399c393fca163094df
SHA1 7c03c84b2871c27fa0f1914825e504a090c2a550
SHA256 c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a
SHA512 d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

memory/2804-251-0x00000000053F0000-0x00000000053F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

MD5 17220f65bd242b6a491423d5bb7940c1
SHA1 a33fabf2b788e80f0f7f84524fe3ed9b797be7ad
SHA256 23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f
SHA512 bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

memory/2804-259-0x0000000005440000-0x000000000546C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

MD5 83d37fb4f754c7f4e41605ec3c8608ea
SHA1 70401de8ce89f809c6e601834d48768c0d65159f
SHA256 56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020
SHA512 f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

memory/2804-269-0x00000000053A0000-0x00000000053BD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

MD5 f931e960cc4ed0d2f392376525ff44db
SHA1 1895aaa8f5b8314d8a4c5938d1405775d3837109
SHA256 1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870
SHA512 7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

memory/2804-286-0x0000000005AB0000-0x0000000005AC2000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

MD5 2c4ee83f6b84f57ea7d7b5490454f58c
SHA1 d2f153a30e9d4875da765e09b75e9af7cea7f2ab
SHA256 f0ed3f54df8ea37fcf2cea41aeadd4689023d4d1e1e68c6e6023a5bd6cae1f3c
SHA512 ed5edb7832605b32197360d39944ceb89faf2c9c1d6175cec9d0f8062c45d04609a0ed297646ea01164e87af23e251401e9de90461e36fce210725337bd137f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

MD5 75e0455cde416122acdcdf007af1a3bd
SHA1 23f460e1ee95193f59a76e206309e3ab0bf93a84
SHA256 48e4e53792fa3f6d836ef42f700febd39e6d3aca28fa7328c0da78b066f6b2e1
SHA512 4ae1fa90252c15eecfd8dbc1150cbe67cb8aff822c297a5b7a3f0baa60015754d8b331b7cea17394ad13d73f79b16a2e8e95a9e1abb446019fceff6870f71093

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

MD5 ec95ba152315371a12b61e59736ef2af
SHA1 5420ca8697ddefc184f61745f4737305a68a4e75
SHA256 55c56ef40fb19a4cf6d03acd5c5232286fe429d79e0f619701f32d51a5428198
SHA512 ecb8c92181c02083b06272b5d92acbbc51abcd3eee7e42e06d8df77fb2e4240d5fd2f5a1a084dc9c4f7945218fadc1f6a4532145c12dbc1887961cee79f19be9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

MD5 13532de834d755cae18e11139f6ca306
SHA1 a69909c40ce0a0d748c289ed68b1269c6c036cf9
SHA256 7533b158883e6ab2b69f4f2a9eeadc265426a585248a45f5586f391ae0e9d181
SHA512 eb07262afcf629e886b4edde2aafee3b035ae422295476ee977b7e407311f12f4d9b59f8b8020aaa0c0e000861c1328adcd9f9d9defa055cc5c991c805ceea48

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

MD5 9de86cdf74a30602d6baa7affc8c4a0f
SHA1 9c79b6fbf85b8b87dd781b20fc38ba2ac0664143
SHA256 56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583
SHA512 dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

memory/2804-303-0x0000000006190000-0x000000000621C000-memory.dmp

memory/2804-308-0x0000000006110000-0x000000000611A000-memory.dmp

memory/2804-309-0x0000000006250000-0x0000000006272000-memory.dmp

memory/2804-310-0x0000000006280000-0x00000000065D4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

MD5 554c3e1d68c8b5d04ca7a2264ca44e71
SHA1 ef749e325f52179e6875e9b2dd397bee2ca41bb4
SHA256 1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e
SHA512 58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

memory/2804-316-0x0000000006740000-0x000000000674C000-memory.dmp

memory/2804-319-0x0000000006D20000-0x00000000072C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

MD5 38cc1b5c2a4c510b8d4930a3821d7e0b
SHA1 f06d1d695012ace0aef7a45e340b70981ca023ba
SHA256 c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2
SHA512 99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

memory/2804-325-0x0000000007890000-0x0000000007E44000-memory.dmp

memory/2804-332-0x00000000069A0000-0x0000000006A32000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll

MD5 b431083586e39d018e19880ad1a5ce8f
SHA1 3bbf957ab534d845d485a8698accc0a40b63cedd
SHA256 b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b
SHA512 7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

MD5 28f1996059e79df241388bd9f89cf0b1
SHA1 6ad6f7cde374686a42d9c0fcebadaf00adf21c76
SHA256 c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce
SHA512 9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

memory/2804-354-0x00000000082D0000-0x00000000082FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

MD5 9ba0a91b564e22c876e58a8a5921b528
SHA1 8eb23cab5effc0d0df63120a4dbad3cffcac6f1e
SHA256 2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941
SHA512 38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2bbc7d2f1526bf5d62853347c0d43ec6
SHA1 2aa887c62ae66b78e9ecdf6e13735640fdd992ea
SHA256 49f451b85ab7891cab10646b5440a9afa352f35823df5f9d1b64f63fdb0e464e
SHA512 8068e2fd4076cddb45d6823328772a637fbe9d2790fab9d127e416ac9d4ffbcc952b3c25053e42a3ef65ec5754126664a9026b1b075f8a2161f530a638b047dc

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

MD5 bf5328e51e8ab1211c509b5a65ab9972
SHA1 480dfb920e926d81bce67113576781815fbd1ea4
SHA256 98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b
SHA512 92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

MD5 4003efa6e7d44e2cbd3d7486e2e0451a
SHA1 a2a9ab4a88cd4732647faa37bbdf726fd885ea1e
SHA256 effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508
SHA512 86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

