|
Diskussionsforum: Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführtWindows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben. |
27.06.2021, 22:47 | #16 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Addition Teil 1 Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-06-2021 durchgeführt von thoma (27-06-2021 23:42:17) Gestartet von D:\download\+++ troyaner +++ Windows 10 Pro Version 21H1 19043.1081 (X64) (2020-09-06 13:20:58) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-4198695647-2910091461-4277131257-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4198695647-2910091461-4277131257-503 - Limited - Disabled) Gast (S-1-5-21-4198695647-2910091461-4277131257-501 - Limited - Disabled) josef (S-1-5-21-4198695647-2910091461-4277131257-1010 - Limited - Enabled) => C:\Users\josef maxim (S-1-5-21-4198695647-2910091461-4277131257-1005 - Limited - Enabled) => C:\Users\maxim sandr (S-1-5-21-4198695647-2910091461-4277131257-1003 - Limited - Enabled) => C:\Users\sandr thoma (S-1-5-21-4198695647-2910091461-4277131257-1001 - Administrator - Enabled) => C:\Users\thoma WDAGUtilityAccount (S-1-5-21-4198695647-2910091461-4277131257-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 1&1 Upload-Manager (HKLM-x32\...\1&1 Upload-Manager) (Version: 2.0.676 - 1&1 Internet AG) 1&1 Verschlüsselung 1.0.4 (HKLM\...\{1und1Tresor}}_is1) (Version: 1.0.4 - 1&1 Telecom GmbH) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated) Adobe Connect (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Adobe Connect App) (Version: 2018.7.10.32 - Adobe Systems Inc.) Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated) AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.74 - ASUSTeK Computer Inc.) AIOZ Node 0.6.0 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{1f0f3aff-318d-51e5-9646-f552872d8302}) (Version: 0.6.0 - AIOZ Company) Amazon Music (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Amazon Amazon Music) (Version: 7.9.2.2161 - Amazon Services LLC) Amazon Photos (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Amazon Photos) (Version: 6.3.4 - Amazon.com, Inc.) Anaconda3 2019.10 (Python 3.7.4 64-bit) (HKLM\...\Anaconda3 2019.10 (Python 3.7.4 64-bit)) (Version: 2019.10 - Anaconda, Inc.) ANT Drivers Installer x64 (HKLM\...\{16BA964D-698D-4663-8FA7-B9613DA7958B}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Any Video Recorder Version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.) AnyMusic 7.0.1 (HKLM\...\4e5f07cb-57d0-511b-8d72-f92e9ac978dd) (Version: 7.0.1 - AmoyShare Technology Company) ApowerMirror V1.2.6 (HKLM-x32\...\{a9482532-9c34-478c-80c3-85bdccbb981f}_is1) (Version: 1.2.6 - APOWERSOFT LIMITED) Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.6 - Ashampoo GmbH & Co. KG) Ashampoo Home Design 5 (HKLM\...\{6FE137BD-F8A3-4995-B812-04928FFD3D73}_is1) (Version: 5.0.0 - Ashampoo GmbH & Co. KG) Assassin's Creed II (HKLM-x32\...\Uplay Install 4) (Version: - Ubisoft) Audials 2021 (HKLM-x32\...\{AB220426-B935-4321-BEEE-C463F0EB7A94}) (Version: 21.0.135.0 - Audials AG) Audials Music Tube 2020 (HKLM-x32\...\{C713B2DF-BAF9-4A3C-96FF-1390589EF4C3}) (Version: 20.2.5.0 - Audials AG) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.05.25 - ASUSTeK Computer Inc.) Aurora HDR 2018 (HKLM\...\{BB7ADD89-7C4D-430B-9D3C-8597736DFB4E}) (Version: 1.2.0.2114 - Skylum) Hidden Aurora HDR 2018 (HKLM-x32\...\{66060156-f85d-49d2-a414-29e2b65b7e27}) (Version: 1.2.0.2114 - Skylum) AusweisApp2 (HKLM-x32\...\{27284E9D-0BCF-441A-82B9-5B96F5C09701}) (Version: 1.14.0 - Governikus GmbH & Co. KG) AusweisApp2 (HKLM-x32\...\{F08F1F50-C989-4E8B-A74C-A2FFABF590FB}) (Version: 1.20.1 - Governikus GmbH & Co. KG) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.4.2464 - Avast Software) BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.200.0.5201 - BlueStack Systems, Inc.) calibre 64bit (HKLM\...\{839721E4-35F6-4563-A3A0-931603356771}) (Version: 5.17.0 - Kovid Goyal) Cloudevo 3.5.4 (HKLM\...\Cloudevo) (Version: 3.5.4 - Evorim) concept/design onlineTV 15 (HKLM-x32\...\{C9F7D843-78C5-4A81-A350-D39F00E80178}_is1) (Version: 15.19.9.21 - concept/design GmbH) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Corsair LINK 4 (HKLM-x32\...\{7fcaaab1-7a64-4d52-b622-00a41e3a5641}) (Version: 4.9.0.57 - Corsair Components, Inc.) Corsair LINK 4 (HKLM-x32\...\{C636E92F-74DD-42A1-B614-64BC42D2DA3A}) (Version: 4.9.0.57 - Corsair Components, Inc.) Hidden CPUID CPU-Z 1.81 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81 - ) <==== ACHTUNG Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.4.0 - cryptomator.org) Cryptomator (HKLM\...\Cryptomator_is1) (Version: 1.5.11 - cryptomator.org) Cut Out pro 4.0 (HKLM\...\Cut Out pro 4_is1) (Version: - Franzis.de) CyberLink PhotoDirector 9 (HKLM-x32\...\{90BB14DB-2494-40fe-AE58-4930B3CFB4BD}) (Version: 9.0.3913.0 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Darksiders II Deathinitive Edition (HKLM-x32\...\{790F3B07-FC9C-4EFE-BB66-32BD348A9D23}) (Version: - DVG Nordic Games) darktable (HKLM\...\darktable) (Version: 2.6.0 - the darktable project) DaVinci Resolve (HKLM\...\{DA0D6D0F-D6C0-4718-81F7-4C49B1A2517B}) (Version: 14.0.1008 - Blackmagic Design) DaVinci Resolve Panels (HKLM\...\{6A8DCCDF-BC76-4964-B429-D74E5FC11E98}) (Version: 1.1.1.0 - Blackmagic Design) DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.1 - DB Browser for SQLite Team) DDBAC (HKLM-x32\...\{3D339F02-6D1F-41D8-B315-F104815AF293}) (Version: 5.8.3.0 - B+S Banksysteme Aktiengesellschaft) DDBAC (HKLM-x32\...\{6289552C-70E8-4537-A808-31A94324F81F}) (Version: 5.7.85.0 - B+S Banksysteme Aktiengesellschaft) DDBAC (HKLM-x32\...\{9C3AE26C-7641-420B-B2AC-E737324D6567}) (Version: 5.8.4.0 - B+S Banksysteme Aktiengesellschaft) DeepL (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\DeepL) (Version: 2.5.1 - DeepL GmbH) DFUDriverSetupX64Setup (HKLM-x32\...\{D662C345-04FD-4F6C-AB68-B9BC6D6A5D2F}) (Version: 7.0.32822.0 - GN Netcom A/S) Hidden Dia (nur entfernen) (HKLM-x32\...\Dia) (Version: - ) Discord (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Double Cross (HKLM-x32\...\{E3BC3283-5464-4946-80B8-8AC1401F7B16}) (Version: - Graffiti Games) EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies) easyHDR 2 (HKLM-x32\...\easyHDR_2) (Version: 2.30.6 - BRTKSOFT Bartlomiej Okonek) Electron Cash (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Electron Cash) (Version: 4.2.3 - Electron Cash LLC) Electrum ABC (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Electrum ABC) (Version: 4.3.2 - Bitcoin ABC) Elevated Installer (HKLM-x32\...