Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1047s -
max time network
1006s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
06/08/2024, 05:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://rule34.xxx
Resource
win11-20240802-en
General
-
Target
http://rule34.xxx
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Creates new service(s) 2 TTPs
-
Downloads MZ/PE file
-
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AviraOptimizerHost\ImagePath = "\"C:\\Program Files (x86)\\Avira\\Optimizer Host\\Avira.OptimizerHost.exe\"" Avira.OptimizerHost.exe -
Drops startup file 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDADA.tmp WannaCry.EXE File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDAF1.tmp WannaCry.EXE -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 64 IoCs
pid Process 3104 avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe 1756 Avira.Spotlight.Bootstrapper.exe 3588 ACSSignedIC.exe 5692 avira_spotlight_setup_bngb.exe 4432 avira_spotlight_setup_bngb.tmp 6672 avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe 6692 Avira.Spotlight.Bootstrapper.exe 6788 ACSSignedIC.exe 6980 Avira.Spotlight.Bootstrapper.ReportingTool.exe 7080 avira_system_speedup.exe 7120 avira_system_speedup.tmp 7620 Avira.SystemSpeedup.Core.Common.Starter.exe 7908 Avira.SystemSpeedup.Maintenance.exe 6836 Avira.SystemSpeedup.Maintenance.exe 6252 Avira_Optimizer_Host.exe 5920 Avira_Optimizer_Host.tmp 6020 Avira.OptimizerHost.exe 6136 Avira.OptimizerHost.exe 6576 WannaCry.EXE 6964 taskdl.exe 7636 @[email protected] 7292 @[email protected] 7808 taskhsvc.exe 2672 taskdl.exe 3372 taskse.exe 1404 @[email protected] 5996 taskdl.exe 5868 taskse.exe 5688 @[email protected] 6604 taskse.exe 6172 @[email protected] 4432 taskdl.exe 7448 taskse.exe 7188 @[email protected] 7400 taskdl.exe 7784 taskse.exe 8024 @[email protected] 712 taskdl.exe 7144 @[email protected] 5364 taskse.exe 3760 @[email protected] 5472 taskdl.exe 5336 taskse.exe 7604 @[email protected] 7188 taskdl.exe 7104 taskse.exe 7916 @[email protected] 7888 taskdl.exe 4244 taskse.exe 2696 @[email protected] 5356 taskdl.exe 7476 taskse.exe 5488 @[email protected] 5556 taskdl.exe 5792 taskse.exe 2952 @[email protected] 1496 taskdl.exe 2124 taskse.exe 544 @[email protected] 4488 taskdl.exe 5096 taskse.exe 3704 @[email protected] 4476 taskdl.exe 3156 taskse.exe -
Loads dropped DLL 64 IoCs
pid Process 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe 6692 Avira.Spotlight.Bootstrapper.exe -
Modifies file permissions 1 TTPs 1 IoCs
pid Process 6840 icacls.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tcofzwqenj709 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" reg.exe -
Checks for any installed AV software in registry 1 TTPs 64 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\BootOptimizer\StartDelay Avira.SystemSpeedup.Maintenance.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Launcher Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "22" Avira.Spotlight.Bootstrapper.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\MyA Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Value Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\AutomaticErrorReporting Avira.SystemSpeedup.Maintenance.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedSoftwareUpdater = "true" avira_spotlight_setup_bngb.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\CascadingIpms = "false" avira_spotlight_setup_bngb.tmp Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\OptimizerHost\LogLevel Avira.OptimizerHost.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\OptimizerHost Avira.OptimizerHost.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Product Avira.SystemSpeedup.Maintenance.exe Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\MyA Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\LogToFile Avira.SystemSpeedup.Maintenance.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings avira_spotlight_setup_bngb.tmp Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security avira_spotlight_setup_bngb.tmp Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features avira_spotlight_setup_bngb.tmp Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Speedup\Plugins avira_system_speedup.tmp Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\RTO avira_system_speedup.tmp Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Number Avira.SystemSpeedup.Maintenance.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Launcher Avira.Spotlight.Bootstrapper.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Detect_HDD0_SSD1 Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Name Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\DebugOutput Avira.SystemSpeedup.Maintenance.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security\Features Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "69" Avira.Spotlight.Bootstrapper.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\UserInterface\SilentMode = "1" avira_system_speedup.tmp Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Benchmark Avira.OptimizerHost.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\OptimizerHost\Clients = 41007600690072006100530079007300740065006d00530070006500650064007500700000000000 avira_system_speedup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\Features\IntegratedOpswatSdk = "true" Avira.Spotlight.Bootstrapper.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\Bundle = "sptl1" avira_system_speedup.tmp Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Date Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Name Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\AutomaticRestart Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Last Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\TooltipShowDelay Avira.SystemSpeedup.Maintenance.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "24" Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "43" Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "66" Avira.Spotlight.Bootstrapper.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\OptimizerHost\ParallelTaskExecution Avira.OptimizerHost.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\OptimizerHost avira_system_speedup.tmp Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Number Avira.SystemSpeedup.Maintenance.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Speedup\BootOptimizer Avira.SystemSpeedup.Maintenance.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\GeneralSettings avira_spotlight_setup_bngb.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "54" Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "63" Avira.Spotlight.Bootstrapper.exe Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\General\ Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Version Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Adress Avira.SystemSpeedup.Maintenance.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "65" Avira.Spotlight.Bootstrapper.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\SpotlightMode = "1" avira_system_speedup.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\UILanguage = "en-us" avira_system_speedup.tmp Key created \REGISTRY\MACHINE\Software\WOW6432Node\Avira\Speedup\BootOptimizer avira_system_speedup.tmp Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\OptimizerHost Avira_Optimizer_Host.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "76" Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Value Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\DownloadSource Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\LicenseType = "std" avira_system_speedup.tmp Set value (data) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\MyA\Name Avira.SystemSpeedup.Maintenance.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup\General\UILanguage Avira.SystemSpeedup.Maintenance.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\InstallProgress = "10" Avira.Spotlight.Bootstrapper.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Desktop\desktop.ini Avira.SystemSpeedup.Core.Common.Starter.exe -
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: Avira.SystemSpeedup.Maintenance.exe -
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 54 camo.githubusercontent.com 62 raw.githubusercontent.com 2 camo.githubusercontent.com 17 raw.githubusercontent.com -
Drops file in System32 directory 10 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_3A926AE3653F6808623E655D67F31779 Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft Avira.OptimizerHost.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData Avira.OptimizerHost.exe -
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" @[email protected] Set value (str) \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" WannaCry.EXE -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Avira\Security\is-393P0.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-ICV3G.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Update\ja-JP\is-4H51M.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\zh-TW\is-8F5SN.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\is-QOK71.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\sdf\is-A6M4I.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\sdf\is-RG504.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-FPGG8.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\fr-FR\is-O678L.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-VQKLG.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-UCIV9.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\fr-FR\is-MD6L0.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-L2QDM.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-QP8RH.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-8LL0Q.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-EHHU4.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-FUIAG.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\is-LFV6D.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-NI4J5.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ru-RU\is-TD8N2.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-VPON4.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\ja-JP\is-OG3VG.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\is-EPSBC.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-HTPHA.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-JL0MI.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-R8DP9.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-BHLS6.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-F4J22.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\sdf\is-ILDGV.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\is-ILFAN.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-C1MEF.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-5IIJR.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-QNN5B.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\fr-FR\is-I26D3.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Update\en-US\is-NPJ92.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-RVQK4.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\is-RT865.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-SQ0QT.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-BDTJA.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\zh-TW\is-SDVJO.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-32VMH.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-0FODQ.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-UG6CL.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-Q9MV0.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\unins000.dat avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\nl-NL\is-AM83T.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\en-US\is-NL49H.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\unins000.dat avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Gifs\Antivirus\is-MK89V.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\is-NSERJ.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-5PVB9.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-761OL.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-FFU6K.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\is-PDESB.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\System Speedup\is-375U8.tmp avira_system_speedup.tmp File created C:\Program Files (x86)\Avira\Security\is-PF9B4.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-TM9Q0.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Html\is-I9QCI.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\Swu\is-HFFVS.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-OHI7K.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-4BLMV.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-AQ9L4.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-S1E24.tmp avira_spotlight_setup_bngb.tmp File created C:\Program Files (x86)\Avira\Security\is-QA0KV.tmp avira_spotlight_setup_bngb.tmp -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Fonts\is-KCKJI.tmp avira_system_speedup.tmp -
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 7372 sc.exe 6392 sc.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language schtasks.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language schtasks.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Avira_Optimizer_Host.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avira_system_speedup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avira_spotlight_setup_bngb.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language schtasks.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avira_system_speedup.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WMIC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language schtasks.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Avira.Spotlight.Bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language icacls.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ACSSignedIC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] -
NSIS installer 2 IoCs