MD5 cef027c3341afbcdb83c72080df7f002
SHA1 e538f1dd4aee8544d888a616a6ebe4aeecaf1661
SHA256 e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7
SHA512 71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

memory/2164-430-0x0000000000D90000-0x0000000000D9C000-memory.dmp

C:\Users\Admin\AppData\Local\Adaware\OfferInstaller.exe_Url_1hem3jux35iv1vzfopbi55gu03hcnxpl\7.14.2.0\user.config

MD5 f3da41e2f01ec12a28efa662df2fa963
SHA1 9760227f497132829ec34fffec6184969043bba1
SHA256 a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2
SHA512 ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59

memory/2164-440-0x0000000006FC0000-0x0000000006FCA000-memory.dmp

memory/5260-448-0x0000000000D80000-0x0000000000F12000-memory.dmp

memory/5260-449-0x0000000005730000-0x00000000057A0000-memory.dmp

memory/5260-450-0x00000000057E0000-0x000000000580C000-memory.dmp

memory/5260-451-0x0000000005BD0000-0x0000000005C3C000-memory.dmp

memory/5260-452-0x0000000005C40000-0x0000000005CA0000-memory.dmp

memory/5260-453-0x0000000005B90000-0x0000000005BA6000-memory.dmp

memory/5260-454-0x0000000005CA0000-0x0000000005CAC000-memory.dmp

memory/5260-455-0x0000000005CE0000-0x0000000005D10000-memory.dmp

memory/5260-456-0x0000000005D60000-0x0000000005DA4000-memory.dmp

memory/5260-457-0x0000000005E20000-0x0000000005E4C000-memory.dmp

memory/5260-458-0x0000000005E90000-0x0000000005EC6000-memory.dmp

memory/5260-466-0x0000000005E70000-0x0000000005E84000-memory.dmp

memory/5260-467-0x0000000005E50000-0x0000000005E5A000-memory.dmp

memory/5260-468-0x0000000005F00000-0x0000000005F22000-memory.dmp

memory/5260-471-0x0000000005F30000-0x0000000005F42000-memory.dmp

memory/5260-473-0x0000000005F70000-0x0000000005F78000-memory.dmp

memory/5260-474-0x0000000006CE0000-0x0000000006D30000-memory.dmp

memory/5260-475-0x0000000006D30000-0x0000000006D6C000-memory.dmp

memory/5260-476-0x0000000006DB0000-0x0000000006DC0000-memory.dmp

memory/5260-480-0x0000000007870000-0x00000000078D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\51ef5c95-8b8e-4547-bd5e-4f8550c70668.tmp

MD5 08526c43dba41d8b40d98c4a33e3850b
SHA1 403baa8e261b93f83a22c577d39f53c108cbe9e4
SHA256 5616c3955183ef70cf911cb72f6d55277c95dac4cca5fd19edfa14b2d657977d
SHA512 a3417ded6762e544faa4519c20823829b7a135fe3fe9643f2d63be1d67adc508b194d7d7672006d24b9b3560be32e0ed635c0b6a1f649f0a96ae93422dfc0ff6

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\_locales\en\messages.json

MD5 084e6401c611027c7a37ced03dc4cad6
SHA1 fb43defd1877aa79f7721487cc4dea82763e1f32
SHA256 b129c59e3a5c93071f454754c4e9c9a985ec86f9426ddc1a781938dbc6047344
SHA512 a9c896612d57dee55503869f6e91c68da3029b2b083ce2a672fa1875ed3153bbd71341c4df2a060c17c90610cd403e24546ae364782a62085c3868e118d0a3cc

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\blockedIFrame.js

MD5 0fdc85565c94032f4dce86a7a787b8b6
SHA1 17401e40e8d4e255abc54b655e902cea6aa38979
SHA256 a07ed2044e8cf301e20489b27940818bfb7d77338fdfdb8e0ff7554d1fbf6a49
SHA512 f61ffb25c80081657c59cc4265f02f53b0d16ef4dac6546327f6e8f6fbf36b1daa246d22f258c06e8aa0eab873a434d66584314f076c37418d6a1c7d60bd3c28

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\landingPage.js

MD5 5eff50079fc107ded28bfe8cea8a8687
SHA1 c9ed85de0c4162bf3b575571ec8877391a2a9f66
SHA256 84fbe1ed16cb1614d369b40a31b63de5c3e5bf0305cd7d9a16195ddcb8637935
SHA512 817ad9b4e6383c8085763973388dd0fb620dba69e2897cfd3f95a69efb50e939a359fa713c939131b74c513367db1e88f16f7c35e539eec4ec3bc05e85a60536

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\jquery.js

MD5 31c7feb42feac79c49c294d7e2360786
SHA1 0bd82189e7dcdec830e87fc70f775900db706f6f
SHA256 dc007e1b0c1d61d2ed7c00f7c3c4deb9831a1e622fb1cd68900d9bd330d38e24
SHA512 52171e3dda6cad189929da6ab44eceae84872e7f70d5339cb85855d25c6a9b5d035a32c71d33cec72d324f94b695e4c9cc55c23299c339dd216713364c757a34

C:\Users\Admin\AppData\Local\Temp\41916469-24a0-4d76-9c2e-3257d9b7ead8.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\content.js

MD5 7a3e8afd3d8a6281c2e4ec315ee78fb9
SHA1 c08cda369d09232f4beb9db962a3ee21ef016bf9
SHA256 92e5d77400aa83415876f5a8d78c55c27bf5d47a48b99b73cb36f0088cee2c5f
SHA512 aa77695cabe2c9d6fd8a7a68735fc7152c36ba649f49c876d716eadadb99a474cdb7ead4c4a73abcf41c0b1d40a2ea7e218956be2be790ee0abc1a05801bc8d4