\{877496C2-70B0-42F1-835A-FAFE2CF0199C}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden ElsterFormular (HKLM-x32\...\{E87F334F-CD4E-47F3-AFCD-19EBFCFFA6A3}) (Version: 21.2 - Thüringer Landesamt für Finanzen) Epic Games Launcher (HKLM-x32\...\{F25ACB37-FF26-467D-B5DA-15E81F4A1771}) (Version: 1.1.257.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Eraser 6.2.0.2991 (HKLM\...\{D13C63B1-1968-466D-A3C4-AE78BDDF35D2}) (Version: 6.2.2991 - The Eraser Project) Eudora (HKLM-x32\...\{4D6F8246-E01D-4877-ACA7-949E5CC7D04A}) (Version: 7.0 - ) EventReporter 16.0 - Build 421 (HKLM-x32\...\{CC20E766-AFD3-4150-9410-8C24B9D1E728}) (Version: 16.0.0.421 - Adiscon GmbH) Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.94.416 - Digital Wave Ltd) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - ) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\195fa74437467f40) (Version: 2.3.4.0 - AVM Berlin) GameFirst IV (HKLM-x32\...\{3A6CC7B3-FD9C-48C1-A1EC-46A5B677E739}) (Version: 1.6.6.0 - ASUSTeK COMPUTER INC.) Hidden GameFirst IV (HKLM-x32\...\GameFirst IV 1.6.6.0) (Version: 1.6.6.0 - ASUSTeK COMPUTER INC.) Garmin Express (HKLM-x32\...\{235f2ee5-7383-44df-a298-01221caa5532}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{E944FA32-8BCF-474F-BFB2-D1EF24555873}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden GeoGebra Graphing (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\GeoGebra_Graphing) (Version: 6.0.387 - International GeoGebra Institute) Gigaset QuickSync (HKLM\...\{8029c171-7eda-4dec-8d67-e7f1b33c8861}) (Version: 8.6.0876.3 - Gigaset Communications GmbH) GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team) Git version 2.31.1 (HKLM\...\Git_is1) (Version: 2.31.1 - The Git Development Community) GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.318 - SecureMix LLC) GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.27 - The GnuPG Project) GnuCash 4.4 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC) GoTo Opener (HKLM-x32\...\{2C183CF0-3077-43D0-B001-F93AC5E68942}) (Version: 1.0.487 - LogMeIn, Inc.) GoToMeeting 10.15.0.19228 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\GoToMeeting) (Version: 10.15.0.19228 - LogMeIn, Inc.) Gpg4win (3.1.15) (HKLM-x32\...\Gpg4win) (Version: 3.1.15 - The Gpg4win Project) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.53.3) (Version: 9.53.3 - Artifex Software Inc.) gsview (HKLM\...\gsview 6.0) (Version: 6.0 - Artifex Software Inc.) HackCheck 2018 (HKLM-x32\...\f9a6b7ed-0223-427f-8e72-61c38d4aa8f1_is1) (Version: 1.08 - Abelssoft) Hauppauge WinTV 8.5 (HKLM-x32\...\Hauppauge WinTV 8.5) (Version: v8.5.36354 (Premium) - Hauppauge Computer Works) HBCIFM99 - Service-Update 1.1.1.20 (HKLM-x32\...\HBCIFM99 - Service-Update_is1) (Version: 1.1.1.20 - Dr. Ulrich Amann) HBCI-Modul für Money 99 Version 2000 (HKLM-x32\...\{8A13EBF6-6249-4C0D-92BE-F8497C922311}_is1) (Version: 5.1.0.17 - Dr. Ulrich Amann) HDR projects 4 (64-Bit) (HKLM\...\HDR_PROJECTS_4_2_3BF7CE82_is1) (Version: 4.41 - Franzis Verlag GmbH) HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP) HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP) HP Photosmart Essential (HKLM-x32\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP) HP Scanjet 8270 9.0 (HKLM\...\{FF149BEA-287F-4cf6-A1EC-9AB6E9CF1399}) (Version: 9.0 - HP) HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP) IMAPSize 0.3.7 (HKLM-x32\...\IMAPSize_is1) (Version: - Broobles) Inkscape (HKLM-x32\...\Inkscape) (Version: 1.0.0-rc1 - Inkscape) Intel Driver && Support Assistant (HKLM-x32\...\{C38DE4F8-DF58-4B5D-9D4C-1F68773A2AE2}) (Version: 21.3.21.5 - Intel) Hidden Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation) Intel(R) Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel® Driver & Support Assistant (HKLM-x32\...\{9360c8cc-b617-469a-bb35-829c13e21d97}) (Version: 21.3.21.5 - Intel) IOTA Wallet 2.5.6 (only current user) (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.5.6 - IOTA Foundation) IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan) Jabra Direct (HKLM-x32\...\{999d698d-2e2a-4018-ac07-3e90c78e5327}) (Version: 5.5.37716 - GN Audio A/S) Jabra Direct (HKLM-x32\...\{CB9B5476-F6A2-49BD-A87C-7B9B16729B69}) (Version: 5.5.37716 - GN Audio A/S) Hidden Java 8 Update 291 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180291F0}) (Version: 8.0.2910.10 - Oracle Corporation) KeeForm 4.1.0 thoma (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\KeeForm3KP2 thoma_is1) (Version: 4.1.0 - keeform.org) KeePass Password Safe 2.48.1 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.48.1 - Dominik Reichl) KeePassXC (HKLM\...\{ECCC6E1C-C5D1-4B71-94B0-B2F713AF9036}) (Version: 2.4.1 - KeePassXC Team) Kite (HKLM\...\Kite) (Version: - Manhattan Engineering Inc) KNIME Analytics Platform (HKLM\...\{61835C86-6D51-497F-A6BD-F0B4A8F0014A}_is1) (Version: 4.1.1 - KNIME AG) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare) Luminar 2018 (HKLM\...\{935AB8A6-0E0A-41E4-BAC3-5EBDCDC7F766}) (Version: 1.3.2.2677 - Skylum) Hidden Luminar 2018 (HKLM-x32\...\{cef6a17e-c579-49aa-beec-ea478a12248e}) (Version: 1.3.2.2677 - Skylum) Luminar 3 (HKLM\...\Luminar 3) (Version: 3.2.0.5246 - Skylum) Macrium Reflect Free Edition (HKLM\...\{E10EA502-8814-4DA4-8989-A8B1B38600A5}) (Version: 7.3.5321 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.3 - Paramount Software (UK) Ltd.) MAGIX Cloud Import (HKLM\...\{E2EC0850-84BF-4A86-842E-4A100473FB22}) (Version: 0.1.0.5 - MAGIX Software GmbH) Hidden MAGIX Cloud Import (HKLM\...\MX.{E2EC0850-84BF-4A86-842E-4A100473FB22}) (Version: 0.1.0.5 - MAGIX Software GmbH) MAGIX Connect (HKLM\...\{B0C73D27-EB3E-4D0E-B40D-0141DAF708CC}) (Version: 3.0.0.1 - MAGIX Software GmbH) Hidden MAGIX Connect (HKLM\...\MX.{B0C73D27-EB3E-4D0E-B40D-0141DAF708CC}) (Version: 3.0.0.1 - MAGIX Software GmbH) MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Photostory Deluxe COMPUTER BILD-Edition (HKLM\...\{C612F6E2-77DD-4C3D-A13E-ACBEF750C451}) (Version: 18.1.1.53 - MAGIX Software GmbH) Hidden MAGIX Photostory Deluxe COMPUTER BILD-Edition (HKLM\...\MX.{C612F6E2-77DD-4C3D-A13E-ACBEF750C451}) (Version: 18.1.1.53 - MAGIX Software GmbH) MAGIX Soundpool Music Maker - Feel good (HKLM\...\{DFEE4333-B802-4E27-9521-2D9E970B7813}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Speed burnR (HKLM\...\{370FD2B5-6A2F-4BB9-8B5F-F5CE6F0C01E5}) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden MAGIX Speed burnR (HKLM-x32\...