resource yara_rule behavioral1/files/0x000200000002ae4f-3296.dat nsis_installer_1 behavioral1/files/0x000200000002ae4f-3296.dat nsis_installer_2 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 43 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs Avira.OptimizerHost.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols = "10368" avira_system_speedup.tmp Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings avira_system_speedup.tmp Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople Avira.OptimizerHost.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates Avira.OptimizerHost.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\ProgId RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\Implemented Categories RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\BootstrapperInstallationStartDate = "2024-08-06T05:42:57.1548812Z" Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\Class = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.Security\shell\open\command\ = "\"C:\\Program Files (x86)\\Avira\\Security\\Avira.Spotlight.UI.Application.exe\" %1" avira_spotlight_setup_bngb.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\ProgId\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32 RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\ProgId RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\ProgId\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\Action = "Install" Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\ = "mscoree.dll" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\ = "mscoree.dll" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32 RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\launcherVersion = "1.3.0.0" Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu\CLSID RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\SystemSpeedupFilesMenu RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32 RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.Security\shell\open avira_spotlight_setup_bngb.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu\CLSID RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\ThreadingModel = "Both" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFoldersMenu\CLSID\ = "{700866BB-C8E9-3E71-B359-ABB28BAED0E8}" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\1.0.0.0 RegAsm.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe\NoStartPage = "0" avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE} RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\ProgId\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\ProgId RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\RuntimeVersion = "v4.0.30319" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SystemSpeedupFilesMenu\ = "{14cb2bd0-2375-3d10-9b5d-5e18865c8959}" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\ThreadingModel = "Both" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupDesktopMenu" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0\Assembly = "Avira.SystemSpeedup.UI.ShellExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.Security\DefaultIcon\ = "Avira.Spotlight.UI.Application.exe,1" avira_spotlight_setup_bngb.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0 RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.Security\shell avira_spotlight_setup_bngb.tmp Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu\CLSID\ = "{14CB2BD0-2375-3D10-9B5D-5E18865C8959}" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\Implemented Categories RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{14CB2BD0-2375-3D10-9B5D-5E18865C8959}\InprocServer32\1.0.0.0\RuntimeVersion = "v4.0.30319" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu\ = "Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu" RegAsm.exe Key created \REGISTRY\MACHINE\Software\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} Avira.Spotlight.Bootstrapper.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\InprocServer32\RuntimeVersion = "v4.0.30319" RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.SystemSpeedup.UI.ShellExtension.SystemSpeedupContextMenu+SystemSpeedupFilesMenu\CLSID\ = "{14CB2BD0-2375-3D10-9B5D-5E18865C8959}" RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Avira.Security avira_spotlight_setup_bngb.tmp Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8} RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{700866BB-C8E9-3E71-B359-ABB28BAED0E8}\Implemented Categories RegAsm.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\InprocServer32\1.0.0.0 RegAsm.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\ExperimentId = "spotlightonboarding2" Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CAB5786-30E8-3185-9B3B-CCEFBF1B8AFE}\ProgId RegAsm.exe -
Modifies registry key 1 TTPs 1 IoCs
pid Process 5548 reg.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a00300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f2000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343120000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b68851868140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a03000000010000001400000002faf3e291435468607857694df5e45b688518680f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 14000000010000001400000055e481d11180bed889b908a331f9a1240916b970030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34310f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d820000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 19000000010000001000000091fad483f14848a8a69b18b805cdbb3a0f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343114000000010000001400000055e481d11180bed889b908a331f9a1240916b97020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 03000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e40f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd Avira.Spotlight.Bootstrapper.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c0000000100000004000000001000000400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd Avira.Spotlight.Bootstrapper.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e40f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e Avira.Spotlight.Bootstrapper.exe -
NTFS ADS 5 IoCs
description ioc Process File created C:\Users\Admin\AppData\Local\Temp\.CR.28845\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe\:SmartScreen:$DATA avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe File created C:\Users\Admin\AppData\Local\Temp\.CR.28845\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe\:Zone.Identifier:$DATA avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe File opened for modification C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 386760.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe:Zone.Identifier msedge.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 4152 schtasks.exe 3400 schtasks.exe 6500 schtasks.exe 6608 schtasks.exe 6560 schtasks.exe 6428 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2736 msedge.exe 2736 msedge.exe 4148 msedge.exe 4148 msedge.exe 4432 msedge.exe 4432 msedge.exe 4520 identity_helper.exe 4520 identity_helper.exe 236 msedge.exe 236 msedge.exe 3568 msedge.exe 3568 msedge.exe 712 msedge.exe 712 msedge.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp 4432 avira_spotlight_setup_bngb.tmp -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
pid Process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 1756 Avira.Spotlight.Bootstrapper.exe Token: SeDebugPrivilege 6692 Avira.Spotlight.Bootstrapper.exe Token: SeDebugPrivilege 6980 Avira.Spotlight.Bootstrapper.ReportingTool.exe Token: SeDebugPrivilege 5448 RegAsm.exe Token: SeDebugPrivilege 6848 RegAsm.exe Token: SeDebugPrivilege 7620 Avira.SystemSpeedup.Core.Common.Starter.exe Token: SeDebugPrivilege 7908 Avira.SystemSpeedup.Maintenance.exe Token: SeDebugPrivilege 6836 Avira.SystemSpeedup.Maintenance.exe Token: 33 6020 Avira.OptimizerHost.exe Token: SeIncBasePriorityPrivilege 6020 Avira.OptimizerHost.exe Token: 33 6136 Avira.OptimizerHost.exe Token: SeIncBasePriorityPrivilege 6136 Avira.OptimizerHost.exe Token: SeIncreaseQuotaPrivilege 8012 WMIC.exe Token: SeSecurityPrivilege 8012 WMIC.exe Token: SeTakeOwnershipPrivilege 8012 WMIC.exe Token: SeLoadDriverPrivilege 8012 WMIC.exe Token: SeSystemProfilePrivilege 8012 WMIC.exe Token: SeSystemtimePrivilege 8012 WMIC.exe Token: SeProfSingleProcessPrivilege 8012 WMIC.exe Token: SeIncBasePriorityPrivilege 8012 WMIC.exe Token: SeCreatePagefilePrivilege 8012 WMIC.exe Token: SeBackupPrivilege 8012 WMIC.exe Token: SeRestorePrivilege 8012 WMIC.exe Token: SeShutdownPrivilege 8012 WMIC.exe Token: SeDebugPrivilege 8012 WMIC.exe Token: SeSystemEnvironmentPrivilege 8012 WMIC.exe Token: SeRemoteShutdownPrivilege 8012 WMIC.exe Token: SeUndockPrivilege 8012 WMIC.exe Token: SeManageVolumePrivilege 8012 WMIC.exe Token: 33 8012 WMIC.exe Token: 34 8012 WMIC.exe Token: 35 8012 WMIC.exe Token: 36 8012 WMIC.exe Token: SeIncreaseQuotaPrivilege 8012 WMIC.exe Token: SeSecurityPrivilege 8012 WMIC.exe Token: SeTakeOwnershipPrivilege 8012 WMIC.exe Token: SeLoadDriverPrivilege 8012 WMIC.exe Token: SeSystemProfilePrivilege 8012 WMIC.exe Token: SeSystemtimePrivilege 8012 WMIC.exe Token: SeProfSingleProcessPrivilege 8012 WMIC.exe Token: SeIncBasePriorityPrivilege 8012 WMIC.exe Token: SeCreatePagefilePrivilege 8012 WMIC.exe Token: SeBackupPrivilege 8012 WMIC.exe Token: SeRestorePrivilege 8012 WMIC.exe Token: SeShutdownPrivilege 8012 WMIC.exe Token: SeDebugPrivilege 8012 WMIC.exe Token: SeSystemEnvironmentPrivilege 8012 WMIC.exe Token: SeRemoteShutdownPrivilege 8012 WMIC.exe Token: SeUndockPrivilege 8012 WMIC.exe Token: SeManageVolumePrivilege 8012 WMIC.exe Token: 33 8012 WMIC.exe Token: 34 8012 WMIC.exe Token: 35 8012 WMIC.exe Token: 36 8012 WMIC.exe Token: SeBackupPrivilege 8132 vssvc.exe Token: SeRestorePrivilege 8132 vssvc.exe Token: SeAuditPrivilege 8132 vssvc.exe Token: SeTcbPrivilege 3372 taskse.exe Token: SeTcbPrivilege 3372 taskse.exe Token: SeTcbPrivilege 5868 taskse.exe Token: SeTcbPrivilege 5868 taskse.exe Token: SeTcbPrivilege 6604 taskse.exe Token: SeTcbPrivilege 6604 taskse.exe Token: SeTcbPrivilege 7448 taskse.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 1756 Avira.Spotlight.Bootstrapper.exe 1756 Avira.Spotlight.Bootstrapper.exe 4432 avira_spotlight_setup_bngb.tmp 7120 avira_system_speedup.tmp 5920 Avira_Optimizer_Host.tmp 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of SetWindowsHookEx 46 IoCs
pid Process 3104 avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe 5692 avira_spotlight_setup_bngb.exe 4432 avira_spotlight_setup_bngb.tmp 6672 avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe 7080 avira_system_speedup.exe 7120 avira_system_speedup.tmp 5448 RegAsm.exe 6252 Avira_Optimizer_Host.exe 5920 Avira_Optimizer_Host.tmp 6020 Avira.OptimizerHost.exe 7636 @[email protected] 7636 @[email protected] 7292 @[email protected] 7292 @[email protected] 1404 @[email protected] 1404 @[email protected] 5688 @[email protected] 6172 @[email protected] 7188 @[email protected] 8024 @[email protected] 7144 @[email protected] 3760 @[email protected] 7604 @[email protected] 7916 @[email protected] 2696 @[email protected] 5488 @[email protected] 2952 @[email protected] 544 @[email protected] 3704 @[email protected] 340 @[email protected] 5128 @[email protected] 5580 @[email protected] 7388 @[email protected] 4484 @[email protected] 6888 @[email protected] 3304 @[email protected] 7876 @[email protected] 5732 @[email protected] 2964 @[email protected] 4800 @[email protected] 6328 @[email protected] 6220 @[email protected] 2340 @[email protected] 8076 @[email protected] 3472 @[email protected] 2044 @[email protected] -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4148 wrote to memory of 3424 4148 msedge.exe 81 PID 4148 wrote to memory of 3424 4148 msedge.exe 81 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 1328 4148 msedge.exe 83 PID 4148 wrote to memory of 2736 4148 msedge.exe 84 PID 4148 wrote to memory of 2736 4148 msedge.exe 84 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 PID 4148 wrote to memory of 2200 4148 msedge.exe 85 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
pid Process 2060 attrib.exe 7928 attrib.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rule34.xxx1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffba33cb8,0x7ffffba33cc8,0x7ffffba33cd82⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5312 /prefetch:82⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6876 /prefetch:82⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:12⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:12⤵PID:244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4744 /prefetch:82⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6912 /prefetch:82⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7052 /prefetch:82⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5840 /prefetch:82⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5020 /prefetch:82⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5040 /prefetch:82⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5940 /prefetch:82⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5772 /prefetch:82⤵PID:5788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4648 /prefetch:82⤵PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6768 /prefetch:82⤵PID:6460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6728 /prefetch:22⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:7788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:12⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵PID:7536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:12⤵PID:6588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,14860348941507489140,14026821804244877327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:7836
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:244
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1872
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004DC1⤵PID:1512
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4312
-
C:\Users\Admin\Downloads\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe"C:\Users\Admin\Downloads\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:3104 -
C:\Users\Admin\AppData\Local\Temp\.CR.15593\Avira.Spotlight.Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.15593\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- System Location Discovery: System Language Discovery
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1756 -
C:\Users\Admin\AppData\Local\Temp\.CR.15593\ACSSignedIC.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\ACSSignedIC.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3588
-
-
C:\Users\Admin\AppData\Local\Temp\.CR.15593\45b81f6c-3c11-411f-9bc2-8dfb64ee6981\avira_spotlight_setup_bngb.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\45b81f6c-3c11-411f-9bc2-8dfb64ee6981\avira_spotlight_setup_bngb.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240806054302166.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5692 -
C:\Users\Admin\AppData\Local\Temp\is-18DIR.tmp\avira_spotlight_setup_bngb.tmp"C:\Users\Admin\AppData\Local\Temp\is-18DIR.tmp\avira_spotlight_setup_bngb.tmp" /SL5="$40276,34278030,924672,C:\Users\Admin\AppData\Local\Temp\.CR.15593\45b81f6c-3c11-411f-9bc2-8dfb64ee6981\avira_spotlight_setup_bngb.exe" /LOG="C:\Users\Admin\AppData\Local\Temp\avira_spotlight_setup_20240806054302166.log" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP /LANGUAGE=en-us /SYSTRAYAUTOSTARTENABLED=true /WITHSERVICESTOPPED=true /SKIPSERVICEREGISTRATION=true /CERTIFICATESVERSION=V44⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4432 -
C:\Windows\SysWOW64\sc.exe"C:\Windows\system32\sc.exe" create AviraSecurityUpdater DisplayName= "Avira Security Updater" binPath= "\"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe\"" start= delayed-auto5⤵
- Launches sc.exe
PID:6392
-
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\system32\sc.exe" description AviraSecurityUpdater "Avira Security Updater"5⤵
- Launches sc.exe
PID:7372