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\js\content\common.js

MD5 4672ef0eaf7515a69409c9c0fd3e62bd
SHA1 ca920038f11d0ae10069b87f0ee32260a0d0f523
SHA256 593ba5536ea92a87e55004874648ff12f096c71bc4dc81c084f0c59cf662cef8
SHA512 304c5f7440e6e38127594892d993c740ce338f3b12a64923ab6793936126d0f68df27f83d0213f85926a15564ce84e81401e06448ff8fbb0d92b871db984e526

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\offers_js\cms_ss2.js

MD5 16aa6b7a57ed00862d0106da2ea9281f
SHA1 229472fd4759a6ede4acff8c5841b2922ddb5b66
SHA256 ea2299d44948ae88d95e31cec8677f05a2174b70b896465ad787e19143eafe6f
SHA512 8b3a3a138a1ab98658502cb90a3cdd650e7092b1181477d86ecfcfaee18589178f714688a58fe2c924b46f834ce29faeacf0fb3413e1dcba0077739f8b47f301

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\_locales\en_US\messages.json

MD5 7d1f1a13ab9860f983720e6fbc3bd93b
SHA1 50911a792e81c14a376fc32a22ccd22f0e05aadc
SHA256 0c27964dbb0e474e06a06cbf50c5720058a9c3e6f8dd69c27350bb47f59af2fb
SHA512 9940b947187abec73c154f59915cc36bc916ede860c907bf591fb71696878840eea2d1fc7fe012dd6ca7d7e8a25af545374747226054c877a2704b3e82cfa49f

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\css\ExtPermNotification.css

MD5 869c9f7ad6d54c1e14e94b7fcf90f6dc
SHA1 59ed7c434f978caf6a6e0d7d59e9d8286e89a351
SHA256 755d8a77d768cc7059cf32c28ae7a25d6d54a5f4b9841384457f459d18cf38eb
SHA512 9c7bd91bb20403742f6ef03314732e8f7a426561a59ab9ed8b3316a704d623147d5de3f46bfd7d8e529d93048aa877599dac555f669fb920e719dd7a3d332ad6

C:\Users\Admin\AppData\Local\Temp\8242c44d-6263-4ab9-b042-ac9ffd52bf02.tmp

MD5 2abfeac7ea224741f3e59988cf399685
SHA1 2992a6e26606473d14fa4eeaf995932a5b9fa641
SHA256 391e3cd8a69c0b91fb6635441ca6ec45ef32accb1306ce9584baf62e62d2848a
SHA512 0b3c6d098429b8b147be6fd61729efedc544ddad930d51f0d9f3e21e7f23b9d560ec0e12d24557ed84cb63fad94a618ecde2914ffe488e41bdafde80c5c0c842

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\adguard\adguard-content.js

MD5 252fd89b64e3d3ee049e24098907716a
SHA1 70c2f95c7ee683bb4b7b563fb606ec16fa612d3e
SHA256 26eba787912ef87717430e78b53dc832bd6290db089c742526933e8d8711f660
SHA512 20d35a34598a5465fd2e3ba4e5cce61fc2d0d1ddb7f8165b98f7b30864b9dac9b0d2eb9800e62593b60e4b8afed6297fbd2da3f54011c02ce0284d612e887dea

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\css\content\search.css

MD5 5c96abf57abfc0c8d233a915d8a45278
SHA1 dfb82a20642c8569408cc58e1f5329f4bd530e3b
SHA256 98b0a8047168a3c7424df463c1959578103360e8ccddd76575da1ad4addaeca7
SHA512 ff6c9d771be44ebbbac173135d86b840c74f0bbb2f72992f2151b9ad034c22a2da4e53c89fedbe68d0a31292b325e255d739d47d291fd3b614d18df9caf301a6

C:\Users\Admin\AppData\Local\Temp\scoped_dir2140_1249147852\CRX_INSTALL\css\content\content.css

MD5 b176b474414092f01ce861f9da4bf2a2
SHA1 d175c77bf023434e6bdd14697d12653a4d397755
SHA256 e61a1a270d678bc281c6d857da661c2b9ab77dec18f2723dcc106463e1911c63
SHA512 692fe6310ef028b4ee7fae0d363947084fc1bda5d95b3d9f2c52882e02e75fbeae88b6fcbcf7e954400eda5f66634a45bf2eec022da1cca19cd64cff9600842d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip\4.2.7.2353_0\manifest.json

MD5 c53baa16050867e10a4ca63e54395085
SHA1 809f1522b9aad15092c9d8ae48870bc00c01eb73
SHA256 f8cebafa8009406e5a1cc63355c102a8a3a839e93b12922d7345973ca2c0db11
SHA512 f5a488d787d4a6a3b24026a1a91cadc249f5914c00e6e9708da290b36240de2a572f87c7691909b16819b0c2cf842f8921ddcbfd8117c1c6f105fe2eef16093c

C:\Users\Admin\AppData\Local\OperaGX.exe

MD5 ed1a6fe19acd68ac0685d426a29e1102
SHA1 06334996e5d27b37535a2d724eb1a9b84ffcdc15
SHA256 a13f1ab1fb6138e391cd7d2efe80b4726ab64e1cb012936eec187b252f00190c
SHA512 957986f164f1127ccb2a818970ad28a30a6ced312f85e5fd5e39d93a2e074e229e6189e6da8f9145c0ff11c741ca3fbcc46a25af4a2f8dda81a1a205daa3047b