\MX.{370FD2B5-6A2F-4BB9-8B5F-F5CE6F0C01E5}) (Version: 7.0.2.6 - MAGIX Software GmbH) MAGIX Video deluxe COMPUTER BILD-Edition (HKLM\...\{BA25FF95-1BE8-4F11-9598-32F3755CDE31}) (Version: 18.0.1.209 - MAGIX Software GmbH) Hidden MAGIX Video deluxe COMPUTER BILD-Edition (HKLM\...\MX.{BA25FF95-1BE8-4F11-9598-32F3755CDE31}) (Version: 18.0.1.209 - MAGIX Software GmbH) Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) MediaHuman YouTube to MP3 Converter 3.9.9.36 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.36 - MediaHuman) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) MicroSIP (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\MicroSIP) (Version: 3.20.6 - www.microsip.org) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.59 - Microsoft Corporation) Microsoft Money 99 (HKLM-x32\...\MSMONEYV70) (Version: - ) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4198695647-2910091461-4277131257-1003\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4198695647-2910091461-4277131257-1005\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4198695647-2910091461-4277131257-1010\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{82f2609e-68ba-408d-963f-530ad8809435}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.53.2 - Microsoft Corporation) MiKTeX (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\MiKTeX) (Version: 21.2 - MiKTeX.org) MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) MiniTool MovieMaker (HKLM-x32\...\{MT-39B9213B-B182-41FB-B149-CD1016372F9C}_is1) (Version: 2.5 - MiniTool) MiniTool Partition Wizard Free 12 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited) MiniTool ShadowMaker PW Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 3.6 - MiniTool Software Limited) Money-Browser für Money 99 Version 2000 3.1.1.1 (HKLM-x32\...\{E9E9FCFC-9F1A-4EDC-8400-2EAB5A9DEB4F}_is1) (Version: 3.1.1.1 - Dr. Ulrich Amann) MongoDB 4.4.1 2008R2Plus SSL (64 bit) (HKLM\...\{B14F9AE3-91C5-4D56-A2E4-0DE06F6DFD36}) (Version: 4.4.1 - MongoDB Inc.) MongoDB Compass (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\MongoDBCompass) (Version: 1.22.1 - MongoDB Inc) Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MovieJack free (HKLM-x32\...\{13a69dfb-9889-4340-8dd7-5855426ffcc7}) (Version: 4.0.7026.23051 - Engelmann Software) MovieJack free (HKLM-x32\...\{3A66BE6E-7F93-4949-9FCF-431309676FC0}) (Version: 4.0.7026.22792 - Engelmann Software) Hidden Mozilla Firefox 89.0.2 (x64 de) (HKLM\...\Mozilla Firefox 89.0.2 (x64 de)) (Version: 89.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0 - Mozilla) Mozilla Thunderbird 68.12.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 68.12.1 (x86 de)) (Version: 68.12.1 - Mozilla) Mozilla Thunderbird 78.11.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 de)) (Version: 78.11.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSYS2 64bit (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{fe30c1e5-3249-4a26-b3ff-ab923261cff0}) (Version: 20161025 - The MSYS2 Developers) Music Maker (HKLM\...\{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.2.44 - MAGIX Software GmbH) Hidden Music Maker (HKLM-x32\...\MX.{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.2.44 - MAGIX Software GmbH) NAPS2 5.3.1 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) Neo4j Desktop 1.3.8 (HKLM\...\14c7e06f-6a3b-5e4e-9e0c-ebe055b1b752) (Version: 1.3.8 - Neo4j Inc.) Node.js (HKLM\...\{140389EF-5573-4B66-9218-B739F767AFBD}) (Version: 14.17.0 - Node.js Foundation) NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA Nsight Compute 2020.3.1 (HKLM\...\{1259B3DA-CFC4-4BEE-8DBD-B497981D2047}) (Version: 20.3.1.0 - NVIDIA Corporation) NVIDIA Nsight Systems 2020.4.3 (HKLM\...\{8A00392B-A561-4D04-990C-4D1741A5CDDE}) (Version: 20.4.3.7 - NVIDIA Corporation) NVIDIA Nsight Visual Studio Edition 2020.3.1.21012 (HKLM\...\{52E1BC67-764B-4A86-B794-3BDBA8E4E885}) (Version: 20.3.1.21012 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{B56D2F88-8865-40FD-B7AC-F074EE4D201D}) (Version: 1.00.00.00 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project) obs-websocket version 4.9.1 (HKLM-x32\...\{117EE44F-48E1-49E5-A381-CC8D9195CF35}_is1) (Version: 4.9.1 - Stephane Lepin) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20308 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20308 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.7 (HKLM-x32\...\{81D7585D-3E44-4984-B99B-911492419D3E}) (Version: 4.17.9800 - Apache Software Foundation) paint.net (HKLM\...\{39136CF7-E6F5-4DE0-9AB6-EFB45F464590}) (Version: 4.2.4 - dotPDN LLC) Paragon Festplatten Manager™ 25 Jahre Limitierte Jubiläumsedition (HKLM-x32\...\{f541ba6a-92bf-466b-b956-5efa58ffe017}) (Version: 17.10.2.5049 - Paragon Software GmbH) Paragon Hard Disk Manager™ 25 Anniversary LE (HKLM\...\{14EEF044-2FC6-40AA-9285-F430B3D90EF6}) (Version: 17.10.2.5049 - Paragon Software) Hidden Paragon UIM (HKLM\...\{06B4D67B-9ECB-41E5-B4C1-92F529BB703D}) (Version: 24.65.0.487 - Paragon Software) Hidden Passbild-Generator v4.0b (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator) PDF24 Creator 10.0.12 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.12 - PDF24.org) PDFill FREE PDF Editor Basic (HKLM\...\{26037138-C111-4BC5-88E8-DD2B2F2460C7}) (Version: 15.0 - PlotSoft LLC) PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs) PDF-XChange Editor (HKLM\...\{D9768EA7-98DE-4260-A55E-28DD9C4AFD04}) (Version: 9.0.354.0 - Tracker Software Products (Canada) Ltd.) Hidden PDF-XChange Editor (HKLM-x32\...\{ce6c8945-b029-4ebe-b3d4-96f6f0081e71}) (Version: 9.0.354.0 - Tracker Software Products (Canada) Ltd.) PhotoFiltre 7 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\PhotoFiltre 7) (Version: - ) Planet Alpha (HKLM-x32\...\{FE19EF5F-A1E0-4CAF-96B4-590B2C022B15}) (Version: - Team17 Digital Ltd) ProRealTime (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\ProRealTime_is1) (Version: 1.16 - IT-Finance) PuTTY release 0.73 (64-bit) (HKLM\...\{44F7642C-AB7E-4468-B028-E8D08A0CBB0E}) (Version: 0.73.0.0 - Simon Tatham) PyCharm Community Edition 2019.3.3 (HKLM-x32\...\PyCharm Community Edition 2019.3.3) (Version: 193.6494.30 - JetBrains s.r.o.) Python 3.8.1 (32-bit) (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{4e3c79d9-fd08-4d23-ba50-d6f19553b0ee}) (Version: 3.8.1150.0 - Python Software Foundation) Python 3.8.1 Core Interpreter (32-bit) (HKLM-x32\...