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Update /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-AB4BA.tmp\UpdateFallbackTask.xml"5⤵
- Scheduled Task/Job: Scheduled Task
PID:6428
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Service_SCM_Watchdog /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-AB4BA.tmp\WatchdogServiceControlManagerTimeout.xml"5⤵
- Scheduled Task/Job: Scheduled Task
PID:6500
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Systray /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-AB4BA.tmp\SystrayAutostart.xml"5⤵
- Scheduled Task/Job: Scheduled Task
PID:6560
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Create /F /TN Avira_Security_Maintenance /XML "\\?\C:\Users\Admin\AppData\Local\Temp\is-AB4BA.tmp\MaintenanceTask.xml"5⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
PID:6608
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe" Action=RegisterFallbackUpdater AllowMultipleInstances=true UnpackInCurrentDirectory=true3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6672 -
C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\.CR.4994\Avira.Spotlight.Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\.CR.4994\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\.CR.4994\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira_en_sptl1_285772369-1722922947-1722922946-1__bngb.exe Action=RegisterFallbackUpdater AllowMultipleInstances=true4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Suspicious use of AdjustPrivilegeToken
PID:6692 -
C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\.CR.4994\ACSSignedIC.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\.CR.4994\ACSSignedIC.exe"5⤵
- Executes dropped EXE
PID:6788
-
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Delete /F /TN "Avira_Security_Installation"4⤵
- System Location Discovery: System Language Discovery
PID:6928
-
-
C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\.CR.4994\Avira.Spotlight.Bootstrapper.ReportingTool.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\4578868e-c3c4-482f-8882-d8669ef16ce3\.CR.4994\Avira.Spotlight.Bootstrapper.ReportingTool.exe" /TrackUnsentEvents4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6980
-
-
-
C:\Users\Admin\AppData\Local\Temp\.CR.15593\60ad3b48-c079-4990-be94-fd1ce19755cb\avira_system_speedup.exe"C:\Users\Admin\AppData\Local\Temp\.CR.15593\60ad3b48-c079-4990-be94-fd1ce19755cb\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240806054316854.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=bngb /Spotlight3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7080 -
C:\Users\Admin\AppData\Local\Temp\is-TJRLP.tmp\avira_system_speedup.tmp"C:\Users\Admin\AppData\Local\Temp\is-TJRLP.tmp\avira_system_speedup.tmp" /SL5="$60276,35699068,916992,C:\Users\Admin\AppData\Local\Temp\.CR.15593\60ad3b48-c079-4990-be94-fd1ce19755cb\avira_system_speedup.exe" /install /OTC= /EMAIL= /LOG="C:\Users\Admin\AppData\Local\Temp\avira_system_speedup_setup_20240806054316854.log" /VERYSILENT /SUPPRESSMSGBOXES /LANGUAGE=en-us /NOSTART /NORESTART /bundle=sptl1 /download=bngb /Spotlight4⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:7120 -
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Delete /F /TN AviraSystemSpeedupRemoval5⤵PID:7256
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo5⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5448
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.dll" /codebase /silent /nologo5⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:6848
-
-
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" -umh5⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:7620
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C copy "C:\Users\Admin\AppData\Local\Temp\.CR.15593\60ad3b48-c079-4990-be94-fd1ce19755cb\avira_system_speedup.exe" "C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe"5⤵
- System Location Discovery: System Language Discovery
PID:5908
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /F /RU System /SC WEEKLY /TN AviraSystemSpeedupVerify /TR "\"C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe\" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART" /RL HIGHEST5⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
PID:4152
-
-
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -validatelicense5⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Suspicious use of AdjustPrivilegeToken
PID:7908
-
-
C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe"C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe" -initbootoptimizer5⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:6836
-
-
C:\Users\Admin\AppData\Local\Temp\is-LV58Q.tmp\Avira_Optimizer_Host.exe"C:\Users\Admin\AppData\Local\Temp\is-LV58Q.tmp\Avira_Optimizer_Host.exe" /VERYSILENT5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6252 -
C:\Users\Admin\AppData\Local\Temp\is-RSTL7.tmp\Avira_Optimizer_Host.tmp"C:\Users\Admin\AppData\Local\Temp\is-RSTL7.tmp\Avira_Optimizer_Host.tmp" /SL5="$402D8,1552217,832512,C:\Users\Admin\AppData\Local\Temp\is-LV58Q.tmp\Avira_Optimizer_Host.exe" /VERYSILENT6⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5920 -
C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe" /Install /Silent7⤵
- Sets service image path in registry
- Executes dropped EXE
- Checks for any installed AV software in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6020
-
-
-
-
-
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Create /Xml "C:\Users\Admin\AppData\Local\Temp\.CR.19557\Avira_Security_Installation.xml" /F /TN "Avira_Security_Installation"2⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
PID:3400
-
-
C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"1⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6136
-
C:\Users\Admin\Desktop\WannaCry.EXE"C:\Users\Admin\Desktop\WannaCry.EXE"1⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
PID:6576 -
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- Views/modifies file attributes
PID:2060
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:6840
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6964
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 62661722923020.bat2⤵
- System Location Discovery: System Language Discovery
PID:7036
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE2⤵
- Views/modifies file attributes
PID:7928
-
-
C:\Users\Admin\Desktop\@[email protected]PID:7636
-
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe3⤵
- Executes dropped EXE
PID:7808
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b @[email protected] vs2⤵
- System Location Discovery: System Language Discovery
PID:7672 -
C:\Users\Admin\Desktop\@[email protected]PID:7292
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵PID:7936
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:8012
-
-
-
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2672
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3372
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://en.wikipedia.org/wiki/Bitcoin3⤵PID:4668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffffba33cb8,0x7ffffba33cc8,0x7ffffba33cd84⤵PID:5368
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin3⤵PID:8112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffffba33cb8,0x7ffffba33cc8,0x7ffffba33cd84⤵PID:8136
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tcofzwqenj709" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f2⤵
- System Location Discovery: System Language Discovery
PID:4036 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tcofzwqenj709" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f3⤵
- Adds Run key to start application
- Modifies registry key
PID:5548
-
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5996
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5868
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5688
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6604
-
-
C:\Users\Admin\Desktop\@[email protected]PID:6172
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4432
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:7448
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7188
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
PID:7400
-
-
C:\Users\Admin\Desktop\taskse.exePID:7784
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:8024
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:712
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5364
-
-
C:\Users\Admin\Desktop\@[email protected]PID:3760
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
PID:5472
-
-
C:\Users\Admin\Desktop\taskse.exePID:5336
-
-
C:\Users\Admin\Desktop\@[email protected]PID:7604
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7188
-
-
C:\Users\Admin\Desktop\taskse.exePID:7104
-
-
C:\Users\Admin\Desktop\@[email protected]PID:7916
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7888
-
-
C:\Users\Admin\Desktop\taskse.exePID:4244
-
-
C:\Users\Admin\Desktop\@[email protected]PID:2696
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5356
-
-
C:\Users\Admin\Desktop\taskse.exePID:7476
-
-
C:\Users\Admin\Desktop\@[email protected]PID:5488
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
PID:5556
-
-
C:\Users\Admin\Desktop\taskse.exePID:5792
-
-
C:\Users\Admin\Desktop\@[email protected]PID:2952
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
PID:1496
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2124
-
-
C:\Users\Admin\Desktop\@[email protected]PID:544
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4488
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5096
-
-
C:\Users\Admin\Desktop\@[email protected]PID:3704
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4476
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3156
-
-
C:\Users\Admin\Desktop\@[email protected]PID:340
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- System Location Discovery: System Language Discovery
PID:5016
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:5696
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5128
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:6656
-
-
C:\Users\Admin\Desktop\taskse.exePID:4296
-
-
C:\Users\Admin\Desktop\@[email protected]PID:5580
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:5608
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:7192
-
-
C:\Users\Admin\Desktop\@[email protected]PID:7388
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- System Location Discovery: System Language Discovery
PID:7592
-
-
C:\Users\Admin\Desktop\taskse.exePID:2504
-
-
C:\Users\Admin\Desktop\@[email protected]PID:4484
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:8064
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:1664
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6888
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:5404
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:5268
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3304
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:7312
-
-
C:\Users\Admin\Desktop\taskse.exePID:5260
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7876
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:7140
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:396
-
-
C:\Users\Admin\Desktop\@[email protected]PID:5732
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- System Location Discovery: System Language Discovery
PID:8052
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:6352
-
-
C:\Users\Admin\Desktop\@[email protected]PID:2964
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:952
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:7932
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4800
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:4592
-
-
C:\Users\Admin\Desktop\taskse.exePID:4004
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6328
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- System Location Discovery: System Language Discovery
PID:2832
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:908
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6220
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- System Location Discovery: System Language Discovery
PID:4168
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:5564
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2340
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- System Location Discovery: System Language Discovery
PID:900
-
-
C:\Users\Admin\Desktop\taskse.exePID:5128
-
-
C:\Users\Admin\Desktop\@[email protected]PID:8076
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:5820
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:8160
-
-
C:\Users\Admin\Desktop\@[email protected]PID:3472
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:4252
-
-
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
PID:7200
-
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2044
-
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵PID:7212
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:8132
-
C:\Users\Public\Desktop\@[email protected]"C:\Users\Public\Desktop\@[email protected]"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7144
Network
MITRE ATT&CK Enterprise v15
Execution
Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Windows Management Instrumentation
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
5Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
169KB
MD526709363dd11a087715312d7ae2ff84d
SHA19deb09f4b826c372f7840fb9b7bd6d257fa2a016
SHA2561b9574e97489ba581a62ddf0bd1d6d35fe171e012abb69c7d17cfc1378ffcf10
SHA5125aadb5db9b451cfc3b5ab699b3652ecf4cc542f5c5839c9b4eb8dc763254d82fa8bbee948b607b45c89bb1f096dc40bd693405f0abf4607623275f4d47af9b40
-
Filesize
451KB
MD557949e1426700beba3b502bead99d7d6
SHA1ce608c81031020ac250a4867736921adcb352b07
SHA25684cbe6458f4ea8430747a031000961e81ae4465a21d427c1c6c4bf143b2301e2
SHA5120937c2770be1cd0c7843872c27799473d28db0ec41708ba1587b8337494755acdae19decbe482e3883368caea8fc066be783b028c734376ab5ef05b4a4533345
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\System.Runtime.CompilerServices.Unsafe.dll
Filesize18KB
MD5da1fefc8b9fb8563485e056c93167de7
SHA1ce6aacfe0cf37aa9ad4cb3e20fe3f6fc189cebdf
SHA256cf3c87784c9269433d1083466744284c43f8616b5dd33ac75a99c4a028e1b5d1
SHA5121b9032706d3c4e7d9e98e8e3f0e0dca687cf36480ac22a5c63c3ca14389589b4020e15ca5bfedc150bab76d3cdd00a787d66dfb383c0fc2cd60a41723c42d418
-
Filesize
27KB
MD5dbc75b2ac60814c2fe4281bcae4a27a1
SHA1ac9632fdb74e956403f9f63ec376fb9dd0ce5a4f
SHA256b036b09b8ad3b8a8bc984721800f64bcdc542b999ef4c2290f85075f698692c1
SHA5120b4895a655cce216b68f94711eaa9dede1b16df456c9e8133de6a21631b2fa2c96a948c4eeae5ca3fa7f3cc5e72e4cdb3781ee0a3585e7e95d9909d874681769
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\de-DE\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD579cf8d4c8f42c601c67789447d8fc4fd
SHA1f8d3ca00b26a2cf21384b8b6bafbaaba1b4be202
SHA256164876a89c7a7aa07c5e8807a7b3f9b4802a29926bb784412772a9d5e4bbd7ce
SHA5127c64cf83809a96ab37b0e4067c8de1a23de72f874e6a5288ca9ba6f1f1f355673249b5cf7ddab90c659d57586096d029f2ffc4fa57f5c81638860650589ef30e