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405041740120827152.dll

MD5 c44227f38d59c590106f011b17eb90d3
SHA1 b99b310fc2249a7879290ca5d2ad915ef588e76f
SHA256 c0a24436f26dc0d4a4be90cc7c75343039f02ff058ca00da06399da839968b94
SHA512 0edc91a06511cedabee7587401f69fccb3ade9747e1855c850806c2f0fef4402ed412dc1c68d03a70b317ee6314fa446d8541e831dbe24cabfafda17aa1b61be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 903c90d74f33ad61be46e6d875f1d1f5
SHA1 7572c511f4af70599a74c5e0651856c2fc0b2b83
SHA256 690842092d76ee489410941e6b306b60edee3725240f1eecd8ca378c2993b4ef
SHA512 8d2cfd44b663034e33e9cd0906d6655c10ba12056055ea3ac0847e0cca6d011b8eb544cc326a426f3bb23255515b9e8a94957fb27416d3e0ddf76c99d1aba2de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fad88551ba7d2a36f012dc640af3674b
SHA1 c2694442f4c5d67288faf88d2d9e4c65551514de
SHA256 9cec9ea1db5257602140d22fe623a3305a98d468100295286427fbfc56e8ac0f
SHA512 564e96c2a2e1e6ae47355b419d7ab4334a777ce63a6c6de060581b9e140a96ba18baf4ba9b9466491cd21d684e8efab5f0eaa7dbae40d6d6650cd908b2271ce2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b8f8389-8db2-4a8d-babc-b1e8a214f331.tmp

MD5 9d25c17020fcdffd1f5e45879f1a951d
SHA1 8baf1be4fffcfa17ae938b8213c496fd4762c0ca
SHA256 817ba769f9be38181f1f5f367e0987d265d8303e9fb6e893d30dfb5de12c3917
SHA512 fe8e70752463947814f0b68cd32029950cdf8b73dfad6f567aac4c07ef08e20e84fd3fbe6a5a94a763b814716a8d2dd4cfc7b0ec91e307d299ed99fcfc0feda1

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405041740121\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.CR.9962\3cd4c5a1-ecc7-4887-bcfa-d89b3a7c3c3b\avira__sptl1___lavasoft.exe

MD5 3ad6f1d43acfdb4533ade2e597f09ecd
SHA1 295d0c6098f19c81c48a40db7a97a88b4f0632f2
SHA256 dba4515014a26c44fa8cf4c7f2502bfc29855879e5c890e037e24d09fc757cf8
SHA512 405f9e510612899c1b1a79bcb1846f0c283e173b7a7b57de307a3c72d5462ccc323a7a93d69528bb461cdc24e4e22c7038f17276daa3bb31a8862fa6c26bd4bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b9635699f1fe53e9127daf7aae47f440
SHA1 a7c74758d96ad1085c9a173919233e205d1f40bd
SHA256 fab85dcf52ce3347bf9fac0c12c9fd705b3dc213eb0cf97dcef3550888c13029
SHA512 e83f7a1a5cb10a6c4b69722f2b50d1c43c24521984e76a066de06ddc381c0234f55de32fd1ca93d973479d4485adc172fbfcded521e27a8705874f5782a46e6a

C:\Users\Admin\AppData\Local\Temp\.CR.9962\ca37e2e0-4a86-4491-b6cf-8c095864921e\avira_spotlight_setup_lavasoft.exe

MD5 3b6bca9e1b79bf84996f8348c4225ae3
SHA1 0cf0734fd65cd4ebf37da75fbf7a56c040cf3190
SHA256 e1c44bda2ace6d3c181d57deb0f99aa4b1e5a07efb643b0e1cdf0516ee3b71c2
SHA512 443d48f28ecad72d6146c7520c3d2f088f631999c037d4b69b8c190751ee493bc13fb22992dbb63bddfdf9af6744beac14c12802fd7dcdc6fba7b6b36cee1500

C:\Users\Admin\AppData\Local\Temp\.CR.9962\220c3cc3-59af-4c8f-99bb-564c6774bcb3\avira_system_speedup.exe

MD5 607875e5abf25c91fde4881a72122f52
SHA1 bb8ea4fba8fc142d0357c3249f4c2b7c737ef194
SHA256 02d51295990c48d4418362cb3e9cac190804ad39d76faadd23f6f476f53a8777
SHA512 44c7a58d3a6f00dbe811741a964c662d9c9e12520bf5b15267e13b80d5854aca7be45f4ac844f2318148cf8fb11aeafeac613ed2f6e652365658389bc3faab27

C:\Users\Admin\AppData\Local\Temp\.CR.9962\ebe92eea-0f37-4ec1-b583-8bf306bab224\VpnInstaller.exe

MD5 9b41201bb6d9b439103b7a2fb1d41038
SHA1 e5c7f61421be5c5b0115c1be03ef1bbe8570c832
SHA256 f6d4a140924af35dfbc63729736310737c6356052094b19fddcb6e88d7e210ed
SHA512 b06fcbac44b679dace89ad633269f02117aeef19a9fb1d481d19f8d5246c8dfd305eaf228994dce10c9f3c3151bd4aacf82c44e541ba7446b23f48f0e23c3eb5

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 24e62a7c8d7f60336e60c003af843a87
SHA1 9576d1924d37113c301cadfd36481586cdef870c
SHA256 43f7de9fae6b79a844d7da6056ac82beadf028a347e227c2bc33d503f7eb402c
SHA512 34f33015d3e7cabdea2ef39f7f149aaf39caa534b188a34021e577d68bbc48d1d99b7b13a1303d4ebaf5c29fda0bb573f3a6cb171aa2db67cc4b25292eac4a36