\{03976998-4294-4FA5-9BE9-3E01B1DBEDC3}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 Development Libraries (32-bit) (HKLM-x32\...\{0211E4D2-E2F6-422D-AEC9-46AD4CC583DD}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 Documentation (32-bit) (HKLM-x32\...\{4408F4FC-AFC1-483E-A744-D61491A8AB85}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 Executables (32-bit) (HKLM-x32\...\{F4F906AC-DFDB-4DA2-86C4-D116EAB497FA}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 pip Bootstrap (32-bit) (HKLM-x32\...\{34B7C438-99B2-4876-8F3A-5295A7DA2AE0}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 Standard Library (32-bit) (HKLM-x32\...\{81CC98E6-C3E9-41EE-9ECC-30A6952AF726}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{F97C2D8A-7ED6-4BA9-BAA7-036878A8AC5B}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 Test Suite (32-bit) (HKLM-x32\...\{656BF6D9-2710-466C-8F82-88135B8EAF00}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.8.1 Utility Scripts (32-bit) (HKLM-x32\...\{EE756009-EBAF-4C88-A99B-2E30FD1FA5DC}) (Version: 3.8.1150.0 - Python Software Foundation) Hidden Python 3.9.4 (64-bit) (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{e300c142-10a9-46f4-a195-bd40cb90a84f}) (Version: 3.9.4150.0 - Python Software Foundation) Python 3.9.4 Add to Path (64-bit) (HKLM\...\{D5076D33-101B-4402-AAC0-001C6D74D9AB}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Core Interpreter (64-bit) (HKLM\...\{DE09AD3C-F617-4EAF-B4F5-943473CB00DA}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Development Libraries (64-bit) (HKLM\...\{CCD8CD39-7BDE-46B9-9222-336226D0C346}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Documentation (64-bit) (HKLM\...\{C625291F-C4B5-45A7-B946-FFAB8535A64A}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Executables (64-bit) (HKLM\...\{A8C63C1D-BCF8-4446-AFAA-AE21DDA1DBEF}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 pip Bootstrap (64-bit) (HKLM\...\{2E65BC05-C532-4BD6-ACDD-3CFDE86F5E36}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Standard Library (64-bit) (HKLM\...\{D8D430E7-0DCE-418C-A937-735F329C1AD8}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM\...\{E4228F0E-C40C-403A-9533-29BA5A9F9E99}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Test Suite (64-bit) (HKLM\...\{86FD19A0-F018-465C-B8C9-02EA01D35A4B}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python 3.9.4 Utility Scripts (64-bit) (HKLM\...\{0C0FBC09-C0AA-4B66-92BF-E321BC8C9FA5}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{12B4CAFF-F2FA-422B-B30C-2265217D8CF8}) (Version: 3.9.7398.0 - Python Software Foundation) R for Windows 3.6.2 (HKLM\...\R for Windows 3.6.2_is1) (Version: 3.6.2 - R Core Team) R for Windows 4.0.3 (HKLM\...\R for Windows 4.0.3_is1) (Version: 4.0.3 - R Core Team) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8273 - Realtek Semiconductor Corp.) Recordify 2018 (HKLM-x32\...\{E25B0FAA-66E5-4D2E-9B48-3B85B31543BF}_is1) (Version: 3.11 - Abelssoft) Rossmann Fotowelt Software (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{a50de2e8-8e5a-4b46-9681-e170843e51c4}) (Version: 5.8.4-4070 - ORWO Net GmbH Bitterfeld-Wolfen) RStudio (HKLM-x32\...\RStudio) (Version: 1.4.1103 - RStudio) Rtools 4.0 (4.0.0.28) (64-bit) (HKLM\...\Rtools_is1) (Version: 4.0 - The R Foundation) Rtools Version 3.5 (HKLM-x32\...\Rtools_is1) (Version: 3.5 - The R Foundation) Ruby 2.5.0-2-x64 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\RubyInstaller-2.5-x64-mingw32_is1) (Version: 2.5.0-2 - RubyInstaller Team) SageMath version 8.8 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\SageMath-8.8_is1) (Version: 8.8 - SageMath) Samsung DeX (HKLM-x32\...\{743e3ecf-e674-4aae-973b-0e784ca38803}) (Version: 2.0.0.15 - Samsung Electronics Co., Ltd.) Samsung DeX (HKLM-x32\...\{E35C3F1D-91A9-4FED-A915-0F913BFD780D}) (Version: 2.0.0.15 - Samsung Electronics Co., Ltd.) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.) Screen InStyle (HKLM-x32\...\{B249FBDB-FAFA-4EED-8833-3073A0FC829F}_is1) (Version: 1.1.1.3 - EIZO Corporation) SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service-Update für HBCIFM99 Version 1.0 (HKLM-x32\...\Service-Update für HBCIFM99_is1) (Version: 1.0 - Dr. Ulrich Amann) Setup-Loader für das HBCI-Modul für Money 99 Version 2000 3.4 (HKLM-x32\...\Setup-Loader für das HBCI-Modul für Money 99 Version 2000_is1) (Version: 3.4 - Dr. Ulrich Amann) Signal 5.1.0 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.1.0 - Open Whisper Systems) SILKYPIX Developer Studio 7 Deutsch (HKLM-x32\...\{2A20420A-B8CE-4423-BBFC-D93AB4CC23EA}) (Version: 7 - Ichikawa Soft Laboratory) simpleos 0.7.2 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\0f54e2df-ead3-54dc-968d-cd341ec34754) (Version: 0.7.2 - EOSRio) Skype for Business Basic 2016 - de-de (HKLM\...\SkypeforBusinessEntryRetail - de-de) (Version: 16.0.14026.20308 - Microsoft Corporation) Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation) Slack (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\slack) (Version: 4.17.1 - Slack Technologies Inc.) Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.30.31037 - LULU Software) Soda PDF Desktop Asian Fonts Pack (HKLM\...\{4C6D3090-D5D6-43E0-A0A5-3D4128D6E34B}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop Convert Module (HKLM\...\{F262EB22-4771-4E16-B29A-F5DD108D8804}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop Create Module (HKLM\...\{CE45B91C-E614-4020-B4C9-77EB5C650786}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop Edit Module (HKLM\...\{F8F6C1A0-1E0B-444E-9277-70C7CD6547FA}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop Forms Module (HKLM\...\{EED0CCB5-116F-40BA-A4A8-1E3F5891C496}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop Insert Module (HKLM\...\{C1A308CA-BFD2-4120-A84D-1182222A1EFB}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop OCR Module (HKLM\...\{0E3F8189-FACD-4269-B971-2A602CAB1FCC}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop Review Module (HKLM\...\{4C05CD7D-AEAD-413B-A056-059C57774B26}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop Secure Module (HKLM\...\{EC2F5976-634E-4A3B-AF8D-9D0E0F7EBE46}) (Version: 9.3.17.38441 - LULU Software) Hidden Soda PDF Desktop View Module (HKLM\...\{EAC5A155-2A9A-47AF-907F-67FCBB2CD659}) (Version: 9.3.17.38441 - LULU Software) Hidden SolarCoin version 2.1.8 (HKLM-x32\...\SolarCoin_is1) (Version: 2.1.8 - ) spacedesk Windows DRIVER (HKLM\...\{89592275-79DA-423A-91E1-8706EC312DF4}) (Version: 0.9.1046.0 - datronicsoft Inc.