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\en-US\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD5a1c5a02e6b9ac3349fcab8d0de53e524
SHA1f6f812cf3a1385af7e4032b5bb589f4cbb9ec326
SHA256f6d9a19af5d444a5934f201484821d881270e2b34dedccedd1f335145633ab61
SHA51208a26de977b3f5cc7b8768e52ab96c1ea03e888b9d48034a1e0fb638ff6a8ff6e19ee333a99b5f87b81feeb2954b0125220a4412a8e7895ae938412e90a0d503
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\es-ES\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD5fcca6d39baf0c96846319352eb9d8c7f
SHA15b565ef28bd8c451db36696198027d01b8144113
SHA2564fda4d52b14215a7d6b5cac44f3171bc2dea4b3ffae4b0da3fe3286e50cf1982
SHA512ff1720066a9faca8d6a99b5b4e70b142872d568fbf516a0128812d1b7d45cca3ce95669e23199befb6cc8add61a16a3eba4b2d4d81c8c392e6f44733fcc72ccd
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\fr-FR\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD5ec921f2dbfff5540dd5553864da5b11b
SHA1c267a92b95b76ba362854f6ebd180dd634e837bb
SHA25636db4cf585a9229683b133b6ea58d494da6937f94441d811e1131242cf8d7512
SHA5125ba7096ffe083be543a419edca1cecbae9274de3776c53303e2767aed41660f04dc404e1ffddf7126e983ade9068421c72b98768935b3ba9dc09bf30072df5f6
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\it-IT\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD52dce0f4a2a9001ab077b03cc1f812398
SHA1bd236eeed42892588c979b75eb01829e8606c206
SHA256a70a16de4abea8f79671d9ffdebeb784e4d5def1e5f05ecba2960c33e9229aaa
SHA5129129906b14472ee9889559740940377d5208d499a6119fe839c50e653654d6f9865186789c410df77e7b2ae67d94d5880d595ef8453099f8cb3f0bf763964679
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ja-JP\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD546d561f8b266f9acc7700c654b59f8c6
SHA18ebd82ebed38b1fc0477f7c83ff31af81cc767c2
SHA25641d779de28d6b0b0814252dbbfbfd883a0ad6100e6a58175ebf85b4f01cd53f5
SHA512941329776a23b2ecbb9e569e654ddf87658c6a30c0a4af210473025f36816c8ab669a822688f59103cf18ddbdb9c9a1a45a7992d416f631c33700e17cce6b5b6
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\nl-NL\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD59a3daf212b606d4c8ee979d524e6f5fc
SHA1926d101e62afabad9978e897ff8659759ba7a6b1
SHA256ef8590b27b07e992dbe6a4103db07a517f4bcbdb917367721c34a9e13d33c4b2
SHA5123b1285255cf07aebac567d1f058aae85d4a55732ee32488e6b02bf6e0a28e949ea381b3fd4d5c6ff967e2e70cb54c6515f93fe0c93a34037e10a2ec2cb18308b
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\pt-BR\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD5ffd9ea1ffec653d709b8e457eae4b771
SHA1b620e43bedcaaa77aee57177576a6be9d84052e6
SHA256c9fc5ae1417e95740146b9f7fc4dcca5b74124bb5d7d07988b5b06a18bebcd6b
SHA512d51c1c8f4a3666450920a75afe946aea7e32bc9919ebfb3cd2f72a0317ee733f3c9ae4db87d4c5f42acdf2beda94314c82ad74a78586fde70c4c5d0953686af4
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\ru-RU\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD5776e87933d5d1911eeb43f06e0597f31
SHA17143700833d5e9141555a3ae360df677443e7b3e
SHA256752201d307120af7839608fd0e4df2838d690d8b2849d6500a460d8a8c36bf76
SHA512ce1b411a7abfef72354b3e9c6fe0027b2e62047a57c746c1bb13addbbc3d8e8f612587053b22f8d51de33359ad3455db941fff1d1e1bdeda1987119bd595619c
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\tr-TR\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD53d3ee4afc1d73b485b3f48c4a7da86ac
SHA152e3e56f3abf06515ba111c1f03847be1e31f572
SHA25627d78b7ad2504e41b0a0ddb4b391fb5345d41a034d176c702fbaf51369f6a0ad
SHA512651183b728b41c91ad9813905cdea0983660aff9d89a41c5705a0ac8fe6ec013e0912483763fa799ba250167d684703239dab600ff8951440a637c82cf7f18d1
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-CN\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD54610bb175485d0d6b81558befd90e6fc
SHA1832dbcb0eb3c6dcdd120fed994f18be10a33d3ae
SHA256bfa60750f04968d36e1f853bad3c1ebf1ce4d1791140d819b1f210f781b3c693
SHA5127810eb469903d8dc51357bf8c80fce1f4be67e92552ff0ca49bfdab94c8ef78cd9cd888e162d535114832332cce7aecc05b742c78b89389d77764ae522f8ae1f
-
C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\zh-TW\Antivirus.ContextMenu.resources.dll
Filesize15KB
MD56b29b93fb261f65748bcc9b9a91feb8c
SHA1466dc696bf4b85bf1710075fc42aee2aa4bbba07
SHA2561a03cc9a6e9574e09bd5878928a65571998b9f92693248c422a0c11d81aed7ae
SHA512f7398e696a8c852ae257f9617f5614f2578f3096aaa0243f31d6cef76c9a7aba52fdbdbe6a09f9e7e6ef1306eb38d0813e672859ab8caf96af0eb7cd7c359e2f
-
Filesize
223KB
MD5b19c051c7a89323b15b087184f45f348
SHA1284506fab5930c09162138938cbc585e2f90c12f
SHA256cee55487b5bf198f2c6fe3eab9787be6566c835cf7a8f7953346158ed683554f
SHA512bd8b3737a1021b755a5b1abf7a61cf64c249b8dcb6f8a8641da5343f5903a6ae476f2f1ebfbef786573d7d40bdf4fa67e8cdaedd7e3ac2b0f9a62a32a57c6841
-
Filesize
55KB
MD557f55ebee735e04c68e8249e1d1898eb
SHA1fd28cb4f7520ecaa139fbe1041cb35e931413a57
SHA25666ccc1fc5413c1347b9bf9104aed0d07f4821fe350b98b60477d009aa1b11381
SHA51269a96a1200ce93924a6c7b268b0211de248d1836bb20e886647d1cedcce22daa05b7257d859300dca2fb956e975032d1d2b2b12bc0af66d4eb024fad862dda13
-
Filesize
323KB
MD59805763f37a4804067ec1c83a6a43cf1
SHA1a6e685626510c7f415d6996b44fccddfb3de6533
SHA2564713b38d2d1a59d0ada611dcd45aea6ee75e06407e9fd44bbe89700a9a7c39d1
SHA512cfb255869ee09984fb9b3df4dbeae64a5cbfed09de6e92724637f9c293d4d441b900598db71520ac81b0f5724b075936e27aecfa8ad8ef163743d14fd393abf8
-
Filesize
347KB
MD5c863a9b8f754b3d14df2771c5ef92a2e
SHA154106db51d90d52e2f018256976c89b310b972af
SHA25619c31419e5bee816860c7e117dca671fd50ee5d840978753c287fe683784e35e
SHA5123a430828d0809c99c790723308e5b4a7f308696cc5817a30fbc1331698955988d075e710b91348a8ec8c1dc859f323ae852ab955750b8ac09b6604a1ee41dba9
-
Filesize
1.1MB
MD59694c1fe6cf1925d0f3da6da11cc44d0
SHA1a6c43512ba7d7dc88c5ee7a8008909f24ca85d44
SHA2566cb71057135bdce45bae960b94777c9deb9d0f9a0132895d7bb8a8b242671a7e
SHA5128f769f19ed0457f5ec774b7a6221c226bf66bba54ed90240cb9f59cf4c6f3035b751ef0f651ae7318abd692e0c9a5487880858371759efdba16d938e9faa06d1
-
Filesize
152B
MD53e2612636cf368bc811fdc8db09e037d
SHA1d69e34379f97e35083f4c4ea1249e6f1a5f51d56
SHA2562eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9
SHA512b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d
-
Filesize
152B
MD5e8115549491cca16e7bfdfec9db7f89a
SHA1d1eb5c8263cbe146cd88953bb9886c3aeb262742
SHA256dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e
SHA512851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
69KB
MD524a806fccb1d271a0e884e1897f2c1bc
SHA111bde7bb9cc39a5ef1bcddfc526f3083c9f2298a
SHA256e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85
SHA51233255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae
-
Filesize
41KB
MD5ed3c7f5755bf251bd20441f4dc65f5bf
SHA13919a57831d103837e0cc158182ac10b903942c5
SHA25655cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d
SHA512c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5027a77a637cb439865b2008d68867e99
SHA1ba448ff5be0d69dbe0889237693371f4f0a2425e
SHA2566f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd
SHA51266f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4
-
Filesize
43KB
MD5209af4da7e0c3b2a6471a968ba1fc992
SHA12240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA51209201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35
-
Filesize
74KB
MD5b07f576446fc2d6b9923828d656cadff
SHA135b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA5127358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
20KB
MD572082d9056b6e296eda5be28a09a6581
SHA16ee2cd86f0be1208304343729383dc720e0a0f8a
SHA2567595ad7dd7410e214e422c1b0dd72cc8c893dcedeb147bf2bdda32ed634d99c6
SHA512240cd32854bfa5612797bdc96fe87dbefee4db1ad5777b83560bea60f2e70d02d69174977e14d36eb4ca9e42080bb6ef7cb585d8fcc5c1cb6349f14cf22cb06e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD590a3603488fc2a4e818fbb44b14d2b4d
SHA1e72117c3a5bfbb1632074e030fbd3f6075806184
SHA256c14f22ab403fd79031b56cf611a12fdf5cbd82c95bf38f6e501107c466509bf4
SHA5125e4979d6b2241080461dd50d36b45071d1c2ff36cfed81f6c8d9d2b6c24fcc0f1c2d45fc45099973c9b177a464572832e90901be26db901564dcc8f29e7eefcb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD54530cfaa1c8e613b31eb08fc6478543e
SHA13a3be6586931b073749a00d1ae316921acd4970a
SHA25679abb4d084b389110cf9044297ce1061d53f3431bfb15f80cb6b4678f296b5a9
SHA512c9707db67d8083eebe41b861ef826d97ac9351a7fc7392b29751fc79a3bfc782d15f2f94952aea620fcb92669f8a2b527bb1c93e12007760b7c0c4549aabc872
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD557a20783d59585eff0133b250f25eb82
SHA1fb029271b3e0eb1d03776e2bb3635158df76ba2e
SHA256b307ca9f9c922acb0146fa380f6baf884b7a5734cc6f0eef14292ce19f72ca52
SHA5127d69120ac7aac501e29973739dac9dbb5444ac78f888896f14d28ecd6e5303ea38f4d76af326706f083527f809da6192565f6f5fec574a5d5c0a39b79f169b8b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD513e85a7e6de24535465420845b6edf96
SHA1022edf4802223fca1204e95fdf693ee70206649c
SHA2566311a1871dfc09aab533e6d42a380c2ab6b4e9b9385f7a498b8a9b1a1f69c6b3
SHA512206eed3acc59ef73fadd0932b4eba1fb40e81d4bf92f50ab90c9cb4c3989dde0c3ea57d0a7a02360c4a70d83b43ddb5f9f4b7fcaab3f53bef03ea29a868faabd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\de\messages.json
Filesize235B
MD5768369121f39ce9e9473cfe0b983ad69
SHA1f600379a1ce1e2daec7f16af08bb23046f2a07d1
SHA256c0288cdb437e7c1bdad92b320cf32c6298c0b1e89011921d636e40cfe21ce9e6
SHA512a221210341bf30c082890ce9dd8ca059980603bf166f361252c4d52343f2935db4305424261823c9ef167da4a47d5b6ae67ff746751e22670a2d502b0e3fe9cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\es\messages.json
Filesize236B
MD5acd2d1ac6478ebc6f3d2f7f166412e7d
SHA11efd577ccf46fb0472e68c0aabcc247c0f176cab
SHA256333b347d71442b11441ec55e050ba9edad9d4bb6cb45f0172c0de9d61ce38351
SHA512159652667b5b05001831d56fe9230fd2fa6c458f14bdfc8f1b8221fd16c276e24e06cacb50169547cb119b26b62b65e934a8e33efad809bb5b5b5008b0a239ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\fr\messages.json
Filesize239B
MD5b7e4a95b829941608b828b6c7dc8cab4
SHA10af5cd453d2c74800b952026302a4689209d2405
SHA2564f246339bafe69d6473b6bcc942189fd883cf17d1d9ae0cd61fa7f342271b069
SHA512cbb6290bd0cc8e51687e9f369eddfdd9fd52ebc97135db6ba9b9be6c495613c35b3fbf5e9aa568ad0f9327193403b7a8718480ceed0c83109001feba49f1800b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\it\messages.json
Filesize235B
MD51ac3794f94c3edfc69b586825b61fc24
SHA124f3e1d0e2132c1ddd62335ebcc73da7e5c5cf69
SHA256f55e4ed4292e7d995d340627f8a38cfb6c3f9ea4fb8e5f71fe00a2a84237831f
SHA51255be5d984a456ddcffa74176be51cb6cc76bd48695e948e532aaf9e9bdfe26cbb17edca0644d4ef0198051eaa7fe521e0d73051ca19f99b1306da1a11e0f9bbd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\ja\messages.json
Filesize261B
MD524ab2f16eca45188d6462f8b4592becc
SHA10602d1f2437bb220a202f57132d41911b3654802
SHA256443f86a79a9592cde1947f341176f3d92704b2b3ab1af8047cb1765549bb1685
SHA51209fb65d58ddd6d3d8b672641831a78cf3b634c71c698da80eec22b41a81ade06d72255a85cb8b537da8a8f0392b7be4b8f604d590b7698e980d9341a771d8557
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\nl\messages.json
Filesize235B
MD5b2c3f903c5a400a968f4a954e3b4cc13
SHA1009e302331853488d8a64990eca0c815d50a89ea
SHA256887eec981fa27ffb3a07a0ac9043a8518bd8e12dda99bf5dba50b4d3a9d6a42c
SHA51223c40629184944491efd9f929d93d25ca449ff3196ca63cc09e3f4c21c107cde5f756f9a8bdc7d745015356d3df4bd9225438dd3b9d203597c2c47a9cd42ae84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\pt_BR\messages.json
Filesize236B
MD5eb765b13ee1b5de1e8badf8adc24367f
SHA19e9039a6efa71b0742e9b77a1a2da96c5fefc145
SHA256e1addaa5cb17e403e6c7a339a9a8bee205004c6bc7388d5baa9356c7e9cfe858
SHA5129e2767cdf38387e3a1cdd173573c20236e43029362aaa56d2dfaee01227b98b0559f789d1b7f342ce77f5b262715690df8d31f1b84edfb9efb43447f8e42c49a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\ru\messages.json
Filesize281B
MD5da5861bc863584ae7669d140630342e7
SHA1846e3c381bee1a96bc310dc869ba10eefc2d88b1
SHA256079ac944d60018ea0ec88616abf1f615e71cfad83174816f27d72d0c02f4dabb
SHA512c4d8b47e1a340b556c0b18f281f5d3b65bae975924318374fc927d70e0ad126c84f5d4197a4bef1c8a125d0499b93397933554e8064b394431e82a13c823f810
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\tr\messages.json
Filesize240B
MD5afaff63933a028c193227fd69133c395
SHA172c6158a9a77da70a611d54ecb461f62d9cb5539
SHA2569325255feb4645167259ec59fa9a8266280fd49a186878e8167dbd0c168d3b1a
SHA5126e5ab9bf77003fdfcf8ffb993d27a1b1cb9c1505b03e852ed60164cd3021c300f3210c318d3b8060259bcf7e9bef971551ae2ec83e546aec716b76893ac13e20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\zh_CN\messages.json
Filesize231B
MD59431ff93b0022eb853f6464d15bd1d92
SHA15f040f4d34fcc90287b8be565f0c41eefd48a917
SHA2567f827b1ada8499437aa79f429f581a9f6f0f5f50e90607c50517c6b4fa8e84d6
SHA51238885e2c37eb0cf9bcceccc9955fe4edd85924c6e552fcc5ebf775852b04268ad8ec7929405dd0fa5e9527a4d678b6e0e2632e7ae4a53cd6268b3fccc6bec802
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_locales\zh_TW\messages.json
Filesize228B
MD54305706c833e2f09eaffde9e21f6e487
SHA1be46012c07c323b847f17792495b69d373cc3dea
SHA2562d1957cfd7c2cd4216221d27b26de74978e682de207947abedaba6f2fcc34699
SHA512be35190cf91797acaa0a8e1231dbe0c540ede607d1ac3fe3820d5a0aaecb73c1ec9dafddde1d36e515294c5c78ff4d9ec49a90bad76e15cc8fac2bbe1b88e161
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\_metadata\verified_contents.json
Filesize17KB
MD5d5de46f9808c0b6655bd7f5bbee70ce1
SHA1ca2f3592e68934d7142918a5b8f1f629c8ceb6a8
SHA256fa686f6565a5a277f1c244c04d4db34eb681bdbef6871fb75486535cca2121a4
SHA5123ef8a17994839e490f9d710b7a395d18a046ee39fbdf5f6ac261acf5723a5dba83c290d8b65a7a834168169c507b01a60d250dc3ae52ec0f8fe4e60359828290
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\adguard\adguard-api.js
Filesize1.2MB
MD57710357fdbda37e7198b22171a5923f0
SHA1688f20729d4f08165d98e916dc47191f6395171a
SHA256dd68d572adfde2bd5dcb25da06696b1fb86cbf78a97c4253338ae5a8c98022ca
SHA5124cf396dc02192a71d6c73075b9316ec3835d9d4255ca0980696387a7db464b03f290c2116a7eacd1d0ae0280d535acd3c55d82dc2a8626edaa399ef211086572
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\adguard\adguard-assistant.js
Filesize9KB
MD5179aa237df539cf8209f05b042a6348a
SHA118409da7dd08d3822b555c3819e0fc7a89057e1d
SHA256e2077bbf36602a43735d574dc84a91475bd1f02bc13b71907f661ab119dd277c
SHA5121fd8b90d1678a51405965eea6f4cbb5a9623d349a782ca88be4acacf434f6d4a38c8179c58a09621853db4ce03b6e749ddfc5dafcc23007f3e64e522118ef52f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\adguard\filters.json
Filesize50KB
MD55fbbb1eff53ff9ab11c9cca6669d0aef
SHA1ec9bb17e2d87f5b1dd0a1e60490afdf2bf43a69d
SHA25682fc71eb962b234562ba7c19ec7c5a694908678a876a66a5f0c7cc1e5d388d65
SHA512c51652ba1090edd580981f4d637eae94716b9edd86efb96c4860f0814ee0a0832223a1f275ea0dc13d1358e363507b96c4b130fcf35857ae35d6d12bcdca35ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\adguard\filters_i18n.json
Filesize437KB
MD5bed667ea66007f8e69db252844e406eb
SHA15291764d69c35fbde4bc97902c7753a11b415bb8
SHA256fa8990401281d12b5e5706f92495b20cc78a23208e36c283e4f05264caaab2eb
SHA5123be7b8a8db01458ed4bf9557ce5dbe29de75575b61eb0247e49b6eea8f0a368aa0bc664a1252900f1b3b28366f256bb29d96e49f7a262d1124a42b87d6946647
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\adguard\redirects.yml
Filesize63KB
MD5cba3c373893a8ec71edd2922a433f85a
SHA1259554a2b327f93a6896e63b61c47e7e823c2360