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 f97be18ef8c4fd66e74d44073ff2f7b9
SHA1 8c802c129e0511febde78bddc37baf45fea35c0a
SHA256 bb2c8cb2d53c2dd3800b06d2044df02f41e461a94c04f6cee37491c81ba22b12
SHA512 3bc2868933b1f71c8b6a53100f4487da18337d7a016424283c65562410ffbaf9658b15a19fcbb65d259d20e5f05ace2ebd1c45c21103b5d57cf9eb44a95bfb49

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 989b7798f2fcf5daab163f1a2684b21c
SHA1 a44b2076b2ec75897985e3056f372656eb06deb3
SHA256 caf079abb0a45f8df8a5035946a4223e5c5d421bf7378e92fc507e2ac2bad3f4
SHA512 1b58d58bc55432ca09415fc6a4948ef1cf18a3460a2fdbc7d44779168e4689156b21a7c55d52f430bbf4f23ab147f77935ab8d0053c0af8e66bd6a0dc641a88b

memory/6720-1884-0x0000000073CD0000-0x0000000073EF3000-memory.dmp

memory/6720-1883-0x0000000000B60000-0x0000000000B95000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Installer\setup.exe

MD5 1cd79627301bfdeb1d3fba51cad868a6
SHA1 2b71bae909047dd0374425e9df941ef93fb696dc
SHA256 74ab283991de81543bff5786ad8bebd41c243bc00beda305da00c55a60ac2093
SHA512 839860435573bddfcbb950e2986333dd43ab5df5b2a0032fb18cd25c736e94d998b5ea1fc1e1b0c1d02a28b9615653becc4b535434bfd8a7a02f5995acf1808f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 89528fcd28f8cc01c7fadd679f7d42b8
SHA1 34af2c48b5105cc5c294f9f22069253626d5f629
SHA256 6f5ac25f4eb5b09c08dc127a9bd3db009230f2d06e1041e82ecbd4a0a5fdd089
SHA512 a9aaaf1b3333accb95330e6053bdb78f15c25c4d4b2774b29ad300a08779118d63cd14c9ddd939d36073ef921f9cf3f39d3ad68fc68a509db9e64ef66dc0e78a

memory/6720-1945-0x0000000073CD0000-0x0000000073EF3000-memory.dmp

memory/6720-1951-0x0000000000B60000-0x0000000000B95000-memory.dmp

memory/6016-1953-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.dll

MD5 60b1c6dd9d78098f3e86cfa78742adc2
SHA1 77dde13a95ce9fdbad08d125680d09c4a8adfcea
SHA256 e508c2326b9f95ab56268599f35e20129993faf7b410c693a4dc3720b630d042
SHA512 4471dd83d920d9254495c014228f512ad53eb32eba0186375e24859ed98e66f3dcd80e862095f5a1a12330b0880b7bfef64badeb84f4769bc924f2b742a0f109

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\SharpShell.dll

MD5 cd36d4e1db5b30ddbd4a0ca89844c255
SHA1 18d821c1b38560300708133e95b942a5bdf10ba4
SHA256 d0c1025a629ba0c95a061c0c478b5f55d101498e49c54640c971388d291ed00d
SHA512 8423be23e6d8ececc4d2cab2d220806827f049efc8277021feda0dd66aecdf16d6b777affb65ef1846e3d43795cf9ce7d0859f4b17ccbc88864e2ca608a35e3e

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\System.Threading.Tasks.Extensions.dll

MD5 1425fad91e6290bb7c7339307f9fef26
SHA1 3e180e7d3300d3001f0320ccb98ebe5165e57806
SHA256 3578dc076c8b8526d0d2d98f0415d080732e1cb26811c38ab4d127e6f06da9db
SHA512 b128163d2e1e3dbcd07d1ac69afd1b04c728a8bc0889d4aa3939c8034652e110a21795ca9bad474a9989ea0f31835b5cb87fee19490db880b3873242280db379

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\System.Runtime.CompilerServices.Unsafe.dll

MD5 d5f46177b22c1f1766195162b8305614
SHA1 3d448a5280220f680345511a55664d2ee7f9b909
SHA256 7b02bc8be0b9258a0d959e2db6a21150833b3d7c2fa34e1821308cd198d18498
SHA512 a14b4988967f513b806668b45be5d28f3880a5fb7c960a2dcae9e43c4b8d5fbd326edfce720e890be56ab2f4fdc7861217bef635f6667e598094e2e463313cf3

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\de-DE\Antivirus.ContextMenu.resources.dll

MD5 88a29d0448cbe23a630fd349b683cab9
SHA1 83bac7391f4fb4717f327be7d9515d03e6b04e94
SHA256 c5fb68bae78e2ed9d651d98cac00d8fd0e3c1c9f7def78a0641c4b1a5b3f3e49
SHA512 57d8e83f9834cfad3d320fd22ace3dbfb79dd014b6e1761da9c409eb2cb743015136a91a9e674e12766e9a82041e525036596606b284054bb96567b55daeb4fb

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\en-US\Antivirus.ContextMenu.resources.dll

MD5 c305459285a9c6a09a4497c83fd1487d
SHA1 23a9eb56e39cc66a06e5b5d1b38cf4317df89d9b
SHA256 97a8c67884afb5972bf7cc5a9229da852385c29ea08f2c75aeeab29b2ee8bb4a
SHA512 154db38dd1e972b5d8e845a2331e43de78727b5be80b1bc8ff4195812d9afa9c7a9bd851d97b6ee66d35ba097a936e61316f41deeeb932d7b5732c63948078ca

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\es-ES\Antivirus.ContextMenu.resources.dll