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SplitCam (HKLM\...\{C04D8FAF-1AA0-4B3E-B549-E31BE1E6BC7B}) (Version: 10.5.12 - SplitCam Co.) Sqrl 1.2.5 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\f0769fd5-6da4-5ce4-9cbc-5dc6ab7c2a1b) (Version: 1.2.5 - Telos Foundation) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Streamlabs OBS 0.27.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.27.1 - General Workings, Inc.) Studio 3T (HKLM\...\8357-7994-5030-9105) (Version: 2020.8.0 - 3T Software Labs) Sword Legacy Omen (HKLM-x32\...\{25071895-D6CB-49CE-98FE-4A2C3C92B9FC}) (Version: - Team17 Digital Ltd) TeamSpeak 3 Client (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.17.7 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Telegram Desktop version 2.7.4 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.4 - Telegram FZ-LLC) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH) Trinity 1.6.1 (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\e2e246ce-857c-53ed-b9ad-26e0668b9510) (Version: 1.6.1 - IOTA Foundation) Turmoil (HKLM-x32\...\{9F710B74-9960-4411-BDFC-3CD846CA812C}) (Version: - Gamious) Twitch (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.) TWS API (HKLM-x32\...\{804183E3-553C-483F-A57F-9FE9AEB592F1}) (Version: 9.76.01 - IBG LLC) UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version: - Udi Fuchs) Ultimate Settings Panel (HKLM\...\{2F0E2793-E444-4851-A4FC-61EC635326CF}) (Version: 6.3.0 - TechyGeeksHome) UltraEdit 15.20 SE (HKLM-x32\...\{A8606865-6D52-44C1-82BD-A3C9A80222D4}) (Version: 15.20.1 - IDM Computer Solutions, Inc.) Uninstall Manager 5.3 (HKLM\...\{45BFB5F0-19B7-4564-B787-A3BAAA0E5AA1}_is1) (Version: 5.3 - Martin Fuchs) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 43.1 - Ubisoft) VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VEGAS Pro 15.0 (HKLM\...\{994FA9EE-A214-11E7-A574-AE6259437B87}) (Version: 15.0.216 - VEGAS) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update7 - IDRIX) VideoProc (HKLM-x32\...\VideoProc) (Version: 4.0 - Digiarty, Inc.) Visual BCD (HKLM-x32\...\{436D50FF-8FA1-4FDD-A9C9-48B52A990F57}) (Version: 0.9.3.1 - BoYans) Vita Concert Grand LE (HKLM\...\{BFA88ABE-D175-42C7-B374-92A2D9333CAB}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN) VMware Horizon Client (HKLM\...\{C6D1F545-F2F2-4379-9652-07696D8BED26}) (Version: 5.5.1.17068 - VMware, Inc.) Hidden VMware Horizon Client (HKLM-x32\...\{8ec9a3ad-734f-4995-84d7-8b2b7fd14d75}) (Version: 5.5.1.17068 - VMware, Inc.) VMware Horizon HTML5 Multimedia Redirection Client (HKLM\...\{2B1D0F22-6025-409A-A248-7C10783FD5F2}) (Version: 7.13.0 - VMware, Inc.) Hidden VMware Horizon Media Engine 11.0.0.614 (64-bit) (HKLM\...\{44E854B5-0ED7-4688-9246-628C86D3709C}) (Version: 11.0.0.614 - VMware, Inc.) Hidden VMware Horizon Media Redirection for Microsoft Teams (HKLM\...\{ADEA6187-E6C1-42E1-82A0-783EF1D4D4D5}) (Version: 7.13.0 - VMware, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) Weka 3.8.4 (HKLM\...\Weka 3.8.4) (Version: 3.8.4 - Machine Learning Group, University of Waikato, Hamilton, NZ) Wi-Fi Scanner version 21.01 (HKLM-x32\...\Wi-Fi Scanner_is1) (Version: 21.01 - LizardSystems) Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22514 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Corsair Components, Inc. (SIUSBXP) USB (07/14/2010 3.3) (HKLM\...\9D216BBD7DABB6A9E6F4F1D85E06CDFF9EA816FE) (Version: 07/14/2010 3.3 - Corsair Components, Inc.) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - FTDI CDM Driver Package - Bus/D2XX Driver (08/16/2017 2.12.28) (HKLM\...\321E9C3B7C8E360B434912ED44CC222F08280048) (Version: 08/16/2017 2.12.28 - FTDI) Windows-Treiberpaket - FTDI CDM Driver Package - VCP Driver (08/16/2017 2.12.28) (HKLM\...\018B67599606F0589EA4CA42AD4CC6B5C24388A0) (Version: 08/16/2017 2.12.28 - FTDI) Windows-Treiberpaket - MPP FTDI MPP FTDI D2XX (08/16/2017 2.12.28) (HKLM\...\75398BFF73C29C011146C84A6BDA6CA67A8B25E5) (Version: 08/16/2017 2.12.28 - MPP FTDI) Windows-Treiberpaket - MPP FTDI MPP FTDI VCP (08/16/2017 2.12.28) (HKLM\...\EBBD9947553A9582FD9EBC71BD40BAB80F35B2B1) (Version: 08/16/2017 2.12.28 - MPP FTDI) Windows-Treiberpaket - MPP USB CDC Virtual COM Port (05/23/2013 2.0.0) (HKLM\...\66DD18691EC6886B537A726978F65EF1E8D2D83C) (Version: 05/23/2013 2.0.0 - MPP) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack) WinMerge 2.16.12.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.16.12.0 - Thingamahoochie Software) WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl) Wondershare Data Recovery(Build 6.5.1.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.5.1.5 - Wondershare Software Co.,Ltd.) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) Xerox Desktop Print Experience 5.0 (HKLM\...\{F69C2056-BC8D-EC77-49FB-E9F863F8C9AA}) (Version: 7.192.8.0 - Xerox Corporation) Xerox PowerENGAGE (HKLM-x32\...\{171BF116-713F-43AA-B236-D6188522E609}) (Version: 2.52.0016 - Xerox Inc.) Xerox Scanner Management Utility (HKLM\...\{247000A3-7D6D-44D6-B438-A21A87BF4210}) (Version: 7.0.52.0 - Xerox Corporation) XMedia Recode 64bit Version 3.5.2.7 (HKLM\...\{D31E6E69-4C6A-42CC-926F-CC7B186864EB}_is1) (Version: 3.5.2.7 - XMedia Recode 64bit) XMind 10.1.3 (HKLM\...\{fbd30ee5-8150-549e-9aed-fd9d444364fb}) (Version: 10.1.3 - XMind Ltd.) XMind 10.3.1 (HKLM\...\fbd30ee5-8150-549e-9aed-fd9d444364fb) (Version: 10.3.1 - XMind Ltd.) XMind 8 Update 8 (v3.7.8) (HKLM-x32\...\XMind_is1) (Version: 3.7.8.201807240049 - XMind Ltd.) XSplit VCam (HKLM\...\{24850C07-D3D6-4050-A0AE-25403AC88D67}) (Version: 2.3.2106.1406 - XSplit) Hidden XSplit VCam (HKLM\...\XSplit VCam 2.3.2106.1406) (Version: 2.3.2106.1406 - XSplit) Youtube-DLG Version 0.4 (HKLM-x32\...\{3C455028-FC99-4846-8E04-4FCD87D85613}_is1) (Version: 0.4 - Sotiris Papadopoulos) Zoom (HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\ZoomUMX) (Version: 5.5.1 (12488.0202) - Zoom Video Communications, Inc.) |
27.06.2021, 22:48 | #17 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Addition Teil 2