SHA25674898ace1f0b1175e27bfef0f7c0b68aea8fc035408f2658823046d364991869
SHA512184d2998663f369eccfef0bc03bf988379fe6f14f7fca11b9e4e82d083626fc8f09d2858036a5ca34e54c8e640064e43ef866f0ad176e42cea6f4bd82d618033
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\abs-page.css
Filesize12KB
MD5278f720401936303f75525e8066e6268
SHA10d27ddbfc05053fa1822864f12ea57976f391fd9
SHA2564811ddabeab4cabfae7bbef0aae995cbd697a6ab5390454d13051b66fe2f1b4d
SHA512ab5ad7f037c1ca692934861ca46482b263eb818e8c8f281e8b6e72bb509a3b3510ad6c7440a704595bdcf34e2fcaf717e49e16deea928a13703586fe42ac0bc0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\app.css
Filesize35KB
MD5cdda1f06d04b256418ebea89af3e1563
SHA187dcc3c48cbc71f4799f5bd66bae2fa6702e6d53
SHA256f4cccfafcb7ec914b6952d581c4a543104ae03665229ed60a886df0828ee6002
SHA5122c4585e1f326fb195a01d7050eebd9e64a731cd0ca92d907599255915f01f6cc70b0e5c86e3112db15b381d709e8f1049953803d87997abd8882737f4b13950e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\blockedIFrame.css
Filesize2KB
MD500ada3be5477feec7856fbea07b673f6
SHA1a14641685fe48af82ae4d51ef2342e29a9fa181e
SHA2564182e6a2069509bc20848d95dcae49413a811848587f5dcc3377b503ecebc9b3
SHA512dc378ee98524ea5cea8f28a6df793e6eb2f8cabb01f4b51c44515aec9e0910bc17a9feff1403d8aa348f00b6b30ad96af6a72ef5870c1140d500e70af566793a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\external.css
Filesize3KB
MD50e17c269f64b863d1502ba449e6b4f48
SHA1158bffee84ccb892288ec5a2f6048eb580dbc1b3
SHA256cb3fc2ff2a457d26c6139ecb68d2d9e414dd3337d0a126e518dd067f5d78dbc2
SHA5120af53de74de76d02bda0497c3daee515dda867e6ef1bb64df0374197947e6bc33a35d383c957488176f27529743f4adcd5de65aae668e907baa432306180386f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\fonts\KievitWebPro-Bold.woff
Filesize55KB
MD58652745947b62f03147b76cd5db508fb
SHA13fc62cd4eb74c4fd350bc559897ffeb576a88ffe
SHA25616b555282ea8c779478cb1d8674dae40f689dcdeb4664cd762cbdfe47c476d8b
SHA5124c518beadd3179daff850af3a3e95293c050a86dba3483426bd11c44aeed2dd737f031eb8a28da40ec1492f343918d474fe2fec11101ea8b1d36a84ddc3cc515
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\fonts\KievitWebPro-Light.woff
Filesize54KB
MD5a8a9d6aaf9f3940badc66e2a2aa21047
SHA18d2cd2f4fd9fd36f19033c01272dc3fe43bccdb7
SHA256a791aba3842d3766494ad0aa2a1b9cdbd2bb8aa8b2235aedea82e993c851a1ab
SHA51246561f0b8f178e4e4cc836a4561d12f6a0670543ac5567bcede9cb193bfdb4bf654e3f01372210f158ae3de58643e4c963c1e1cb788f497ee817877a019fcfd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\fonts\KievitWebPro.woff
Filesize53KB
MD5cb0b064a6f71ca79ea66c595c22211cc
SHA1681567e2764d6e5c7f3d851e77063b9b47ece64d
SHA25601fba482f08656e11cbf03333b07048a33b574dc7024d5651f94b0b3cff89c3a
SHA512ec1517a4c564a4baf1c353143ada7db4fc8d0933d1757e239b67e5aeed5748c2c905ef90b1124deddc0a3316c0acdc136938032660e5489640c85f0345889984
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\fonts\OpenSans-Regular.woff
Filesize58KB
MD56fde2eb6728eb97fd914dcd0641d332b
SHA1fdd99dcf9469dcb61a4faf9d42237f75acbe6a64
SHA2564f5c5dfcbbb7f9a09d7e27232c922994a6a82227e11e4299e922e4c6d9f2119c
SHA5128576a69b6d85f93b3f12372665a1709a7738d716ff83ffc2bd767fa36302aa27bb3628e3094c9977e164e734d29d3dcd938e384a8f4a2524d65000198f5f5d39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\fonts\OpenSans-Regular.woff2
Filesize43KB
MD55d5735e57127db2f7a2ad879fc6056b8
SHA11e55dbe4e381353b147bf963e97bb60a43b0f28c
SHA256408fe165dff48eb2f8cb3a2fcbc1dd92b94d56b4ab11813be55c776871c691cf
SHA5122b777359ef42e42554688227d03de7b0d571d17e59808fa5389bb51a86ace9ac4821e2d741c6625fdb0a81ba80d5d6d91acb47119403763f4070cf605e687245
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\fonts\OpenSans-SemiBold.woff
Filesize60KB
MD5fe241c6c4f5a190e821b7c03e337d756
SHA134cb39f498daea83e4575b41d54c0536c2496714
SHA256029855f6870fb95f6331f9d8510e4b36cba265a694ebd643824bcc48a219f170
SHA5128f73787ba84e8f441ee4a836ca90c351afc4766ba29b4c45ab58b5b24d73c522c44429f076c69df2b3fe6ff844c6874faad0122fb1b6b01167e5c85004c2c111
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\fonts\OpenSans-SemiBold.woff2
Filesize45KB
MD57106bb83a0e767e12659de9cfba3926d
SHA1b869c145806c2b7ab5e0603db32c6d48b19faf79
SHA2567a32484e166e1337fbb0cf4f4262bb385ed9081f1ac20f9efe39e8e50490367a
SHA51227a983d80c7f0553b60b047adbc1a22ecc9f48cba76fee8170512287fc7544d15ed038aa6679ae01559406aa74ccbcc16a51fd2128811bcc794a6bc4dcc994f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\loading.css
Filesize605B
MD5141647baae089ae82d48cbe41fe05587
SHA1520ef2e9b384c7951c65c7457b358de07c3533e2
SHA256a75340fb208ed7435f8398e400118e4ae6df8550eae19615dbf1ee79ca990af2
SHA5126b04e63c43eb384a2365aa684e26b50f45f880cddbdf4fc2ff16e65b3fe500c98d4289844ca4275d236d82575926c398f1b96b0666593fcb5ba1c5cba8e0fefc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\popup.css
Filesize28KB
MD53ffb8bc021134070b11492ee9f4c96b7
SHA1bd975bea946bae402ebdc835422c0c375fe60b64
SHA256f639dd60238a462058e9f788c77f908fae9d783d1c2edc0bab5594b72cc93baf
SHA512e3034f34d616b5b05f5078e1abd24769d1d897749419d90aade7d6222628d32c1468174acebcf6ab9d677e4bcf3644e835616f8631ceb282047261660a2e2074
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\css\vertical.css
Filesize3KB
MD5bafce6027ea2815a98c23a78c461dd40
SHA1282655940842946f1588d7ddbe1f46cd4c2e12e6
SHA25662969c5cf436234078b317b83ade2cef84da6ff864857c8bff6b4d86352219ae
SHA512cf03e251c0174f85ff6de7d6be1af353b8de538477c29c99c1a9a3c6f0b01c3e1ba854b44d2cb3c2e1d328604881d3fa86ce37bbbbd7ce62afdc0d96b6340382
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\ExtPermNotification.html
Filesize609B
MD59302990e04ea201a8674bfd300b585d4
SHA1e03756903189b92a429af87937d8d4db8ad6f4d5
SHA2563d56f32de79184fe57c3f821134135d3d8d73b2e63dc4159926f73e4141fb129
SHA5126ca8c817fd9af12791328ea8f8d4bb4c69c99c49dcd2fb7d92807e5f153bd1ec243f169ca57391c67c151b284c16dd930cdf73d5db917add12290a89db64d5d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\about.html
Filesize955B
MD5a7d9407fd276bfc656a6977b5a957fcc
SHA185d1307784f35937b14422647a578819d7b00524
SHA256693c2c387a95641d5b326f9c622cc737d0c5b8413d4f9d67739c67fddbf5ec24
SHA512a63a83c7001173743cfb3b97cd56bb29d21fd383c88842adcbf289b0a2c90b7f9811b068425aa35d268685d5bb0930f7bf4d5056e96fb966f38896d444decfe5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\absLog.html
Filesize1KB
MD57e6076798609bea02deb6fd42561fd7a
SHA1042a8538fb16d9311c930dcbd9a22f52b77d5d01
SHA256505d536d6ad2b17081b0733cd46be87e05aa593caa110e6ff21b95774cd133e7
SHA512fab49aacaf3e1af696cc1d424118d39517a6ced74c518a7c97a1df75954933a620b945d6cdb92a029963266325cd8f7a82ca9b7a4e9717d7cc863f4f41e364e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\blocked.html
Filesize320B
MD57b82d8e14f98c0133d4e5b43cf93213b
SHA1196f6d5ce425f46b9a37be119f7fe2d53939ea21
SHA256837f56c30fbf15f104d35552163ceffcc26bb1ca0196341f213a6b9b46774df3
SHA512b468054f45b94f085b699c76d7a3035fd3714b2179739f556708118701f11245bacd00472779e76bc8e9859fb315f3c87c5458c0dbefaa6e514e0b9ea0101d2e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\blockedIFrame.html
Filesize361B
MD5c5f80f2511dcd4d85d6a4121226bd669
SHA11da1a6397cd2fe7af31b74d75ec834078441f0b4
SHA2561594d272506b1a93c8100488c44bc64436407dc58c9f9d5b64cc9eb6c2ea0fc5
SHA51238679cbd0045f1d3a4f3cd116da390d249c6c22f7cefc949b4f61d6c2d855dc533017de6aad9ef7f017a851df597b2eefb6f8ffa631856ca2f8c881bec30fa8b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\card.html
Filesize592B
MD51d94cf3e6574c0d8eb19bd0fbd95ff87
SHA15b61b920306e1255284458a574e8a460dd1add53
SHA25667e778413af1b332c6cffee9942ca68838b805dfa6a6529231c691db5564d595
SHA512a9e1eb8396a3d39d9ecb2f9978039e15e42d4e649db37e5516c48d6e9650a40f6bc4610334cd0f1c212faba69605533a20459712111e0eb4e6543ffbcb9a98fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\external.html
Filesize597B
MD551bac360495415690f3ee5a3bda5356b
SHA1c6ed0ddf194ccd6e97e0c60fde645c6a6d2b75f3
SHA2566ddb5c8e2c6ccbce556f28f854881ece3efb3562c3d8b3e190f0a77b97f5ea21
SHA5129368c2fb0b73e247c4a5dde9e752f564bba06f11dcad8e12ae5e969bf170178f5d1ddc9ecab618bfd7a27dd5e978bf88b877b80e5af490ca3ad243cbae5416a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\loading.html
Filesize424B
MD540c22d754b3ba1c0abf88a74a94de82e
SHA119963348e09e1749b132853c490ec849611bca62
SHA25670994d24863e27a8ebd783771d447a56119d0d6e6162aed1ff85323a656d8767
SHA5128f161f199b322c4edc6e08f893ecd558b08ebb97ab4694c4f28306804edae06394694e20a61c3bf9865ec36c825f55ab463189512b3dfc7f0a83e203e533946d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\popup.html
Filesize772B
MD5575715b2babbe58af5055fd214118ba1
SHA14018d09168e46e575f98ae149e27d461c899d4e2
SHA2560cf5d796ef3e9843f65fcf1558ff57afb90d252c5aa4640bc2a06d01e3f13dce
SHA512fc0a3f21ba317be88bcb0ff15358ce6c38f3f97c9a37679263a183eb528486914b7cd8790dec4c019a147a5284639766695a0eaa7b066ee4d91a9bcd71a83123
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\top.html
Filesize577B
MD543b8ef104c1b05bcf16e939c20b251d5
SHA1ddf0931e5626d3c0f2f3ddf46c50c5d50d2bc619
SHA2569000981a015ef6373cffb830a76480db05e9bc2bcb2870b1fcabe9c12bd491a8
SHA5126fd8c2d9404fc8c31608df8ca2fb832bdfc589b26a075a9f5528cd36b8377c334049daad2ae489ce5b2b4e03ea34123c65514ca94234a15bc5f5705fc27481c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\html\trackerNotification.html
Filesize608B
MD5f837b03fe465f18daefac626b3a498d8
SHA13f362f1f82e9173b03b3725f71ea97a7fc4f1895
SHA256643a1f7a63657a6fce9a2e117f3d990a65682e1ca58a922314f3b106a9dc6e63
SHA51256f7b59f4169be37ad04dbc918e33e46b8f7adc6a49b04f9fe039826b33fba0d313b3c73e8f8596955030cab4ee1391bbf3949f37e6b094dcfb7669399ebff97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-ads-blocked.svg
Filesize2KB
MD5edce6db6043a46545f1db7f76e8569ff
SHA161ac052b05585b8c1052af0750467ef97ea3977e
SHA256e336dd768b43b8998613c3b0aa21b9df68e444b55b936d78cdde057d3328ca90
SHA51282b10ab3f7b555d32fac57de50dde4094382f877cb92a91d50b730817bf9420d7edf52388dfb07cff0400996ade86cb4208f662801f8eaf5ebdb24230eaa3b88
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-attention-small-yellow.png
Filesize322B
MD5096a1defdb6d121457a984a638656b16
SHA1761cca1118ed7c56ab09f2899c77b0fba2998aa3
SHA256d2c167d2dcd520cc2c3e811b38dd2a6910f20ea2a8941f022531cecc2344fee6
SHA5126761225e948b8f2fc0aa641ed882a7a538e10e093f4f16ddc825f63de247f6fa80708d615579e6c7fad002dcb37b480cf863669c87ada2cfbc80c205325c3712
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-attention.png
Filesize3KB
MD538b66ec6515e30ec167041661a4a996d
SHA11cc89ebf5cc4558bc5f9886a90f4240ae2dc885f
SHA256c729663d6b86abef0640f1c636102c3c22672c39867b0aa4b8b850386e9eeb72
SHA512d5e8ebae653609891cf98219a94f865b7f914b9188332c7f1373e6f3bb8a67516ee382695a2af2436227dc1867a4cba37bc95a017e7aa3f8b59e625b7ef945a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-check-small.png
Filesize450B
MD5028d7264fed3ae88326227f4e63c5339
SHA179414c0431561214ccd3fe96be8267b1518a4df4
SHA256b25c550ccf4551386baf8e9d7f0bd3a7f5164af0ff27ced82e213f788ea8ef43
SHA512d2bac76ce970537947496b11e6d2eca44461ec4899c72aa53dff577e08b1b734dc7c7009df2a376aa2ccdc49832fbfc9acdd8546b15fdb22e3cbcf42d4ec102c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-check.png
Filesize3KB
MD59f83bc5aa81337291609ba57f3e7e431
SHA19f71519e4fbceb28d29a503de71d8fec0d5fe54e
SHA2561c30bc9cee8956c1e53b6068ae489414b7b7be764ebe54430f0568eb71ef2788
SHA512e5b1ac7353c5bdb049575e0914f392d3c16070b772f03b89422208cfc6b5e403debe06b090e60f6bc3374622a3fe91bd2ba998eaa08a833c72e0af6231ed233b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-checkbox.png
Filesize542B
MD579e61d16ab8bd2093f6d71b9f2126eda
SHA107befc0649f56879910a2c05833f757296c50eea
SHA256731cc89589e63418b6e4c2b1d5fb29ee90496ed1ee7a48a7d180288251cacad4
SHA512ad83ccd30f46ce73a9f47627b948d459abc157e769603885f1c2c1bbd65d19d7844891ffec386061f6a92ca0463e39ed4ee246af439e3aeb62778c84f50ae2f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-close.svg
Filesize704B
MD5efef07118c3f6b6714a51e1f9a0a52ef
SHA1eceff182e43d106460dc2a0a7f0c9595ff199ade
SHA256d245b82012e36af73493b6a19ff75d413a99a94ef4000258f927c2c933d3fc2a
SHA512c23ba695045f2ef54e0cc228e9dc1ad589224a89dad2aec5ef59cc4f4b20d453f4f8891b002240d7f5f37ebd36c2cf27220c1b39b0f8bd3875787d7d3872057d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-danger.svg
Filesize5KB
MD51d0c23d3a3df0450a824d6b6125a5da8
SHA1c2e8579370fd9f9c045fc674b36aa89c76980702
SHA256a14331e5319102332854b7733def47b904f432b2da3108332d1c6089f2bd61f1
SHA5126b07977e6933db42313f16c06306faccf169ae5ac52289afab31b7cb05395f0ec53867ee636b3ac59a02e42dc538472f740cdb81b29538c1fc2306a119b22de4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-info-badge.svg
Filesize1KB
MD5b853fdb03fae71ac1078ef067e1382ed
SHA1bc471366eec8ebc82b2a3e1ce5f57b01cf3b1e5d
SHA25622ffd29dbb44509ddc46b0a07935169999f39e2c36c4f861df4ec1ebe36e5cc5
SHA5122ed4a572451bbcf446886a8415f17d6c121fda69cd72206e5449d7c6bbef6e93fc7cc48d8b74881a5333a0578f9d45b71de0d4446b582c7f82da4d1204b9ebb5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-menu-close.png
Filesize232B
MD57c0d1689c3fe745687cfd01ac024d1c7
SHA178f42cd6678a38bc3fd7828e16c24ccd57dae12d
SHA25681955385b42701de114434ade08e7a734805461a8599608f1d424eee493b571c
SHA5127b603a486ce463bc6cd22089900c5c6ac8a1c1cf4822761a44c9d6ff27c587fb324f29e01915941419355a9e4273fe47849dd14e732a42a498f145c22f34f9c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-menu-help.png
Filesize230B
MD57d9bdccfbb5224dd023623178b461ec1
SHA13152b0a349266d84659bc0af705bdc9964f4e104
SHA256e8e9a356841705900ffb68a0e3e0a5779fb91e1d57d99e76321d582e90212885
SHA512d80b63e3f7f111de4cb5500bbd47bd8ef4543fd4825e25a79d386e0f40c80ca55b07e17351c68d97c0e4919d4c57255b953f5374341e51d68d8663efea787ad3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-menu-settings.png
Filesize379B
MD59ef6962f93b27eaf94ca003757eeb4f7
SHA14a19af7efb0fbde69004d6b7b6e6e291e648cbdb
SHA25667bbb5c10a75aef381a30df66d2084d2f188e08d2a109358cd1567425ecd8d4d
SHA512fd3740f6a4fae3d3057c81cc251b64b3cd8c02bec1f91abc58bb5a3c5d2089a7f9078020dbe4929a3d11d50ecded4402fa49a3b0a3d6d2fe11885ca8cff0cc59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs-trackers-blocked.svg
Filesize11KB
MD5b140200e56df096f16857c6e4d3c203a
SHA1e7930ee1cd0deed8acccff3c32e8bdccfafad6d4
SHA25665ba0bb6492f913720037f9305a6b548b94bee7c8a83014f6d105422852e8f94
SHA512ffa7a276b7fcf7ea8d8e834b060b11b07d035f3458f42f2c1c638e43d153d751c191cb70869003c3af0a369340899ac2645dd2e4fa600e090bb895d4cb020d11
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\abs_logo_small.png
Filesize1KB
MD582516d2af5768d8bbc28e22612e62387
SHA17fce1dcf46d820aff313169b93992108c80dd17d
SHA2568bf36ea0ab8264f7c610cfef27d7d6f02640fb63d020a0d1d47df9fbefc8c071
SHA512251f04083683104697b9044f0a84c3cd6fb29ce2c6aa0230ec4c6b08d5eea240087950e29888d5130b18521928f8ceaaeeeb14a92429af48272dbf086f519980
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\absb-checks.png
Filesize972B
MD58e54aa861a9bfeca5abc9a0473e01e7e
SHA11b0f0b2cd84b2ef6fff296853ed00ddead75d01f
SHA256255e63f5a3d6fad430830b7d45e998681f11151bddf2ec984ed6753fc5fe24fc
SHA512a50c6df4aee05ef50acaa9478613cb24bd9ebbab28346b0a2d301a76f6deaf23ea8274dd93b02f99648bcb28c01a0a69e9373e073d1bb67c8483e5e091597531
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira-app-icon.svg
Filesize27KB