MD5 0e42dc8532ee833fb616ee1b9961d34d
SHA1 13686b0a7c6a5184b6ad09f66d3076e7fbfdeb36
SHA256 8aa9a4edb886e10611196bd7264f16bbe7c0b84531de0125e3b70e97e28385e4
SHA512 0e8c182745d4b03e7fcd4925963e74c7b3efc7adbefad17931fb205f4050ad07efef9aed0c263b4e7fb54c713d196475a70e2c18dc2c126881e7668efcf352e3

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\fr-FR\Antivirus.ContextMenu.resources.dll

MD5 052599539bb9de0cfb6a1876877435ce
SHA1 d7bebabb22aec6ecc5f675ae4aa46b47b05a423b
SHA256 80c58b30fd0589d7062b5a02b19508f93060a63e9d3382b79564cc7371f311ed
SHA512 267069eb2fd371da7216dbf6c334bf9f4a38bf56abbad8ed0438c35c5557aab8921a5364ac4888026fe2741082c37a6f32b57936583baed3b3ee90e9c50c1a9c

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\it-IT\Antivirus.ContextMenu.resources.dll

MD5 cb7e93ac04a7a1278600dbc1a93fd925
SHA1 67e3c247dc7748ca6b0fc36dc30c7d3b21c5bb9f
SHA256 b9e13d7dc715d893844aaf40162fa8bf741fc361d00998f85f987e0468a52071
SHA512 5ad065c7fa3b87c90b21c94ffa1d14863d05832cffccacc11ecd716a71a24813ec815b5762751608985e201b0a3f3296a42efe752af30494475c0071a656f2e5

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-TW\Antivirus.ContextMenu.resources.dll

MD5 289f9ea72057cf5ace27cc997e0f76fa
SHA1 f40d898b64c21bd21c74001a81f719da347825ee
SHA256 263b870057c1aee98d5bfc5186a2fc928dcdd8f15becc21f7a2170ab46f4d368
SHA512 a27c5262311093adc1f8a5091e4cfe971a2b522b78711aff72c72295ed57bc81bdd099d878840c4fabac166a6cdae6cfcb50b4b1be43b207c6876af01603f302

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-CN\Antivirus.ContextMenu.resources.dll

MD5 02a9c1a1c562f3eb1723cc1b71914777
SHA1 386c14c309388d48267953e851529d6c146f1ce7
SHA256 3f1c1fc8bc46ad3f6ac022da5481f6647c7343bdbe2638886802b543a0eae8e6
SHA512 30eb638e6767ae182f446c083f6edb82614d5d44340ef087801a29a33ace7e0b711aea5aa6641443cda2e825a8f2dccb6ed028f3093c1e465f154fbef9e15bd3

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\tr-TR\Antivirus.ContextMenu.resources.dll

MD5 5de382d2cf23a804eacfd4cce737114c
SHA1 beb7c79f76c4d51a780907d4ed1824a0ae39510f
SHA256 948074eb64a8f97e65caedbc9bf0854d853e315599c9234fb12cb866020a4afe
SHA512 a153fa6f47b55dbd546adce617d42b87d24e9688067eaef8e102a38f8601a869b547d43f0c8ce2b44f4ff48dcdce42d6c95a1b5545017fd8a23e231f01c489b7

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ru-RU\Antivirus.ContextMenu.resources.dll

MD5 92df52a07343914fa105e70d46acf440
SHA1 a3cf0be9cc4942184c7e6e7cc5db8aea7f5e6569
SHA256 5f06dec91bca83f9966de80298e23d8aa2d8919c1085f8ca88a4ffdcbfbebc7e
SHA512 f3cce2c9e250cc0b4dd93de6c0170ede17c35e87fbedf9a94fd6a34a124fa7916eefd7960050b750fa361d19881541fa655a539d7290f602fec9add3a648a80c

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\pt-BR\Antivirus.ContextMenu.resources.dll

MD5 9ff1639dd991a40679280f467ce897d6
SHA1 f963300b469e579dc02f7a7d1a586e27f4632467
SHA256 23df9024c8b0ad2edf7246dd2e7cc72cf9c58114b9c33999461ac88be3f0160c
SHA512 7c3db226b808244089eb1209fff6a2fa95e50e896db885b2d98d4f7c938d27237de3448139770b2be4b9cc96558cd83dd301596a10f7308a7f309a71283ed203

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\nl-NL\Antivirus.ContextMenu.resources.dll

MD5 a26310954c9c73b79c657b516a466ec6
SHA1 c29de38b0f692a3a4f4bbf951987c1a24544bb6a
SHA256 b8305171ec072df6edecbc35b5b1b0b55a534b92cff9b3cc16756484f96ff98c
SHA512 adab23f63f7e9d19e3b8821c9da01bc5571c4dc316eb01d540405b6b94f7ae113f94acec95d218b6519515469d3dd416417f84d663fd15c5450e1a0c9b143022

C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ja-JP\Antivirus.ContextMenu.resources.dll

MD5 3a4f265eeab0af11c8b08c04b58c3c10
SHA1 a8334f335764c95c760020d07fa4e971123f1712
SHA256 e8a4f34492e48ee755bb1f02be1b10dd32577e96fe6c13c0e67f95d68992efb6
SHA512 56df79017c78fc32fff10a7827318833f786e38a0c3cd3f6cede01fe3f95676e09487f3af3c40b3bf1fb5252abd283185b126f3c0acb2d115dceaade7c0995c5

C:\Program Files (x86)\Avira\Security\Service.Plugin.Antivirus.Legacy.dll

MD5 196882f3130579e2e19861f8d4c0c521
SHA1 9e39f0d63b9f616ba6be271787a33f67c238a12a
SHA256 4b4746a7d5dfd11baeddfa12bd23a04e5d114d70d8ff7d601ec454d6070e1095
SHA512 29cb3b57272476e2563b0ac0036ace338b423c8f25128684c4105f422a52b78687680e9113fbd4c60f340f86cf70b5e09964eb096866bbbcc84e303c91c83599