MD59a763eb5f14d0b7437b02be35e2d328e
SHA17d75e52cf966a2679bc9e4b96660330fca6a29b2
SHA2568a7c8542da69184612838cf0efeb813ff0efa8162d835ca72746331dc408e44a
SHA5125ecc6dbc105117be2c35d83ab4a00a57f6086e5d177f956d577edecb718891d4de07976cd8ed223aae0a11ea3b7edbc04740ec35bbe1c80b6fabcb074ff3f2fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon128.png
Filesize3KB
MD53101317f028ea2740884f0aa55f9781c
SHA17d1b34e1aedf419b70e0d46b6ebe9cf028dae645
SHA25647ee5af903d69612254f523890fd8b656f778d4b80677ed277b02ece84982098
SHA51263026fe7263ce2fd756c4babb23183ca9db832f2a2b93efa992be44ef626a0baa2dcb316981aad1cc35c1a5ec47bef2435bb0175d02574e76681aaff8be261bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon16.png
Filesize508B
MD5104f27c287c0f1bb046688829b8f00fd
SHA17fcf07b8eb37ca5d628548b2eb4dc09040455bbf
SHA256c02b11f4c6d5926f754ef3bebc80f233c963aa09da1d785c25a46320d60fdbee
SHA5123348a372b8fe9ff0216cae6dec75bfb2ba18f8a2396c05fc109d87c092946f58dbcc9749e0af2fe3305c9874b8b9e68c218d236fbe204026c87d20498b94ad77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon19.png
Filesize573B
MD586f836b6f293fee135bb57744114eca8
SHA107b0c19fc641c0f5a15f907067f300990fa28421
SHA2569d457f30e2acd76f4579a3ccf66b7beff2f7d827f6bae10abcfa3b1ce4e8bd2c
SHA512846aa90b4997c034aaa2d64a8bad1456b8277c01be914462d20810ea13658f6293ef3f163d50e962a2c303e939a87047475cb4fe4be0667885f6f18dffcec32d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon24.png
Filesize822B
MD53aeb9edeec50c029b01a41025e09f595
SHA140a640d7a106ac3877e3a753de91b9b9fd02b6ec
SHA2567ab25fa2cffccc5535417758f0d4a2b69313cd06d80ce542b414e9f63a03b007
SHA5121c8de0178ea99144f752bb6d5bc4bbe2ea06dcf680ad4b202d72f5572e90014db3fb5a56dd81e54e079ea642fde2da0f9da6123462694887638edf0e05cebdda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon32.png
Filesize1KB
MD5bbeb9470bf3bc1e3bae38f51e349623f
SHA11778963beb82522f90f12b3651714282d7ac00eb
SHA2567f8bfdddf9d85030f6d03c843e67096cf5cd5e9739cfdf7e1e93b9e6033113c6
SHA512f36975d2c092a2eeefaeb788b359accee4ee7eff8aa7a47a82826d95711f76e4d24ed2db5f7900cff0469713279c3fc6af60026334c6670610023af45fb634f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon38.png
Filesize1KB
MD5ab679669b9da45447253f8062a3d4432
SHA122c87db70ee3673b7bb46ea2548eac1f4f22ff34
SHA256865c80e73b32aca16252fbc7fe763f71e54b234426982aa2f66e34a855b0527b
SHA512ed795644d4bdd49f35999c6365d6af6c7901e8e4e2c9a06796a51cfc08671b8c83ace3dcdc78ca8ee6c07b75252b971aac81258549a5f3afcd242a1d4b8ef4eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon48.png
Filesize1KB
MD5f8000bc39ec098931f7cb34e8ab4e75c
SHA1af109a664b578c12f79448f300d70822c6d0564b
SHA2560df8862dddc9535b3ca7bcfc154703912ddcb4f36e1c717a965e2e009dbfc654
SHA51210fdc380dab3c39eb059fd33079f940a72cc6de09b7bdd18290c30d8d7e30f21672489bbdaa543a91a4ba1e17d2f92c69efe2aa39501805703c45b76515f219f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_disabled128.png
Filesize5KB
MD5a481d57ddf210931c690b6b3dcb4ee38
SHA1c1c08f1b9cff3aa6d592ea5a515277e66ddadd08
SHA2566297323de5a389eb073dd96fe03a6c05a0f68e1deecf8eafdc6543a1500cd0d0
SHA5128f476b7df7f2c0fa2dab3be104adfc63ea35c557cd14bad6a8c80395adae67dc8b0531acdaaa7e5a1bba7e4cda737714254a9ebb369e09469d28ce747a467a5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_disabled16.png
Filesize1KB
MD591f6bb1edf4571e2bbdf4490a9e85d22
SHA162364368eb79a958539fb3f9d5101fa9e33f5ec7
SHA256e4dbf87ef2db4cb0f8cc806023392e7ca2d5e7c2ba608dcbc1b8295490f050a4
SHA512612039a7c53626b6b1d6c4060e221cf328e47826bd53c44d8008b1f5d903fa7c8608201150e8441ae94a8e5da617fe213103b539940b9dc104a610195480b002
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_disabled19.png
Filesize1KB
MD5c3cd627d48f5f5381c90659f440543a7
SHA19e92748315b338b75d934290c5b1907253069ec9
SHA256ca5f081a0bb06588edcd13af2456d0177152c845ea13a0dd72552dbf83286f0f
SHA512e079193af5dac587e1c57d9045ae59caef2a7d90801a8ee9d9f8950e99115271f686fc7b39e14b72fcf882c39d4b7f4bc2f3585848007cff6ee71ab12e1a4cad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_disabled24.png
Filesize1KB
MD5be4904a5b37ff6e6ffe7b271e4bc20cd
SHA1dcb0dfce2330c1d2081ab647877c0b2a560572ab
SHA2565cf30354fde8ddd8b7f7b47b71b18ba5b4ea82d5a2d1042f7bc17aeb400781d6
SHA512c50255aea9d69cf0e595a2dca98aa2e8009984d481b2267849ce1428c9befd14fd649963b94c8eb7a0a7af34e80c392dfa862a99981c524a2e084589ca3421a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_disabled32.png
Filesize2KB
MD594a738417631064593c41c2e440ffc01
SHA1e68aecde30fd8596ab0fd14f008309807d7f88cd
SHA2568e9dca75124746521e8b9f67346a9170594fa7e6384797568de0b660826e186c
SHA512ff46df7250445199316b8eb293770dd2197822814e0d1dd800511af9e33241d00a2f5e1c53b11dc0345a211077f198f6983115063058dce4247e91af64623bdc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_disabled38.png
Filesize2KB
MD5b1f6d89a1e590f900a95e07dc4d24ba0
SHA1e85ba2880de4d778af803913302e3488bd19b071
SHA256f7987bfc8d4f2bf2444667e6a8d03efac3251ade9f43db65a2b247b68ab6403e
SHA51291ab7a44f96be6c61355610cae14761dcf1310d3796a0d0cdb68ab83fabe04b80555a76c365bff313c45c63ccd4f0f07eea5671a53805691b34d50997d3984e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_disabled48.png
Filesize2KB
MD5deb9fa07c2e7652d4badd63d254738e4
SHA1f55fd50d9f1fc0d4d924261eddbdc8b4f16e0229
SHA256d7138b944859201614ef45adb012def08f4a14b8eb978b368424059f58a0f455
SHA512148ec8b6d1aec173b78a224623740b64bc577843186f93bf64bb4e0f1ced89a0f43b0adad036496213afd40d18644976828aa421d33d14a4f570533df06bf96e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_warning128.png
Filesize6KB
MD5764cd5156f5a3c5f1b34ff234eb7d0b4
SHA1c3d481fb25e5935fdbc1f3b231e5f8c006daf97c
SHA256f19d08278a8ffab999c351e49e0619d98f1e6c45bad265443e98c3ab131d5c0b
SHA512f51d5b9214f2caab087dd9694284ea4301d745176fe15e3aa6024f9ee42b868f8f85eb2b44b0ffd53feee93e883b0444fb6548dd1f600b7398aebf483278cfd6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_warning16.png
Filesize1KB
MD5d1b3ee92b38f022783e6e600f1821001
SHA1ff65d7a57ccec845014ea0fa243192851d94aef4
SHA256ef1b7e0adea468b4d14b4943f4c2d18b4bae21d27e0fd80b43e1aa1c684caf8c
SHA512137f7ea7a45473c2ccfe4045b883edd4bbecd09ea1f97da6fd629d4f99dedd88ed96ec4516d417ac7d30bba87814a617e0300f09a0897a4eb7a4e9004d2934dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_warning19.png
Filesize1KB
MD5df468472e9708cec59993e2782ac0f48
SHA1012ad2428c84287b06f18b83ba998ac80dd6f6e4
SHA256adb4565b71e75d722d97f9807a24be11efc506dedc832e899cf8390d88ef92f3
SHA512191f14fc74c8861c0f4cd040b82279896074b174d4f8589153b0504d416e67c958519ae68941156a42c66ac5d6295aee32088d5645779de6a04cfbd23b495ebb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_warning24.png
Filesize1KB
MD562e4b3c25f6706ba7a4e5ceb3416b3fd
SHA12fa250c68829716524729e4545bcf250aa6b8b48
SHA25621eb246086e164401033e380fe63ed12b5aec676d1ec666a9bb03aa47dbab46e
SHA51280ed2ef22e222eb0a3ea169435274aa9cfe2e895295fc99058a2491b7d868bb1cc341cb3db8b42fe21ff719c4f620408d719528efc88633a7b283b28c0cdf952
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_warning32.png
Filesize2KB
MD5123dc55bce032f7a6a78d25839176505
SHA105b6f572395749ec1bb22d12c45e909809743c03
SHA2565c785d1bd5a3283027248bba70ed3f51d787416b2a89d73b271c9c3acfc41a78
SHA5122299ab1c70b6c9851444880a49e0dd7fcf063aed5322ab16193106ca2f48a84fb9ec0a273f82f1643ba90ba951787318ac680f9624185430d9b223941db5a256
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_warning38.png
Filesize2KB
MD5ccfac542db190600e7f2e81fae2ef5a3
SHA1ce2356e85dd94ebc912f56008a3e6bad719be9a5
SHA256b4c961b5f5ec23901def2de93bfa7dbcb859211278daf7057285f420f97d789d
SHA512b8e3536bd2aab3f0f15ef8889489bbe15f529cbeb789b7db9543a59cac5e015571d5a028195234d5bdb5360d0deee4929c451673a60141cf5d21d1e5c8ce92ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_icon_warning48.png
Filesize2KB
MD50e7f35907ce8dc52fbcd7d18122200aa
SHA1cf2319f359cbd3b476208cb5409b04e0984857b9
SHA25679e6c321e672379984652c073858c79d5538b059145b97e5b2a6da1295e19ce0
SHA512abae9874b72a25b70a6129d0a26a9b3795dd175c0d396c6346242d0760a8dbebf77800a12cdb986a439249864243618b567a0d8a3d8edd8cc3464092a5158446
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\avira_logo.png
Filesize1KB
MD5a1f8933d968d1d436c137a502f032b88
SHA1e696db4d2dd296c26ab6c22ed804295cdc3076e4
SHA256ed5d230d1873f584e3db681a5ec9de20de041471f185c19030ce12b28f76c565
SHA512ddb6efc80adc6aebf233406d2f74b105349261854e3d5b15346d3ff73568ceeff5c02b2a42c66ce4d437408977cb5fb18e6c7f41145757546c43f5d5f4f6b541
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\classification_safe_lg.svg
Filesize1KB
MD5a3e7de968c143166132af3b92ec4d1bf
SHA1ae05c5d16aae3f2e299e58b344f774b9a3fafe92
SHA2567e21228879ce8134bc996752e4787addd4d86eb436ea7ca3e82af8fbe8118e13
SHA5125068fc9d0c99e402e9758c0ae35bdab3cc7103b44926ee3af14f715d370cf384f2ab51402d26e2642e5f9d0d3186bf4da9882939be6d45f46655d18329a44524
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\classification_unsafe_lg.svg
Filesize3KB
MD5eef8ec3bd25b2fc8c82b44e4342956a7
SHA1f2b435d0195a25db0fec7d91416a21422da37ed6
SHA256b0a49a28ac0d9c6af6474398914a53b100bdc74ff0eb8d095b7ea374891d492d
SHA51255dc03a815c036ec97c169695793f4280a911f1affd0919ab7abf5f7c21c57680beb4c749ede53ddaa39c6449496e9f9733b884dc0a1143701fea2b352aaf14a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\close-offers-bar.svg
Filesize1KB
MD5289d573a8b113aacd2813ce1dee22e8a
SHA11922e429d6884f684573f19ec15bcc7c56eb61ff
SHA25622c2c102f04eb02727aed25210803b9e71df6a2b5d2852c0f78bca4ea2faa54f
SHA51259adb1898d8edaa90ecf615604fb8861701aa6581c04a026f36b7f80294ed500a51de2bc8d869aa8ecab9a629c32ab4401c898a3191885a9e5b138485949fd77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\close.svg
Filesize1KB
MD543274fe45f06f51c23b0a83acae3dc27
SHA13587339e055509e48224e00a48cff97eb925990a
SHA2568cd490aa33cfb692920b422d275aacc2481c23ac28d39dfc8644334a7a24d230
SHA512d9a8a2c7ebaaa261155751ef1b5fbd33002d37ae4712ed2ff147a8d00183546aac4bf3a8822e020beff0e7329e6ec8caaf2895dd390f55b459684a073035b240
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\ico_tick.png
Filesize4KB
MD5990387175950ee6e7205ca69ba54b22a
SHA181cc157667213486281e09e343a492d464360321
SHA2563597d9c7edb983c73dc7a49352a3781f8822b405338df08bc77931346a7ea877
SHA51222753fc1cacfe1e8ad1887635b7e776f1ffdcb68cdf626b03451eb89ce08d3e11c055cdf85eaf0c618e067c10d07126cd2d136b8b0565d74cb3af984eba15dbd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\icon-facebook.png
Filesize348B
MD5dfc9fd42d5b37321918b52ed3b4f468c
SHA18f78b140774e96c1ee255d2f5d03c49b3613781a
SHA2564929d0b2ff33e77e2ce83907667157000726ef6463c9c798d6faa6ffadf6662e
SHA5121e1bc48ba6d240517624b43a1a7732893315775d6d8202eac5c30a92819835d6ae762383857a73e94ad3a16436a13d78ee0c180a28b8698eb1553969d529f0d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\icon-facebook.svg
Filesize1KB
MD5d9eb94b037c28fe6e3f7501eca0acb85
SHA1c6f259bdea67a6ef7111facc3eb22013afa7a903
SHA2563fe37b00c10fcf84f37e82315ae5bf4e895a598e6554455b105e87a1bbc7c5a3
SHA512295bc5eaddc07af3c10bcf7f779482ad1a5d0ef514386f4a68162746180b337211eb7328531fe4e1f4c96968828e87d31ee2dc8cc48ba7172a47402b1c1432c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\icon-tab-alert.svg
Filesize903B
MD538e2c64a7152a0f945ad017f5de5f2dc
SHA1c29a0c6837ba7bf11abacbe8037577091330a99b
SHA25613ff0e548ee018c0b696599debd453b66a69697883cf76bf738bcca31c90deb5
SHA51235c8b067abcd945405597fb44bd2e1d8d0cde1c76450970b8818e14320f4c244bae1f1de308dc367090df1a525cba66823772885a2a0519514b6f26d066feaf5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\icon-twitter.png
Filesize620B
MD5a5ea8f5764315fb6b4fe78c08374d12c
SHA1ca92b664750000c2b1751bc6076e21d88fab90f1
SHA25621429131a8d20a91367bcf989179c27a407a288703e9f0d5a083a17efc75e058
SHA51237549e299601c8a89e9ac3edb3ceeaec00b0579fbe8091fa46dc20cb1bddd525e49a35f3a63e77f8bf140eb55662812d9a249d8b6b7b5f604ae9eeb35dcc4553
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\icon-twitter.svg
Filesize1KB
MD53f5dbfb34d7b83ed182fd8e5cef2c8a2
SHA1553adbb234ce87fd9cdcfda49ed1f1763faed349
SHA2567e1ee1ddc297260c20f418ce5562cba892c984e4d35ec4ffabc59de1a29774a7
SHA512e3f4fa51e303065825db710d2c9d448681d7fb440f5e5ea3a63e15dc8c418eecb165bcfe0a3df532693a248475f865cb1ba1ddb88401a5ee23fdc5bef4eca5c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\info_empty.svg
Filesize874B
MD599214cb6cfb576ea571317f1253a799a
SHA1e913e4fd5b3d2b4885e5fca62fbdd2c011f70f42
SHA2566e64269fc58d3aa150fee6f72eac7eef391b414c794b1f6ad745b2039e7ac4a5
SHA512cf02d408d37589521438a3c65fe55e35d84aedbfaeadfffddd1f42ff72f9b1704cb12a21b611a9bd725624b55de4a84045e6c7824d75f229ff2ac679b1e0d095
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\info_full.svg
Filesize1KB
MD5c3bb811cc62383835f671df55787e136
SHA1fda83b89e87aabb4ea80de473c0d163867aab9af
SHA256dbde26f6347cedb6e96c6bf657c451d15896a0392d960cc7f989d640cf41f951
SHA512326e7c7821305b0c8055d858ca018052fe353d6c9a7cd4e9658552ce6322307fdb996395b8062f748c5105b2876a14c9e12c0b9377c309ad22df6427a68cf8e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\logo-avira-antivirus.png
Filesize840B
MD5e2db107f9448a33652e11c32dae61df0
SHA1e293903d826f13d46167d90afd8bdb64ed4a552c
SHA256054d3344e60e8d3e76150d829f6a7bd555de218a3bd57ff1b127c1a01575fb06
SHA512ce064889bb68218f28129a67ed44af9a5a6f8e331b1e58997fc2604c4e8d67aa023263f8dda8921a8252db72ace9d7c63c8059e8b8d588a690c4eb02001d566b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\serp_info_safe.svg
Filesize256B
MD59186187679112c42384c521136db2b63
SHA120765282093df3d82d97ff933cd3c08ba627d6b2
SHA256af7f5412f18ea3af7ec1f46393fcb875f88d37cd98b55bb4547a5f158c08bb9c
SHA51268929441dd39830d4ac36e8557d9c72ee9eecc3b84a4f62fdcf040a3850885f8ca991135d021a6ceb876a7301c5858acf9ecd08d5ad59586c1d0b8a252ed5515
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\serp_info_unsafe.svg
Filesize231B
MD58cc50dc5a444ebe378c4440f8d4b8fe9
SHA10518fda87170d17d601458dfedfcbb976344c400
SHA256c920a9fce3aa568b5604e57798395a3fe40a74ee2bf47c7edb435405e249738a
SHA512dd779fa1e21b340340ade922488ce95158004b60a53fda45f23955a58f045eb86817e1a0b4155ee05f4efd6d7f879fcab17e54c079698c64a8075ae90fcfdc7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\serp_info_warning.svg
Filesize437B
MD516dba44567b599779c8e16b81adbe0c8
SHA10b8ca6f931213baaeaaf5cddaddd9e183927d3b2
SHA256d6c72240ceaaa88e4ba8d5767c1de986c47ba65782dc159c863d6d459ec17025
SHA51241a3660a75247a4cccad05afd6f5f6eacd92618b2b138196e34aa82653d5190b6403b7cb4a8df0636c976b15265f0b76425b731c8820615b4012b69bd4d7286a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\tracker-milestone-confetti.png
Filesize6KB
MD59e79b9aafdf25646fd3b5b6ea75a61c7
SHA1e71b4130eb3019a3b7356e3c6faa0318ba7d3c77
SHA256bb66e678fb57e2216d6b595b12402afccc197b7a4cdc013133541510884dd64e
SHA512c4d008a1d41548abb0c27beabc17dee827c74a6fd1f155c053fcd4c60a431e9f7a13a073dcf5afc3b72ad8fd4b786924e5f81f685a663f7a6cdc14fc9ffe7be0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\tracker-milestone-medal.png
Filesize1KB
MD57b7cfda26d9e37359c6e3e36cba333d8
SHA1e35a64770404722bbd90e2df6e2370b61b21b5de
SHA256918d521185d8fbafe24c2b151b7b6a8d0939a454b14bdb18594e6f90a7806edd
SHA51233a67fa61c594293846d4f57b66821a4fcb50c1b734b84fec7d2a5858fed57e482966159f4869895e4c7c3b6c4c881ce1b1c8bc7cc2e86c5613c4929b73a5859
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\tracker-milestone-medal.svg
Filesize2KB
MD51e89bf2d0bbce7df8472f46f8b4acc7d
SHA19192b23c47c174227a9d308c21f1ff3aad0d71a5
SHA2566f3e6c9c71314393bb919fd98e586d0819fb1accc4ed01662ff3f2c75220a61e
SHA51239b9e779997f14445487a804cc7dee87bc244159f1ab5858cf305672b5857b6d314ed0749be0aefcd24cdf6b5de1158bd71531b2600e3ed0f697b6b0c31da070
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\tracker-milestone-ribbon.png
Filesize1KB
MD5dc7976dc0952eaf15101816cb6abd2fa
SHA105282b84f7eba5593e2b1edb1ca66dc5d8fe4591
SHA256a39905dec7e6e5a521b8553d519b5cd7aced1f15603343eb6e4d666530fd3744
SHA51295bc4abfe255b47b1c4c742cc9e7cd7b79349e45b874dfa58c5020498006b446cf7a41f277e83a736d1d0831bba2d10608be0e72dc52680c08e92b5c2daeabdc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\img\warning.svg
Filesize1KB
MD5d60bc06c2ec496fc59a76d60fac11ed3
SHA1a3327d3adf65d6df6032f4c0e30bb96ba7261cf1
SHA256166e48f491c2cf4858544208342972d4bb7391d24f5a45a2156a37581eb8c1c4
SHA5120caa088d4c14f8c59c58f057e9278e5a7cca640f5b22971a6b7b3110aabd91c9107fa027c55c1ab23d35979a66e9e917a55b006ff2695a997d068418e40faf93
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\absLog.js
Filesize9KB
MD52b89745ecc5de4e13f1fedc43482557a
SHA1ee9101dc206971ff75f18589d0630caba7f480be
SHA2563eda81f84ea2b76545e074d33b55023d781b80d72d2601b234ac9d609486eff6
SHA51232ae9fd14a5ce4c2e8639429162a9b9434ef205b3f4d538c7db7dcf89c0c819c7e09b0be8b67baf5f598e5a4a5049dc7375fd846c344e0c7c8de62eea0dca16f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\background\background.js
Filesize654KB
MD50683bc8a30e5c842dc69834cd7bac0df
SHA171bb1b2f40659e2a52ea810b6580be497a5e8029
SHA2565e6956f28c168c98459b1e3cd6c79aadab906e3d36b2a328da0155a2c9a6b277
SHA512f09938cce5955e2c17b4521ad607a2a7cf40a3c9387ed8c4d2bc05bff22773d1b2550360949c14f291fd4e131625173349d0b9480473699b2f4cab843080d4ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\blocked.js
Filesize208KB
MD54bbcce3657c1e18acebc06f5b06efd6d
SHA1dd72dce88228ed524805cb3389a30afe17f33e39
SHA2561784c13c352e0894f635adc49feb978dffb9e297df0463475973fcf28f0f49f5
SHA51237c460c0c8212b60a6aa05921c255c17d19eb163431e205b8868eefed9f59cd626f6b479ac5902ac5940f307db5497311eb9c61731608cd502b43a4b5c87cf66
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\content\about.js
Filesize45KB
MD5f233e608bc4e2a77a532683a824ad6a5
SHA143d1ff919c1f1ed9561427bc8db8c038fc3f8a38
SHA256d88784529791b189ccc07e6a8da77342fdef534b7c1d4aad4d4aed573211b512
SHA51285b9f960f7ab8167fd212df72ee36455cdf1c8f2caeb30448ecec2f4d55cd8948d7a904b0518cbbd7f4d7f992c9328edf69b4cd226d99f9cbbb942c648b9a810
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\content\app.js
Filesize335KB
MD50e7d00902415353e9d2f26baa1f406a7
SHA1aa2b666e59ca4e1bcc67ee1d6ed8e66c54c5c3bc
SHA256218760626cce8aaab50ebf8d4a50e4fa361048ac210382811b3680593270317c
SHA512b38d75038458d66a60ebef0a3ee11bdedc451869d18acf7b03d479ee3fa4c9db1cf770ecf8d775382e308c085d1fed6ba072602a8076042f616ff94f4e37574e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\content\content-offers.js
Filesize129KB
MD5ae174ef8fc9b5556d35cdbb66efcd3db
SHA1a6e0f69591618925063cd552dd2e6b1e8e80ac43
SHA256e75eccb2a78b3a8448e52d03d22e6c2d0489e4e429f0e5536370f0424fa5b56e
SHA5123d552c1eda031774df63b6b0b4f6815ab5c83712e5a028fb9b3e8fd7848ed3b69ed6897e5972f40625034544f63de3bbd3b7695512555d996de9ad29f370b56f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\content\content-safety.js
Filesize51KB
MD5a5e71adc2dd64778b08ef86d4f3a0916
SHA115a7d9c605212da688f98962de89b17b1d6026d2
SHA256de4a6d7a43e25e94b8ee362d6ffca461067ee096d2981b7c84895fd363bd2d05
SHA51206cfb3f8221535a7b393364181483fef5e0577d9fc8376eb2398003d3ff597d87ef5cf2f6b05b36d5d797d120cee8935c7ba7bea6f770eb7b8024da6ce13a89a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\content\trackerNotification.js
Filesize177KB
MD54f5ae6f0a6ba1506293173ccd7771033
SHA17088679a1c10846a4dc52387fcae540faa765121
SHA2560be4261b6b9c4a2d3643875aa974b00c838083f628e0c80524444da662e0353b
SHA512d6f04f83a40951ce54660ce1fb98614d303130a948a168829a64c46cd9e71f78bbb3b3dbe2ffeeca751c0a09d242593e6ce7c0097354e43fe4ef300f579af1f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\content\verticalApp.js
Filesize332KB
MD5b73f7bd62220b9c65578925cbee1afdc
SHA1784b450b310c76acb222f62cac9bbdc311f03024
SHA256a65f64f7a053d9dabc2c38a7fe3d847161d1c7840ac28b9b74fadaeeb9f3899b
SHA512a01d5402a8f0939ebdd9638218ff6f9ddebb625d1a7119a6f758edb7271134ed178b87863d41835445a758cef64a5d87a930a7a354f9c166f24b14bb8efe0f6a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\modules\offers\content\iframe\external.js
Filesize10KB
MD5e9db2c42f256276317d2a5b8a0298227
SHA1594d0fa32a319c48ec3df9757e09f790f0670c74
SHA2562f9155a3854d87ee4fb9ee6c601f6b0e8b3d82035e844ab7a474f9e3eea1ecc5
SHA512b461c32f0227050914aeb9b9f65633241885e05ad318a900120dd84566e90a6e791e17a4f54e56fc3b691f64b7804e9de1bbe20af47ee7b2d38c0a9058407226
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\popup\popup.js
Filesize357KB
MD58d977bcd481571f1a0f2afb96ae29bbf
SHA180e9c458e3af9cec62dab4d493b83feeefbde161
SHA256867b688b0ca8e66dbb6f98b9455a8bcdcf7e1c22e8f7a6d4ae0b8d14bda0ec33
SHA5124efe04ad875e0ba81fe13d08cbed3c9e58531f4ace7bb9b86e0f4f70223de47218633618753c17d35c42f69d04c5d913101770223c88c400a3e4448ec5042142
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\js\webRequestListenerWrapper.js
Filesize1KB
MD50aa31d222e3e532d08dade874060386d
SHA19f70f33d57063ff00be4a42b904826f0439508bf
SHA2566812d26dea89315371c21370d25d2cf702d2648459571f25c2c0aaf173e8198e
SHA5121abe07a44c5da2bb5ea15ad4f663fb6237a866d40e6f6bcf04fd976af0b1e351c3776f22936ce672e91bacc8c9fe8213ef8805130f7a9095fe0cd95c6d3d8526
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\manifest.json
Filesize2KB
MD5c53baa16050867e10a4ca63e54395085
SHA1809f1522b9aad15092c9d8ae48870bc00c01eb73
SHA256f8cebafa8009406e5a1cc63355c102a8a3a839e93b12922d7345973ca2c0db11
SHA512f5a488d787d4a6a3b24026a1a91cadc249f5914c00e6e9708da290b36240de2a572f87c7691909b16819b0c2cf842f8921ddcbfd8117c1c6f105fe2eef16093c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\offers_js\cms_ao2.js
Filesize22KB
MD5c3c1b39922ad43546db6d0e25259ed1c
SHA12212d82a25efe009f4bd2095f0615c7e6cda52e4
SHA256a12fd518bdadec21a2dcb06c5af2bc42491c4b118d584622d9b383b8fa2ec7e3
SHA51244e6e62a962669184cf5510232484e371a2e9697cc913988bc1f7c360f9894129faa31533fcbb6c116c226ce64084bbc93a259242e12a926137928be94e15119
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\offers_js\cms_aon.js
Filesize8KB
MD59c32a76bd0a53f822a2636d05128caf0
SHA1a5269df2021deb7e53fc6a2e9a096269446d520b
SHA2563b7deb17b3868e08e3b0d0bfa55988e66a1e59bfb2d22479941ef856a35779de
SHA5127d0829ba3a6527f0352892f03365509d06207e5dc15b3942c5cc63905e763826dc9bc4d16a92094a496905844dee9260a4b3c111988cce051b304d459201e5d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\offers_js\cms_ass.js
Filesize8KB
MD5eae4adf3bedc7e449fe9ff1a83cda946
SHA15fee2aa4ff51fc307c554e954713a37b23ab4dcb
SHA2561cc480d6702efdfcbf54a1408fe53cb84749a4ede31600b79ce2c697684ba03a
SHA51227c06307a7009b9c35ab1c7a36b0fc28bc04ef0e8a60a1db419b7a7e3cbc484cef5bda95dc7f7eada74d9dcbda62694ad206464e1ab38ec608e51e24e8c59ee9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir4148_1429156350\CRX_INSTALL\offers_js\safeshopping.js
Filesize92KB
MD50d0f8899de5aa533ad82e135e0bb1cef
SHA15e61091673e64fdfc7352e8277fe1806c9bfaba4
SHA2566b42f062b3d29d10554d1d688b61a549ddb8cd72d3f6945c62dda03359d253f1
SHA51204301400b4bfcde4dd108db6d979299993107aef20fd0a4d05c20e074aa5d9d17d7fd45fb1a5e18c90ae0e4c167002b5942e27800f13558767d44e98b3d4fab1
-
Filesize
5KB
MD5755f214005a86875a9232ae11de4db69
SHA1e575c3d1c49c1ffe247247b0a4937da61e8c4350
SHA2568829ca0f4808e9a40029110acb87cf2f754b6f53f0033afbc03ab6b8df89ba68
SHA5126ae7c49966ad6ee1f79131ec72e0a8727b84d46035990e9a25328383b8b8e7c81222e0c35433258d551cb4abf96f23df1c894b7484b42cf957dcb0c6678c4a55
-
Filesize
6KB
MD58314df9210fc88258713688fbabbad62
SHA164ce96d20ea74dd1bc448e2c2f088535aef9996f
SHA2565f324c4b87ce332d6b37308cd4b9816524b942e4a0b72e36b36072e43769f201
SHA512bbe4ba96aeead3b8734c3228a540259222bd5ee9b2dbe7951b5b9f1639671e3c21251c41d08fde9c640d0371f8dba901b78893e2b3c54541bb80726fd9af6d3d
-
Filesize
9KB
MD5e171fc97be37cec5376c69ddcd124cab
SHA1acb7e8be8f73b120c7f3c7e2b825d1d88192859e
SHA256770461c1052235bf8f7b73ad1c00e197a21041b3eefeb248febd6ffb46060a89
SHA512503cbde26a901607292c75a59841fe6046004ec1f365d3d6dede569323aa6fdc99d07de19a5a422003209455380f8fc7cb8e286eeeecf9d0897f3d485e4268bc
-
Filesize
1KB
MD502ac4edfa546ae9b87083b1bdbeecb89
SHA1b1c62def298d0c9b2f396453c2e0c87661d31f4d
SHA256c27cf795529ed496ddd7422ae27b2a009b32b7d0d74fd8a79cc86045de83a1af
SHA512e3203d0cac3b10822f1df0eea6d7fb3617e585b4ff82c0bb9ebf863bc0fec3855167dba6235401cd3ca7f1e373d53ad5457ff57551a51efae9c141a6039892b8
-
Filesize
5KB
MD51832eb0068be2d9743b3b40f79d80e08
SHA1f7ad9631550c60e3a4e2e198609937044a5a7283
SHA256a0e2541b0ce5fafec38395a5196373998c7175a46d12e577917b5bfb9a5a41ae
SHA5124f16cc11cdae5b783acd3e9ee8db299c7084a9687bff971460d5ddc1ce28d91129729ff43dceccb1db77b9804ac6e18f5f6dd8a2a91342c3ec3c6a011b3896f4
-
Filesize
6KB
MD5833939e95613102682ec5291440b7d4e
SHA189837494b608ff54638389b8c35284cea7ac8172
SHA25665f4994c5c94e038df09f36012c80029d6856bab92a9000cd7fff45fd3cb86cd
SHA512f50994bca60861c21e05f9fff1f6af96673106df6a71197456574b9b3a60c88835a145d2b849fe90fdc2f809dbe18f4a9dc98f0538912f9ed54259b615b0da85
-
Filesize
9KB
MD503ec9d33e20bf10e107aee2f7d3b099c
SHA175d651b701830d9d4a539d6cbfcf1f0df2c71b92
SHA25602983a187d660eee75330cf279f87073cdaddb7829f28b28952802c4af48f06a
SHA5126d6d98f5b824929cb5af085c0805f9ceea7e26dcaaadc80b259201f266daa27b2c4512efdf2021b68bc24ddfae3eb0c3560c6e0562ad270a80c7340a9ba076b0
-
Filesize
9KB
MD5e3818e9f9ffd1aaec555aa32e7f901a3
SHA194ec8719f7936577ed241ab6d72a477864c7771a
SHA256199893add104ea5924d366cdf8b6dd6c9b1f4f15c8026edb4f62df2f35fa1d6d
SHA5122a39bb6bcce1f01b33d23f4a058e0ef5631fb675f23520919ece7104509abc2eed6f9bb452a05d1051d23b2873e9acd7d0d540bc3554528fbc14b7704c25b5a5
-
Filesize
10KB
MD5c4392dfc36913ae27faefcd96ff3e014
SHA1b27c8909f888bd5dbb0ce2d902d14a0780a1eb5a
SHA2564d60d05b24ce1b71fa0df7ed44fbf1c5d587c0eac7c0442b92d34d0de62d656c
SHA5123fbc751bc88bce110e7af45e5990c2502a74379f25d2ec89853f2aac46d3ceaf8d475dc73fb613d435f090b518b5d34c1c4e37f5b3f7ca8e8b5341f6d5a9c7d6
-
Filesize
10KB
MD51436c2d6157d51ef9079a62f3beb1c06
SHA1c23c3e844024119f7052d4ccccdcbf5f4be55f1f
SHA25679baec6e358d46601691711266fd641e21f5f50c2b8f74261b20014b074eb71d
SHA512e6cc75d8f0e224151cff189becbbe762aee5ea29ac755e2e82724e3620a75bcc992e6354fce878bdebd5e0dcebf8dde6623bbe5201ad2cb126fb41693da93354
-
Filesize
6KB
MD52ea8742b936a7eaf7b7dfa405c16f928
SHA1697d9ca9fb69cae66a498ecb1a5b799f01b0d6eb
SHA25606dc95a1a6b11ee9e06c423c4f7e4e1dd414a93ec035e968a52642a036ffde58
SHA512faa78fc1e578cd8eee7abdaac0d4fa973eddec82df1774ab0ce4ba66ccd657c7831dc70cfa6e18efe0ef2f01ef68f4ecaa3ae7db3f0f45aa6b5c70300607fa1a
-
Filesize
10KB
MD591c47b89661ec0b9369a5c4f1f4f587a
SHA1de20b33f4623f3bd2b96372f70e83c9671ea3553
SHA256178752eb6c9fe0c89e5186f4a74f77018c94f0872d4263c237aa02726c884124
SHA512b17f2b964a0e7a5159996428ff507374a794fb172ccfc5d5d38c78b78223852e9d3493dc7d2b6c9188bb2e75757073dd5683b63efde40d51982c168eae0fb76c
-
Filesize
10KB
MD57ebf5b9883d3d879d9601d51cc31b5e8
SHA1f9aa060fab139300b65d2a483947af0564c124f1
SHA25632765d16611ee13d6bea6ca52cb575afb125ab2c54024555bcdb7fa8457e1d69
SHA5122e202efca5b034603c73d93faf1b96cdfa41bfa31ae3c2e0dbc61b7d89185df405a968bc7d654fd69477a44980584006879cecb830fd02aeb41d067018539eed
-
Filesize
6KB
MD536defcbe3b031d0bdf7eeece28178b9d
SHA17a3201abaed792e7ee364fbe211a2d56e1ebccdd
SHA256cc07d34b48875bfced66e388828797151436e97a71c3e7df294c4305376f747c
SHA51227fe91903a02d6f126fcb38c05a3d537a2d0f38773a2bc862dae649bbd98120d322c2f5492271261b5ec018db3eea3a850633b242d52a39eec7cd33cb5bcea16
-
Filesize
6KB
MD512ab190c01d699e1a39d40c305e047d4
SHA177cdbe955142a0e3aea4cfac735f73786906a45f
SHA25641b191cf059fd31f53ab480f19b37941126c71d428d3dcb72ea45b73a68522e2
SHA512abfad161a9f2c85e5a18aa6f59865fdd6bd76a37d13888a2839537a493de6571c62d94ea2808d1c866c4952903995c854f43b24d74b9c69a5c15604ffa6a46e0
-
Filesize
7KB
MD5aefa048aee028b69d89f9250e851d51d
SHA1847d5a8c9af091c91f2472229d10ce8288a2cede
SHA256ae075ba93ef86ae745ccc70f3c3ff6fbc6a1901709bd992c120e6dcda550b0ab
SHA512fd963a7a55de107a32fe599275be404fff4f9af653178502b80643c296522147dc849a750fc7e12100e5ad9b3cc6a54c718c71c5e402da9fdcc21d6c7c02cb00
-
Filesize
11KB
MD5ccb586630ee91793aea4f1968c528de9
SHA123b0b582e759bc84f8c00f74a86b0742bdf19b94
SHA256af62d4d2da273aec6b9bf0996b42828915726d06d947e2ed67a3822d2e00192b
SHA512b048a85a6f9d9fc2a8f15abb6116e143a4a9a2398cc8de6fdbd5db14b11f71123ffbbc6622046d39b3ae07615d105b2b842b9a335a4813d9f1940c1e483ffb52
-
Filesize
29KB
MD5dfa359f9415a2eb0dd04ba374bf0e1fe
SHA18bc2ded36ed5911144a5d5b00bf64ebe0fdf6bc8
SHA25668a74991a69c50d818ab932f76b8a9b7c9435d8b4392d52843d1624a367d03a9
SHA5121cc5e951c84264476747016c25d3d5e0d22955ad8dfcfc37c56be390f178b5109062a438bdd7f23f7c8cdcc6fa0c78000e8b7932602cdf84be72a79cd8d75e5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\43477d0302d0a7e71ec3c75833cf0ab75516eace\index.txt
Filesize87B
MD56f0f91c7e495346051241129cec7fe73
SHA13cdbc5d67a2bff1fa69ca1d3137ec4b8e4e8ab10
SHA2562f4d1fb4e6464a5c3786c11a7c5ad023446413af45d903803e493e85b83df088
SHA512e128a837b25987af1c5fddc73a2ef6d5f566607a6e5b6d606496d5115fd52a9906f82591d07e497466bc41c09639156ab2d5d7a41ea499a4faad620d27bcecfc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\43477d0302d0a7e71ec3c75833cf0ab75516eace\index.txt~RFe5d32ea.TMP
Filesize94B
MD5275d60ee96dd090686ab0c02c35ed4a5
SHA1bf95bb0ea57f218b3bb2985d82a347f562948a08
SHA256725790edcf1bf136b606524db0e5cd4ce2a617fd91a90a5acc574215f87f3177
SHA5121b451e0fdd2386db3288216c8be98c5d60a529de971a831226743992f8c908d1053bdaf91d324b3ed9e6d67a1eb18c6a2335908eb3acd0addcf5d18235d422ec
-
Filesize
204B
MD59c512cfca660f07c4536e7aefc4b9956
SHA1e0480e2c11c2117f5787b00cf5beeff6ca3a49f9
SHA2568fa04f311dfd39b1b72cdad290a569c4b36de6e152e2b4c7466d6f7e7fdf4b18
SHA5124a63e176e615218626501c2b64652f8e43252e32d71401c8ef191194f12cf49750434d7f153ccf6830256ff0a8d1b182d17d8214346719e32bc8ed69453393bd
-
Filesize
1KB
MD5c61bde0f4307d773ffda4eb0cd7cd0a8
SHA198ff989b874e47959341420259d80f3d47c59676
SHA2569c3a19cae1ea0c41791460e17f0f406d3dbdf61400d22f7ac163769deb99e581
SHA5122ad80123ae6ddeeda1351d3fb7aa1c51332b6f17e4efa5a4f70dc9e4cb5a86642e80cd5517c62c956edeeb4ce4a6dfd64b196dc783103e5d0d84a02f14365cab
-
Filesize
1KB
MD5e9ec2fd761697a07b4680fad3a1ce1a3
SHA18e4bc9030aa1e918b4bd8b419de9315c14a169d3
SHA256159ad5d94c5b63f49551ee51bd079121078af37d05f593d760d6c388ade74960
SHA512c917272a2f4e58efd93413bb6a8306865b25b34203332090395670c5e147f350b0aecee56037e238e9e6dbe021cf0768d7d0b3eaf7f5f76b439c605b17b3ea5f
-
Filesize
5KB
MD5b4f3b62bc781d08c7197fbfbe04dbb8b
SHA190c4444d7c2a2a9a25985ef3b1677bb9c4513cb8
SHA25607a724be44bf18e4c5d84781e9f434ca37053214618c630d390b2e65c91f7fca
SHA5122189ebd1377bcaaa65f545fa8e085a84c23b927358a9375e9e6a81f47fd2fd8b181b9ead7b73fcf8079e677ae0065d1dbdf7e9b75b10b429dca1e27abbc99393
-
Filesize
7KB
MD592d40b2a67b8ee7efeb6f32646c7ad2a
SHA14b544d7f12962805ac43e2017470c244ec0d3b41
SHA25626b70e8eff98f5b00e94781bfecd7a838102cd7db19e4035cdda640485bb1c63