C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe

MD5 f5a09970b7f450e841001917362090ab
SHA1 c4d4fb79eee8ed356ea2db28d1e85c43447d840c
SHA256 d915a47215324e62752c7d1e7e8d375d39edc2bcf87fc005c1d9f4289a5476ef
SHA512 ad42de7bffcfee65e9afe62224f04cee35909ce7291bd1be4af729517f6d258eb12163f2344503c9c86fe182b7ee19df0d07dc7e1369ed8feb3d5398b514b2b7

memory/2976-2662-0x0000000000400000-0x000000000072A000-memory.dmp

memory/6016-2663-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/6264-2666-0x0000000007120000-0x000000000713A000-memory.dmp

memory/6264-2667-0x00000000074E0000-0x0000000007536000-memory.dmp

memory/4320-2673-0x0000000000B30000-0x0000000000B5E000-memory.dmp

memory/4036-2677-0x0000000000400000-0x00000000004ED000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira.Optimizer.Common.Native.Library.dll

MD5 b102cdd8d737a4bbdb6f661361277813
SHA1 a66c7d08024945dd18f8eede13781e24289595c3
SHA256 1ffbe30a177463c76d6b48d92a0f4c87144d01d7a159463012e1377c36f69280
SHA512 adbb0e90ca2e29aaaac7968b9af4984ffc012b7eb79f8d11cb3e1f4510c8a7240acbe75febc651eb489402cac2d037223870e46482bb45cf409242cc3e6daa46

memory/540-2684-0x0000000004160000-0x0000000004606000-memory.dmp

memory/540-2691-0x00000000068D0000-0x00000000069F2000-memory.dmp

C:\Program Files (x86)\Avira\System Speedup\is-FE9FQ.tmp

MD5 8df37e56713cdbffc8527c23aad51361
SHA1 b52cf7960164f551ced4efa22e49b23e36660e47
SHA256 d7150836a4e2e0e113e2650da50c5e4529c5dbaa96b6ffa89bc1b382635f4606
SHA512 47989103af5b0303e201c404dbde54cd717fe43a3c8c5007512dc43ef84da197c54adb13409bedca3901081daaa409b2f6d68ca1a34a865a276b51ab46938063

memory/64-2966-0x0000000000A60000-0x0000000000A72000-memory.dmp

memory/64-2976-0x00000000053E0000-0x0000000005408000-memory.dmp

memory/64-2977-0x0000000005490000-0x0000000005504000-memory.dmp

memory/64-2978-0x0000000005660000-0x00000000056AA000-memory.dmp

memory/4204-2980-0x0000018E77B70000-0x0000018E77B80000-memory.dmp

memory/4204-2981-0x0000018E79780000-0x0000018E797A8000-memory.dmp

memory/4204-2982-0x0000018E7A030000-0x0000018E7A0A4000-memory.dmp

memory/4204-2983-0x0000018E797B0000-0x0000018E797FA000-memory.dmp

C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe

MD5 4fc82b452c82854f84f9a3e34bbda7cd
SHA1 e2ae93656203b5e0f80c0e35bcccfa689e573e91
SHA256 473198b9ae35dfe3e62b299136d00f2095a51f9c9114e5e9b4a660168ddd9150
SHA512 11895b785b74c8cd7b9c656042d1a800b8d519cee21287c3d8d8a6071923128eb2db8d9b0a34ec14147d1ab4a963686d252afa4e58ddfaf25acc1ff412c1bdcf

memory/5808-2993-0x00000000000A0000-0x00000000000F4000-memory.dmp

memory/5808-2994-0x0000000004B10000-0x0000000004B24000-memory.dmp

C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe

MD5 cec6cbe43b2175d53063c84ff2209862
SHA1 9922c769f157bcad6af2222f800d11a2a1995e2b
SHA256 6e5cd435b5e99f9c626f0cb3e2b3dbeba867daea8af2df0e229250c05583518f
SHA512 bc73329771bd0b0e2f737d49dfc8d5b3385a0a044c9305c653e6660cbb60810b256f1c6593588fac8781b6ec4ad17a19405c9ce4cbe66eed5b9a575ffd34c597

memory/5808-2995-0x0000000004BF0000-0x0000000004C4E000-memory.dmp

memory/1480-3004-0x0000000000E80000-0x0000000000EDA000-memory.dmp

C:\Users\Admin\Desktop\desktop.ini

MD5 9e36cc3537ee9ee1e3b10fa4e761045b
SHA1 7726f55012e1e26cc762c9982e7c6c54ca7bb303
SHA256 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
SHA512 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

C:\Users\Admin\AppData\Local\Temp\is-IL9T7.tmp\Avira_Optimizer_Host.exe

MD5 4836e869155973d6994b6086ced71f1a
SHA1 2f36c3e925667501475fa00ca3879822ae5ebed1
SHA256 310665f71a31a563c9a94d1ca0d2229d3affe1fd2c1537e104fd62e23d7c2be1
SHA512 abf3c7e4e0f45ab6fdd29b365c3e1346e4adea4148e162ff455ffacb9c68a72090701348cda733d249b0eb45097d1fd2b3fc6cb61dc1fcfb3a8ff994b50b3728

memory/1976-3021-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/1480-3026-0x0000000005C00000-0x0000000005C2E000-memory.dmp

memory/1480-3025-0x0000000005BD0000-0x0000000005BF2000-memory.dmp

memory/1480-3030-0x0000000005D70000-0x0000000005E0A000-memory.dmp

memory/1480-3029-0x0000000005CA0000-0x0000000005CCA000-memory.dmp

memory/1480-3032-0x0000000005C90000-0x0000000005C9A000-memory.dmp

memory/1480-3033-0x0000000005CE0000-0x0000000005CEE000-memory.dmp

memory/1480-3034-0x0000000005D10000-0x0000000005D1E000-memory.dmp

memory/1480-3036-0x0000000005EE0000-0x0000000005F42000-memory.dmp

memory/1480-3035-0x0000000005D30000-0x0000000005D3C000-memory.dmp

memory/1480-3037-0x0000000005E80000-0x0000000005ECC000-memory.dmp

memory/1480-3028-0x0000000005C30000-0x0000000005C38000-memory.dmp

memory/1480-3027-0x0000000005C50000-0x0000000005C68000-memory.dmp

memory/1480-3042-0x00000000066A0000-0x00000000066C1000-memory.dmp

memory/1480-3041-0x0000000007430000-0x000000000746C000-memory.dmp

memory/1480-3043-0x0000000007850000-0x000000000785C000-memory.dmp

memory/1480-3050-0x00000000078A0000-0x00000000078A8000-memory.dmp

memory/1480-3049-0x0000000007A10000-0x0000000007A46000-memory.dmp

memory/1480-3051-0x0000000007B00000-0x0000000007BAA000-memory.dmp

memory/1480-3048-0x0000000007920000-0x0000000007932000-memory.dmp

memory/1480-3047-0x00000000079A0000-0x00000000079CA000-memory.dmp

memory/1480-3046-0x0000000007940000-0x0000000007998000-memory.dmp

memory/1480-3045-0x0000000007860000-0x000000000786A000-memory.dmp

memory/6752-3060-0x0000000000400000-0x00000000006E1000-memory.dmp

memory/4320-3063-0x0000000000400000-0x000000000071B000-memory.dmp

memory/1976-3064-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 42ef75e285531b04bd272a44a9d1f05c
SHA1 59a80fcab05b954616d908af9b02a1abdc63db26
SHA256 5452bf34bc4618407e6955e090690e288198db1fb788544dde1137da2574891d
SHA512 6f19daab8060ddae29962852145158c4033fdb3ee148dde673e49e6c0d007623919ced9500e9c0beddfe569e400fb7a490ec8f4cbb54605ed227d75f0b3057f6

memory/540-3092-0x0000000000400000-0x0000000000728000-memory.dmp

memory/540-3093-0x0000000004160000-0x0000000004606000-memory.dmp

memory/540-3094-0x00000000068D0000-0x00000000069F2000-memory.dmp

memory/4036-3091-0x0000000000400000-0x00000000004ED000-memory.dmp

memory/4964-3104-0x0000000000400000-0x00000000006E1000-memory.dmp

memory/4648-3112-0x00000000070C0000-0x0000000007566000-memory.dmp

memory/4648-3117-0x00000000070C0000-0x0000000007566000-memory.dmp

memory/5708-3124-0x0000000001090000-0x00000000010A0000-memory.dmp

memory/5708-3123-0x0000000000970000-0x00000000009AC000-memory.dmp

memory/5708-3125-0x00000000056D0000-0x000000000578C000-memory.dmp

memory/5708-3126-0x0000000005900000-0x0000000005A68000-memory.dmp

memory/5708-3127-0x0000000005390000-0x00000000053AA000-memory.dmp

memory/5708-3128-0x0000000005790000-0x0000000005804000-memory.dmp

memory/5708-3129-0x0000000005610000-0x0000000005638000-memory.dmp

memory/5708-3130-0x00000000053E0000-0x00000000053F6000-memory.dmp

memory/5708-3131-0x00000000053D0000-0x00000000053E0000-memory.dmp

memory/5708-3132-0x0000000005640000-0x000000000564E000-memory.dmp

memory/5708-3133-0x0000000005810000-0x0000000005846000-memory.dmp

memory/5708-3135-0x0000000005B70000-0x0000000005C06000-memory.dmp

memory/5708-3134-0x0000000005690000-0x000000000569E000-memory.dmp

memory/5708-3136-0x0000000005870000-0x000000000587A000-memory.dmp

C:\ProgramData\Avira\Security\Logs\Elevated\Sentry\Avira.Spotlight.UI.Application\Sentry\104358A6DC134E47715BA87A769BBF11E2563EAB\1714844554_-11__6044116.envelope

MD5 cb73f4d33a74c6b41fb3ef8d7e7459e3
SHA1 c5e07d1d0c5ba61c7ac355596f263a8c5661e3ad
SHA256 9a635c6cccf7974a7244b1c7b2b927d2d6b7c6ef298cc2e95d6290ecadc3bae7
SHA512 6f4b2ea961b60833064750b0fd071062ef2575ac606476e2acbf867d4e296216e7dd36171e3d3f0feccfead7d3b1791284f7fc3fbac12463795be90dc6066393

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cdc26d82d8c524a8203fabc469cd26d6
SHA1 67e971797f2c36fd728bd4a666a36afa2e37094d
SHA256 be89862373527a18bb42e3c7c40b72f7a57f29f34a57338b36865af7e15f2b94
SHA512 833305c1eb13623d7d0233ed69853ed24708caa9906b790e20325ec9434a33efe3b26bf24c44330d1e918c0fc86a729d8482a4c70f76429c726da2e280adb0d9

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

MD5 3f208f4e0dacb8661d7659d2a030f36e
SHA1 07fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256 d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA512 6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

MD5 c31297188ec9fbaa60449f769339963e
SHA1 8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256 2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512 9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a