SHA5126b69d80ea97406e3e38a265bdd29317d929304a20a33918da555a652b4b39d9eff10e738e574acf80d877fb67bc2557814440f7635a99e1bac45df8982334a0b
-
Filesize
7KB
MD579628aadd64a2fa4f8d76d5dfef48537
SHA144907e57dae958b8a50c54f66dcf211ba2c4088d
SHA256a84b60399505172b282eb25a7131a8d673173e9e44cabe4c28b681d9cded74b6
SHA512ca5c49536071cc6e425163912a1dad7be2e1989c315dd6eced9f7c8f954446ca8e94c47b41a2109e470b03e04bd71d34793b380cc2861fcc0339affa2aefa207
-
Filesize
204B
MD5feeb8e0d351c0993b4567b900febafb6
SHA1ae383787c5ca8f69bbac82deb006f412f5e629b4
SHA25613d87f1d57c42a4865d30ca460b781b0ab08d54b1027824b46e10dea5081c005
SHA5121c535f6b23ac7fb5fe299e02f46c7dbdb8d17c1e077766a68cd78f1e27d2c70ef6f0bf0b4e43cc7e6cd0c385b336a72f94641155cd206b3af7e7e03924bddfd2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b21cf247-19a4-43e0-9e13-4d0600dc6802.tmp
Filesize5KB
MD517f6adb0e2624b00c5363037b338273b
SHA164e8d53d716719ecee2d4c46399975a67d447304
SHA256122fec5cfd54b5940f43eaaa94abcad2eb915ab162cc50e95541f7bfafecbf89
SHA512a53ce73d02ff2f2c55f2c5d737218be42648c1d816a5f5e662272958ad2b126826f37462f8bb21c1fc4d34b935dc6f1f6b1981e64069b0b5bf3a4a209a16156b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5e7724965cbd5345ce0cfd17ff3ea1334
SHA1566eb04431d93b311bf48a8121d2dda0daa5f314
SHA25647dc54ba4ccb3cf10ccb008d6c832c113f47f7126434c651de729cb4f4b363d8
SHA5120b46c84c06e6427ef718ff57fe1a39a65074bdcbda678eb499e54ee01a1974d2336fe2cf9ccd2a740cdf4b395136b350be23fe1eebf2d775869d08c44be3996d
-
Filesize
11KB
MD56b11930e239ff4f55a569ded682f779b
SHA150f34ac3dc55751b825c67d13ec0566970f9cb38
SHA25623431b0d3278b3ef401fe695d80aae2bcf01eb1af89c5460a4cfa83ac080495d
SHA51237846e423bc73e38201d7167edcd0898dae10d4a0625cdb55451bb33e8e039ce21b2f96ffcd5ba631d26563ff19eb50286bc6193d063b87684e697715a91f8f2
-
Filesize
11KB
MD5fe1e34d277e197a2c4d9c312bfbd6bae
SHA144f9dad20c80e9db401a0cc6846205dfddfd136e
SHA2564ada279e46dd36916b22f111db785c59b5368712e73350336bae50d98971d240
SHA5127619bb82a70bea1d24b26afe7e7379fe12d45fdaf0efa9543f43865427d4fba6160fd3416d5f0b2837a4782813b0da0aba852118962707a86e86cbdd7ffaed18
-
Filesize
11KB
MD52166f15a146fb48e0c1baf22ca2319f6
SHA184493406cdd3a907725414908202091b25083a08
SHA25692036d6efbd45326e7b8cea50c848aeb85a1a9774be2623ceeb2ff03f0d9a332
SHA512e57741f9266b5a27edd95da3d29ea4946eb4c6c7b49d680f438b49f7a03523e643f242eb93e376023baa649d18b85c562ce91c9dbce83eb9ccd6e33e983cd33f
-
C:\Users\Admin\AppData\Local\Temp\.CR.15593\45b81f6c-3c11-411f-9bc2-8dfb64ee6981\avira_spotlight_setup_bngb.exe
Filesize33.6MB
MD5f2e5e56528d2370cd61b02b96240ae0d
SHA1c55a009f5e65bd72cd7f8e1c272f1a5775957296
SHA25617b5aaef75da249018544984a19836fcdde30bc772b63ab0220a7d71c3cd3e45
SHA5128267c41d558ed4875b25bda649d1a38d78c666091d18cc2e1a5a43909630c4cd0a9952082231a2a5cd29931a61af0b59fb3a119052264c964c1b2f6f9f9611f1
-
C:\Users\Admin\AppData\Local\Temp\.CR.15593\60ad3b48-c079-4990-be94-fd1ce19755cb\avira_system_speedup.exe
Filesize35.1MB
MD5aaba5dac0f60ea249b7e0f1505909eb0
SHA19899114f0b381ff7ba25849633a36135a0dac5da
SHA25607e0803781af3728a80cdeddd95e26b0b7905b8703e5a46615d4401acf5169ef
SHA512b653693790cbc520774ab72617196a0c7d6fd29a2d989269c421ab98a06f3b0d1e0c958d92fa6dfe822980efe46ec3ffb3dce5334e5def876973745120e90be8
-
Filesize
5.4MB
MD59b41201bb6d9b439103b7a2fb1d41038
SHA1e5c7f61421be5c5b0115c1be03ef1bbe8570c832
SHA256f6d4a140924af35dfbc63729736310737c6356052094b19fddcb6e88d7e210ed
SHA512b06fcbac44b679dace89ad633269f02117aeef19a9fb1d481d19f8d5246c8dfd305eaf228994dce10c9f3c3151bd4aacf82c44e541ba7446b23f48f0e23c3eb5
-
Filesize
421KB
MD50978971940d4d5a4b2f1aedb14f7976b
SHA1490a36216d65f06388544a093c24536a3f176b1a
SHA256b38b05d0e94b7f9083d77a5c19816ef46284aeaeb3f7c52286b010f8e19e42fa
SHA5126dc658918a0e2bc761cf5e8416aafcc92f9583e74a8e08c887e2302f29de729a2909db8f786289ed3ac5ddb54195a6e0a73f9408b6a73d457b8ef7e7121a5243
-
Filesize
367KB
MD53c11528a63ceb45f8f779b2dfa4a3302
SHA1f77e41a0d91e1479d2e20a69f8dabbe768b9b371
SHA2565f8bd349dbe5d0debe87ea19bd30a7f8c508058cc747c333b19e318b3f107a87
SHA5129d9c4cffc484dd51223bc90f541ae3fbc20c677e058b30202dba49871fd76dfd11f20250dcad66444e5de9e07f4359279749c4fcde43b3cfa699e1c9a883a4e7
-
Filesize
1.6MB
MD5fd085ee759a068a6cea1140182991ee2
SHA13661bcb5e0c839891b3781c59a4d5ba93589296f
SHA256110a029e5aef53b87de596baf9f0c50f3a2277aecc23006d2412084575622f06
SHA5121ca7688721be32731043dff66b004eb70ec38c55ff5d1dee977db59694c2a0171e4e14d020fdc2726ad38454bea07e0eaf468021c211f0e27743bfbca43946ba
-
Filesize
165KB
MD5f64511b6e421b0fec09839ac2e6dce9a
SHA1e6606fa0fd86eb5c89b867b45d9062edccdc4378
SHA256ec1f7c34c317d259f080a266edb40c490143ed5562da64dd544b94eea9e34a35
SHA512f385d21f04c5d9b1cd9adf71043c1685faa5ae32dba254f9ee176f96712fd895fee2d9be7548f51c1589d74af7b682f952154f54f4fa608f455a765a8b3689ec
-
Filesize
435KB
MD5b7ce4520c6ede9e9113f70d1eeb5240a
SHA17e5e0e4f28207c4aa8dab9877b94d304a0854965
SHA25630b1e00d898ce47eed2a726692fe72713ec9541fead6b03c36ddfdb354183fc5
SHA512022c30a14a030021b12fbf97013cec5a8a4ea4d533b13779b96b8c900a9041e773cb884b88ba31e6fa0087969541572423ef55c225779b8a32d87345e3cb8c92
-
Filesize
69KB
MD550f6c7b1bf71c67c6013b6e87014d5f4
SHA1157fe445e24889eb05ad78c0daa0cfcdeac83676
SHA256e0f0690819e3edc72c63d2307dd5ae4dc5581f1e2e719ed6219edb7ff4f5c70e
SHA512c0f676ce3b246530229261ca84f8544c62c0793423272a1995cfe67ba5fbf00529f9af4ad068d4678c2f0aa9343eb6efb3117922a8ad86bfdbad118a2e805231
-
Filesize
32KB
MD5b2a484f576060fce5321360ba8acdcea
SHA1990f8ec627bf06d1300e2135454137b7bd0a5de6
SHA256324433bdcbe364dcd5db1601bb51e802e15f421764225c8b7541ef2c5b36115b
SHA512803c4d436da8bad7fae402a97733fa3dd70f84c21449462b151eda68e7a19d46962b935b3d001ca96cdb724f22bc9f297b2d59ebb1396321e485e5ad78ea8ace
-
Filesize
179KB
MD55665aac435c64a4357651acae244f5a9
SHA1211d1fbba370c0aad06693a39f31de61038d3800
SHA25611a6eefc3af43054e14483174adf8b4ced5ffdf4e677e44dcf67da50d6d0901b
SHA5122be2b3e580841697f892ac2707127972287cda24ad710f2287830c268005cc00b63edb3287080d00a27ff9859bb494bd399ca2ed501d75984a271ca2356d986d
-
Filesize
254KB
MD5621a011243ad64d0984a84ad4e1c0f29
SHA13d61e2f96c767567f1c029455398521cc7cb6d4a
SHA2569d805c5e9791e16bd6e5f2ceb6a12dd4eb23fe30372163e0d099f50aee3de34b
SHA5121fdab1aff6e64af234d68bc83add1b919a575639c46ff65a6f6f61af117f23a92135469b27b7a6d623399296b98ea293f573672f382359fdf52433c6142605b1
-
Filesize
1KB
MD549f6b82fefad3dde2123425180532b00
SHA1ce6d9882b5a9a1e985cf1666c164ed4a85780049
SHA256999d6590a979b337448a27588af2f3c567fbc6c137d46ce97fbe58de7772776d
SHA512a4a89bebc182b452197b2e715551315fbe4f6cc707c388bb742b480c505c0324f2784eaf38c487e3df91433ba82d0c3736627c243159cea1d90d9c2bdba4ccf7
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
8.1MB
MD5a684051203b09e677f75bf0f36a53f66
SHA1193ba61f821d541322ca2670e2bf31193390b629
SHA25634e1945e291b49127be39fa58e5fcfd68cf04948fa9f3dc5fb2e077a7f904409
SHA512511f83e99d8da3076c70b45a89807ed4f9a4584c5f624dd24455c844a30534d4baa72849947eedf01b0c31f431d1f6faa8aec94c9150c95d09e67eb73c5c5792
-
Filesize
4.3MB
MD5b102cdd8d737a4bbdb6f661361277813
SHA1a66c7d08024945dd18f8eede13781e24289595c3
SHA2561ffbe30a177463c76d6b48d92a0f4c87144d01d7a159463012e1377c36f69280
SHA512adbb0e90ca2e29aaaac7968b9af4984ffc012b7eb79f8d11cb3e1f4510c8a7240acbe75febc651eb489402cac2d037223870e46482bb45cf409242cc3e6daa46
-
Filesize
2.3MB
MD55a0d834ea87899647b79051b170aaf7b
SHA18a3759c32de03d3c551d41e85d1e242516a3b016
SHA256ecc78f79182ce9ce75efb8a2ff9a7fb3fa9d76290837771dc286154fc2d7bc07
SHA512e583f21d661d487c091c98b92d6047e715290dadaf6527812a15635c94e3ebb7736fe85a10c98695faf5a8e1432b2fbf70a14bf7d885798cf3111b9293b2c831
-
Filesize
1.8MB
MD508526c43dba41d8b40d98c4a33e3850b
SHA1403baa8e261b93f83a22c577d39f53c108cbe9e4
SHA2565616c3955183ef70cf911cb72f6d55277c95dac4cca5fd19edfa14b2d657977d
SHA512a3417ded6762e544faa4519c20823829b7a135fe3fe9643f2d63be1d67adc508b194d7d7672006d24b9b3560be32e0ed635c0b6a1f649f0a96ae93422dfc0ff6
-
Filesize
213B
MD5084e6401c611027c7a37ced03dc4cad6
SHA1fb43defd1877aa79f7721487cc4dea82763e1f32
SHA256b129c59e3a5c93071f454754c4e9c9a985ec86f9426ddc1a781938dbc6047344
SHA512a9c896612d57dee55503869f6e91c68da3029b2b083ce2a672fa1875ed3153bbd71341c4df2a060c17c90610cd403e24546ae364782a62085c3868e118d0a3cc
-
Filesize
235B
MD57d1f1a13ab9860f983720e6fbc3bd93b
SHA150911a792e81c14a376fc32a22ccd22f0e05aadc
SHA2560c27964dbb0e474e06a06cbf50c5720058a9c3e6f8dd69c27350bb47f59af2fb
SHA5129940b947187abec73c154f59915cc36bc916ede860c907bf591fb71696878840eea2d1fc7fe012dd6ca7d7e8a25af545374747226054c877a2704b3e82cfa49f
-
Filesize
208KB
MD5252fd89b64e3d3ee049e24098907716a
SHA170c2f95c7ee683bb4b7b563fb606ec16fa612d3e
SHA25626eba787912ef87717430e78b53dc832bd6290db089c742526933e8d8711f660
SHA51220d35a34598a5465fd2e3ba4e5cce61fc2d0d1ddb7f8165b98f7b30864b9dac9b0d2eb9800e62593b60e4b8afed6297fbd2da3f54011c02ce0284d612e887dea
-
Filesize
10KB
MD5869c9f7ad6d54c1e14e94b7fcf90f6dc
SHA159ed7c434f978caf6a6e0d7d59e9d8286e89a351
SHA256755d8a77d768cc7059cf32c28ae7a25d6d54a5f4b9841384457f459d18cf38eb
SHA5129c7bd91bb20403742f6ef03314732e8f7a426561a59ab9ed8b3316a704d623147d5de3f46bfd7d8e529d93048aa877599dac555f669fb920e719dd7a3d332ad6
-
Filesize
54B
MD5b176b474414092f01ce861f9da4bf2a2
SHA1d175c77bf023434e6bdd14697d12653a4d397755
SHA256e61a1a270d678bc281c6d857da661c2b9ab77dec18f2723dcc106463e1911c63
SHA512692fe6310ef028b4ee7fae0d363947084fc1bda5d95b3d9f2c52882e02e75fbeae88b6fcbcf7e954400eda5f66634a45bf2eec022da1cca19cd64cff9600842d
-
Filesize
4KB
MD55c96abf57abfc0c8d233a915d8a45278
SHA1dfb82a20642c8569408cc58e1f5329f4bd530e3b
SHA25698b0a8047168a3c7424df463c1959578103360e8ccddd76575da1ad4addaeca7
SHA512ff6c9d771be44ebbbac173135d86b840c74f0bbb2f72992f2151b9ad034c22a2da4e53c89fedbe68d0a31292b325e255d739d47d291fd3b614d18df9caf301a6
-
Filesize
173KB
MD50fdc85565c94032f4dce86a7a787b8b6
SHA117401e40e8d4e255abc54b655e902cea6aa38979
SHA256a07ed2044e8cf301e20489b27940818bfb7d77338fdfdb8e0ff7554d1fbf6a49
SHA512f61ffb25c80081657c59cc4265f02f53b0d16ef4dac6546327f6e8f6fbf36b1daa246d22f258c06e8aa0eab873a434d66584314f076c37418d6a1c7d60bd3c28
-
Filesize
5KB
MD54672ef0eaf7515a69409c9c0fd3e62bd
SHA1ca920038f11d0ae10069b87f0ee32260a0d0f523
SHA256593ba5536ea92a87e55004874648ff12f096c71bc4dc81c084f0c59cf662cef8
SHA512304c5f7440e6e38127594892d993c740ce338f3b12a64923ab6793936126d0f68df27f83d0213f85926a15564ce84e81401e06448ff8fbb0d92b871db984e526
-
Filesize
14KB
MD57a3e8afd3d8a6281c2e4ec315ee78fb9
SHA1c08cda369d09232f4beb9db962a3ee21ef016bf9
SHA25692e5d77400aa83415876f5a8d78c55c27bf5d47a48b99b73cb36f0088cee2c5f
SHA512aa77695cabe2c9d6fd8a7a68735fc7152c36ba649f49c876d716eadadb99a474cdb7ead4c4a73abcf41c0b1d40a2ea7e218956be2be790ee0abc1a05801bc8d4
-
Filesize
88KB
MD531c7feb42feac79c49c294d7e2360786
SHA10bd82189e7dcdec830e87fc70f775900db706f6f
SHA256dc007e1b0c1d61d2ed7c00f7c3c4deb9831a1e622fb1cd68900d9bd330d38e24
SHA51252171e3dda6cad189929da6ab44eceae84872e7f70d5339cb85855d25c6a9b5d035a32c71d33cec72d324f94b695e4c9cc55c23299c339dd216713364c757a34
-
Filesize
52KB
MD55eff50079fc107ded28bfe8cea8a8687
SHA1c9ed85de0c4162bf3b575571ec8877391a2a9f66
SHA25684fbe1ed16cb1614d369b40a31b63de5c3e5bf0305cd7d9a16195ddcb8637935
SHA512817ad9b4e6383c8085763973388dd0fb620dba69e2897cfd3f95a69efb50e939a359fa713c939131b74c513367db1e88f16f7c35e539eec4ec3bc05e85a60536
-
Filesize
1KB
MD516aa6b7a57ed00862d0106da2ea9281f
SHA1229472fd4759a6ede4acff8c5841b2922ddb5b66
SHA256ea2299d44948ae88d95e31cec8677f05a2174b70b896465ad787e19143eafe6f
SHA5128b3a3a138a1ab98658502cb90a3cdd650e7092b1181477d86ecfcfaee18589178f714688a58fe2c924b46f834ce29faeacf0fb3413e1dcba0077739f8b47f301
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD56162f4158ec971922e2867533e2d2e8b
SHA11ccf62a575017b3ba98748a95485166eae85314b
SHA256ce7fcbdb9d742f56f82b52ee4bbe8657b64b06ff1c34e2dbbf5df57e252bb5d2
SHA51216d7bbe3461680c0d1d9fb0b222aa1faf3edabcfbcb3cf99073d59ad577a5463bf9d0f11e9913d5019bae18c1b53ba49f01c83fb0fa276d2ce73315d5ecbf4f5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5c91b1befc24253156c5f81e920cc1805
SHA1c3e7db93a3ca8128aa2a596079601d3de6d2c2b6
SHA256bda21639962ac3b736eb7d4dcaba86839ebc6d4a5d7fac33f287a307532bf0de
SHA512fccd462eed624757baca62dadcd9f206cad7e575cc5298302c40d59ec64ee282fac4a3431424fd2d6311964ee216f6e2f2f70091933fdc6f656db358f1f5be40
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD51defca422b52e22d8cc0f3312f1fea83
SHA1ba7c280d1382bf8329d4d5ce5907e4eaab828314
SHA256c74eb5021d8b70d8376725dbb41e33ec28c3484745eb84d3113f64571eac31e2
SHA5127f501bf3acbd774003efec6a7d1cddf9f9f2105b0fa9fab4476a9669d2bc14fdcfda4925eb91f817bd6a2a81c458cfc5f3d8d0cddc5458838769e08899b0c177
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD56110cb7e181b533699df893dac41e20e
SHA1f535c01299b7275a80f6e92eca70d0f46c068026
SHA25642b5f54cad1efbb2df823b83eb421b1403ebbef9ce2ab6eb44124c9de0f20c70
SHA5127cb27e2deb35ce2146575eaaa92b67e9b227db99d81f297bf5f1d0a2c1388ae91394d5c983a5662a44546bd91e479e3dfa96e9c5a30f7502ff5e1329f98cbda3
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD54832fba5bb0cc5980951637c5cc1f543
SHA11e7b8f3fe5128a8fbe0564f1df0d5cbc36574955
SHA256f94c877405e1c0cd9c94671b7cde5e76e30d507a768ab98a5603293fb4502101
SHA51215c014fecc28a8859f9ed2beca9ccc2059ccf67d4b0f760edb2922dadd31e81faf2e041baede10014316a71da11aaf998c320af1a59349aea1ef1319e0b153d9
-
Filesize
14.5MB
MD5924bef1d7b318c3c030f95c15270ca4b
SHA1bae27575f02f88c2e9629df1af8969b7c64aab9c
SHA2569433abb29b2f7fa2d4cfa43526c5c00b0a1c1ba82ce516b26390dffd01ff8314
SHA5123e3a4e42f2d17dd79043780a72d97b7cdc2c88ee136ccfcb894cdb4c04ca092262994baf07b365a514c0ec8b3217b4d1333f74d425cf7781b6a18d04a1435d24
-
C:\Users\Admin\Desktop\@[email protected]
Filesize933B
MD57a2726bb6e6a79fb1d092b7f2b688af0
SHA1b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA5124e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54
-
Filesize
3.0MB
MD5fe7eb54691ad6e6af77f8a9a0b6de26d
SHA153912d33bec3375153b7e4e68b78d66dab62671a
SHA256e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA5128ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f
-
Filesize
282B
MD59e36cc3537ee9ee1e3b10fa4e761045b
SHA17726f55012e1e26cc762c9982e7c6c54ca7bb303
SHA2564b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026
SHA5125f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790
-
Filesize
37KB
MD535c2f97eea8819b1caebd23fee732d8f
SHA1e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA2561adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf
-
C:\Users\Admin\Documents\@[email protected]
Filesize240KB
MD57bf2b57f2a205768755c07f238fb32cc
SHA145356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA51291a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9
-
Filesize
6.4MB
MD53ad6f1d43acfdb4533ade2e597f09ecd
SHA1295d0c6098f19c81c48a40db7a97a88b4f0632f2
SHA256dba4515014a26c44fa8cf4c7f2502bfc29855879e5c890e037e24d09fc757cf8
SHA512405f9e510612899c1b1a79bcb1846f0c283e173b7a7b57de307a3c72d5462ccc323a7a93d69528bb461cdc24e4e22c7038f17276daa3bb31a8862fa6c26bd4bf
-
Filesize
3.4MB
MD584c82835a5d21bbcf75a61706d8ab549
SHA15ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA51290723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Users\Default\Desktop\@[email protected]
Filesize1.4MB
MD5c17170262312f3be7027bc2ca825bf0c
SHA1f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c