__________________Code:
ATTFilter Packages: ========= Arduino IDE -> C:\Program Files\WindowsApps\ArduinoLLC.ArduinoIDE_1.8.49.0_x86__mdqgnx93n4wtt [2021-05-16] (Arduino LLC) Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.) Best of Bing 2018 Exclusive -> C:\Program Files\WindowsApps\Microsoft.BestofBing2018Exclusive_1.0.0.0_neutral__8wekyb3d8bbwe [2019-01-01] (Microsoft Corporation) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.1108.0_x64__rz1tebttyb220 [2021-05-30] (Dolby Laboratories) Drawboard PDF -> C:\Program Files\WindowsApps\Drawboard.DrawboardPDF_5.39.2.0_x64__gqbn7fs4pywxm [2021-06-18] (Drawboard) File Opener - Open Image,Document,Video,Audio -> C:\Program Files\WindowsApps\4846UtilitiesTools.FileOpener-OpenImageDocumentVid_1.1.10.0_x64__b17t1j31etq18 [2018-11-11] (Utilities Tools) Flight Unlimited 2K16 -> C:\Program Files\WindowsApps\FlightSystemsLLC.FlightUnlimited2K16_2.1.16.0_x64__gr0hpt7qkpqd0 [2020-08-02] (Flight Systems LLC) Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation) Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-08-01] (Keeper Security Inc) Lenovo Display Control Center -> C:\Program Files\WindowsApps\E046963F.LenovoDisplayControlCenter_1.0.29191.0_x86__k1h2ywk1493x8 [2021-05-30] (LENOVO INC.) Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-09] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10503.5664.0_x64__8wekyb3d8bbwe [2021-06-09] (Microsoft Corporation) Mind Maps Pro -> C:\Program Files\WindowsApps\BallardAppCraftery.MindMapsPro2Beta_1.1.27.0_x64__epyrqhfctk40t [2019-02-09] (User Camp) Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.17.201.0_x64__8wekyb3d8bbwe [2021-06-26] (Microsoft Studios) MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) myTube! -> C:\Program Files\WindowsApps\59750RYKENAPPS.435307C335C44_4.0.2.0_x64__zd92nzxdcatqw [2020-12-23] (Ryken Studio) OY - Youtube Floating Player -> C:\Program Files\WindowsApps\28583AppsUniversal.FloatingplayerforYoutube_1.1.3.0_x64__5mpx2adydqnqy [2018-01-07] (AppsUniversal) [MS Ad] Penbook -> C:\Program Files\WindowsApps\36376UserCamp.Penbook_2.1.30.0_x64__t7afzrbtd67z0 [2019-10-24] (User Camp) ProApp for GMail, Search, Hangouts, News -> C:\Program Files\WindowsApps\28583AppsUniversal.ProAppforGMailSearchHangoutsNew_1.1.5.0_x64__5mpx2adydqnqy [2018-01-15] (AppsUniversal) [MS Ad] Sketch 360 -> C:\Program Files\WindowsApps\Microsoft.Sketch360_3.0.96.0_x64__8wekyb3d8bbwe [2021-06-26] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0 [2021-06-11] (Spotify AB) [Startup Task] Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.12.1.0_x64__7pb5ddty8z1pa [2021-05-30] (Trello, Inc.) Vodafone Mobile Broadband -> C:\Program Files\WindowsApps\VodafoneGroupServices.VodafoneMobileBroadband_2.10.46.0_x64__cx08jceyq9bcp [2021-01-09] (Vodafone Group Services) Wunderlist: To-Do Liste -> C:\Program Files\WindowsApps\6Wunderkinder.Wunderlist_3.6.43.0_x64__b4cwydgxqx59r [2020-05-01] (6 Wunderkinder GmbH) Xerox Print and Scan Experience -> C:\Program Files\WindowsApps\XeroxCorp.PrintExperience_7.192.8.0_x64__f7egpvdyrs2a8 [2020-11-19] (Xerox Corp) XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-02] (New Work SE) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-4198695647-2910091461-4277131257-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\thoma\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4198695647-2910091461-4277131257-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\thoma\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4198695647-2910091461-4277131257-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\thoma\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.) CustomCLSID: HKU\S-1-5-21-4198695647-2910091461-4277131257-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll () [Datei ist nicht signiert] CustomCLSID: HKU\S-1-5-21-4198695647-2910091461-4277131257-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\thoma\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ Cloudevo (IconOverlayError)] -> {3037DE6C-D55E-4065-A3BE-02051FF42E33} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ Cloudevo (IconOverlayPending)] -> {6E741565-B4E6-4E91-B7FB-35FD792E6032} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ Cloudevo (IconOverlayPrivate)] -> {8F88E6F7-4314-4C3A-BF50-F7884C199A92} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ Cloudevo (IconOverlaySynced)] -> {179E8FE1-82DD-436D-A608-22751924C614} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ Cloudevo (IconOverlaySyncing)] -> {BA62F31B-D25E-41C0-A027-8B34280271AB} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ Cloudevo (IconOverlayUnsynced)] -> {C82DF51A-03B7-485B-96D8-2494669F0BDB} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-03] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [ Cloudevo (IconOverlayError)] -> {3037DE6C-D55E-4065-A3BE-02051FF42E33} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers-x32: [ Cloudevo (IconOverlayPending)] -> {6E741565-B4E6-4E91-B7FB-35FD792E6032} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers-x32: [ Cloudevo (IconOverlayPrivate)] -> {8F88E6F7-4314-4C3A-BF50-F7884C199A92} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers-x32: [ Cloudevo (IconOverlaySynced)] -> {179E8FE1-82DD-436D-A608-22751924C614} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers-x32: [ Cloudevo (IconOverlaySyncing)] -> {BA62F31B-D25E-41C0-A027-8B34280271AB} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers-x32: [ Cloudevo (IconOverlayUnsynced)] -> {C82DF51A-03B7-485B-96D8-2494669F0BDB} => C:\Program Files\Evorim\Cloudevo\CloudShell.dll [2020-10-21] () [Datei ist nicht signiert] ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-03] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Keine Datei ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-03] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Keine Datei ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2020-10-11] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [Datei ist nicht signiert] ContextMenuHandlers2: [1&1 SmartDrive] -> {62DF97A2-3635-4412-AE30-80B164BC88AD} => C:\Program Files (x86)\1&1\1&1 Upload-Manager\SHNDLERS64.DLL [2011-11-21] (1&1 Internet AG) [Datei ist nicht signiert] ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2020-10-11] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2021-04-30] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2021-04-30] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [Datei ist nicht signiert] ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-03] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [1&1 SmartDrive] -> {62DF97A2-3635-4412-AE30-80B164BC88AD} => C:\Program Files (x86)\1&1\1&1 Upload-Manager\SHNDLERS64.DLL [2011-11-21] (1&1 Internet AG) [Datei ist nicht signiert] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-31] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Keine Datei ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2020-10-11] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\thoma\AppData\Local\MEGAsync\ShellExtX64.dll [2020-09-20] (Mega Limited -> ) ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [Datei ist nicht signiert] ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2020-10-11] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxDTCM.dll [2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [Datei ist nicht signiert] ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert] ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-03] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Keine Datei ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2020-10-11] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-31] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers1_S-1-5-21-4198695647-2910091461-4277131257-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2010-11-26] () [Datei ist nicht signiert] ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\System32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.) HKLM\...\Drivers32: [VIDC.LWLR] => C:\Windows\SysWOW64\RGBACodec.dll [37488 2017-04-03] (EditShare EMEA (X-Edit Limited) -> ) ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 11\BesuchtDVDFabWebsite.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab11&v=11.0.8. ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Anaconda Prompt (Anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\ProgramData\Anaconda3\Scripts\activate.bat C:\ProgramData\Anaconda3 ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2021-05-30 20:16 - 2021-05-30 20:16 - 001278976 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\CefSharp.BrowserSubprocess.Core.dll 2021-05-30 20:16 - 2021-05-30 20:16 - 001957888 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\CefSharp.Core.dll 2021-06-09 11:59 - 2021-06-09 11:59 - 001918976 _____ () [Datei ist nicht signiert] \\?\C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\@gnaudio\jabra-node-sdk\build\Release\sdkintegration.node 2021-06-09 11:59 - 2021-06-09 11:59 - 001701376 _____ () [Datei ist nicht signiert] \\?\C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\panacastapi\build\Release\panacastapi.node 2017-10-20 22:36 - 2016-12-14 22:48 - 000961536 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccToolHelper.dll 2017-10-20 22:37 - 2016-09-20 14:08 - 000241664 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll 2017-10-20 22:37 - 2016-07-14 16:09 - 000208896 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll 2017-10-20 22:37 - 2016-07-14 16:10 - 000621056 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll 2017-10-20 22:37 - 2016-06-30 16:50 - 000684032 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\PhoneCtrlAPI.dll 2017-10-20 22:37 - 2016-06-30 16:50 - 000459776 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\WiFiGO_HookKey.dll 2017-10-20 22:37 - 2016-06-30 16:50 - 000753664 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\WiMoveHelp.dll 2018-09-09 15:48 - 2016-03-11 19:16 - 000211968 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\libcolour.dll 2017-10-20 22:37 - 2016-06-30 16:50 - 000195584 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\InstallShield Installation Information\{924FB30F-AA59-453D-A921-39810BDD29C1}\CloudAPI\CloudAPI.dll 2021-04-22 08:31 - 2021-04-22 08:31 - 005745664 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll 2021-06-09 11:58 - 2021-06-09 11:58 - 002608128 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Jabra\Direct4\ffmpeg.dll 2021-06-09 11:58 - 2021-06-09 11:58 - 000356352 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Jabra\Direct4\libegl.dll 2021-06-09 11:58 - 2021-06-09 11:58 - 008347648 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Jabra\Direct4\libglesv2.dll 2017-10-20 22:33 - 2017-09-22 11:36 - 000073728 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\LightingService\1.00.29\ClaymoreProtocol.dll 2017-10-20 22:33 - 2017-09-22 11:36 - 000053248 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\LightingService\1.00.29\cpuutil.dll 2017-10-20 22:33 - 2017-09-22 11:36 - 000519680 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\LightingService\1.00.29\RogNewmouseProtocol.dll 2017-10-20 22:33 - 2017-09-22 11:36 - 001746432 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\LightingService\1.00.29\Vender.dll 2017-10-19 01:48 - 2011-08-23 13:04 - 000057344 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll 2020-10-21 17:45 - 2020-10-21 17:45 - 000685056 _____ () [Datei ist nicht signiert] C:\Program Files\Evorim\Cloudevo\CloudShell.dll 2021-03-27 20:21 - 2021-01-28 06:27 - 000097792 _____ () [Datei ist nicht signiert] C:\Program Files\MiniTool ShadowMaker\coresync.dll 2021-03-27 20:21 - 2019-08-15 06:52 - 000076800 _____ () [Datei ist nicht signiert] C:\Program Files\MiniTool ShadowMaker\SMTPEmail.dll 2021-05-30 20:16 - 2021-05-30 20:16 - 137093632 _____ () [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\libcef.dll 2021-05-30 20:16 - 2021-05-30 20:16 - 000396800 _____ () [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\libegl.dll 2021-05-30 20:16 - 2021-05-30 20:16 - 006338560 _____ () [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\libglesv2.dll 2019-10-01 22:23 - 2019-10-01 22:23 - 000865280 _____ () [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\MicroSIP\SDL2.dll 2017-10-22 22:30 - 2006-02-23 11:35 - 000020480 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\FritzColorPort64.dll 2017-10-22 22:30 - 2006-02-22 10:39 - 000020480 _____ () [Datei ist nicht signiert] C:\WINDOWS\System32\FritzPort64.dll 2011-11-21 12:50 - 2011-11-21 12:50 - 000524288 _____ (1&1 Internet AG) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\BaseCom.dll 2011-11-21 12:53 - 2011-11-21 12:53 - 000049152 _____ (1&1 Internet AG) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\ExplorerHook.dll 2011-11-21 12:49 - 2011-11-21 12:49 - 000180224 _____ (1&1 Internet AG) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\RootCom.dll 2011-11-21 12:51 - 2011-11-21 12:51 - 000307200 _____ (1&1 Internet AG) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\SettingsUI.dll 2011-11-21 12:54 - 2011-11-21 12:54 - 000297984 _____ (1&1 Internet AG) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\SHNDLERS64.DLL 2011-11-21 12:51 - 2011-11-21 12:51 - 000323584 _____ (1&1 Internet AG) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\Update.dll 2020-10-30 19:52 - 2011-11-21 12:52 - 000011776 _____ (1&1 Internet AG) [Datei ist nicht signiert] C:\WINDOWS\System32\ui11np.dll 2017-10-20 22:36 - 2015-06-05 13:00 - 000108544 _____ (ASUS) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AAHM\1.00.30\ASACPI.DLL 2017-10-20 22:36 - 2016-04-20 15:17 - 000108544 _____ (ASUS) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpi.dll 2017-10-20 22:33 - 2021-06-27 23:29 - 000046888 _____ (ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AXSP\2.00.06\PEbiosinterface32.dll 2017-10-20 22:36 - 2016-04-20 15:17 - 000676864 _____ (ASUSTeK Computer Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpiex.dll 2017-10-20 22:37 - 2016-06-30 16:50 - 003147776 _____ (ASUSTek COMPUTER INC.) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\asusnatnl.dll 2017-10-20 22:36 - 2016-04-20 09:17 - 000676864 _____ (ASUSTeK Computer Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AsusFanControlService\1.09.08\asacpiex.dll 2017-10-20 22:33 - 2017-09-22 11:36 - 000080384 _____ (ASUSTeK Computer Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\LightingService\1.00.29\AudioLEDCtrl.dll 2017-10-20 22:37 - 2016-06-30 16:50 - 000327680 _____ (AWIND Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\MirrorOpServiceSender.dll 2017-10-19 07:43 - 2012-09-20 05:00 - 000393728 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMXLMBL.DLL 2021-03-27 20:21 - 2021-01-28 06:27 - 000061952 _____ (Chengdu Speed Digital Technology Co..Ltd.) [Datei ist nicht signiert] C:\Program Files\MiniTool ShadowMaker\ChannelNetFileInfo.dll 2021-03-27 20:21 - 2021-01-28 06:27 - 000175104 _____ (Chengdu Speed Digital Technology Co..Ltd.) [Datei ist nicht signiert] C:\Program Files\MiniTool ShadowMaker\FileInfoCommon.dll 2018-09-09 15:48 - 2018-07-31 17:30 - 000928256 _____ (EIZO Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\libemc.dll 2018-09-09 15:48 - 2018-07-31 17:30 - 000103936 _____ (EIZO Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\libHIDmctrl.dll 2018-09-09 15:48 - 2017-08-25 10:07 - 000162816 _____ (EIZO Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\libmctrl.dll 2018-09-09 15:48 - 2017-08-25 10:07 - 000091648 _____ (EIZO Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\libmptag.dll 2018-09-09 15:48 - 2016-03-11 19:16 - 000080384 _____ (EIZO NANANO CORPORATION) [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\libminfo.dll 2018-09-09 15:48 - 2016-03-11 19:16 - 000131072 _____ (EIZO NANAO CORPORATION) [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\libDDCCImctrl.dll 2019-10-01 22:23 - 2019-10-01 22:23 - 004981774 _____ (FFmpeg Project) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\MicroSIP\avcodec-57.dll 2019-10-01 22:23 - 2019-10-01 22:23 - 000353806 _____ (FFmpeg Project) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\MicroSIP\avformat-57.dll 2019-10-01 22:23 - 2019-10-01 22:23 - 000668686 _____ (FFmpeg Project) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\MicroSIP\avutil-55.dll 2019-10-01 22:23 - 2019-10-01 22:23 - 000506894 _____ (FFmpeg Project) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\MicroSIP\swscale-4.dll 2021-06-09 11:59 - 2021-06-09 11:59 - 002257408 _____ (GN Audio A/S) [Datei ist nicht signiert] \\?\C:\Program Files (x86)\Jabra\Direct4\resources\app.asar.unpacked\node_modules\@gnaudio\jabra-node-sdk\build\Release\libjabra.dll 2016-09-02 13:19 - 2016-09-02 13:19 - 000097792 _____ (GN Netcom A/S) [Datei ist nicht signiert] [Datei wird verwendet] C:\PROGRAM FILES (X86)\JABRA\DIRECT4\AVAYAONEXV3INTEGRATION\GNDeviceInterface.dll 2017-10-19 01:48 - 2015-11-24 20:58 - 000130048 _____ (Hauppauge Computer Works) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\hcwTSAnalogTxt.ax 2017-10-19 01:48 - 2015-11-24 20:59 - 000134656 _____ (Hauppauge Computer Works) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\hcwtsfilter.ax 2017-10-19 01:48 - 2018-06-12 16:20 - 000113152 _____ (Hauppauge Computer Works) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\HCWTSWriter.ax 2017-10-19 01:48 - 2018-12-19 14:52 - 000332800 _____ (Hauppauge Computer Works, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\PsiParser.ax 2017-04-24 14:30 - 2017-04-24 14:30 - 000349696 _____ (Intel(R) Corporation) [Datei ist nicht signiert] C:\Windows\system32\NCS2Setp.dll 2017-10-19 01:48 - 2008-11-12 18:50 - 000253952 _____ (MainConcept GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\SoftPVR\hcw_mcl2ae.ax 2017-10-19 01:48 - 2008-11-12 18:51 - 000372736 _____ (MainConcept GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\SoftPVR\hcw_mcm2ve.ax 2017-10-19 01:48 - 2008-11-12 18:54 - 000528384 _____ (MainConcept GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\SoftPVR\hcw_mcmpeg2mux.ax 2017-10-19 01:48 - 2008-11-12 18:37 - 000241664 _____ (MainConcept GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\SoftPVR\hcw_mcmpgaout.dll 2017-10-19 01:48 - 2008-11-12 18:39 - 002137600 _____ (MainConcept GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\SoftPVR\hcw_mcmpgvout.004 2017-10-19 01:48 - 2008-11-12 18:44 - 000017920 _____ (MainConcept GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\WinTV8\SoftPVR\hcw_mcmpgvout.dll 2011-06-03 15:15 - 2011-06-03 15:15 - 001047552 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\MFC71U.DLL 2011-06-03 15:15 - 2011-06-03 15:15 - 000499712 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\MSVCP71.dll 2011-06-03 15:15 - 2011-06-03 15:15 - 000348160 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\1&1\1&1 Upload-Manager\MSVCR71.dll 2021-03-14 15:17 - 2006-11-02 16:18 - 000850432 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\system32\spool\DRIVERS\x64\3\PDFILLPS5UI.DLL 2020-09-06 15:13 - 2020-09-06 15:13 - 001654784 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL 2020-09-06 15:13 - 2020-09-06 15:13 - 000054272 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\MFC80DEU.DLL 2018-09-09 15:48 - 2016-03-15 19:00 - 001103360 _____ (Robert Simpson, et al.) [Datei ist nicht signiert] C:\Program Files (x86)\EIZO\Screen InStyle\x86\SQLite.Interop.dll 2021-05-21 08:12 - 2021-05-21 08:12 - 000130048 _____ (Sam Grogan) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll 2021-05-30 20:16 - 2021-05-30 20:16 - 001010176 _____ (The Chromium Authors) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\chrome_elf.dll 2021-03-27 20:21 - 2017-09-14 15:40 - 000884736 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files\MiniTool ShadowMaker\sqldrivers\qsqlite.dll 2017-10-20 22:33 - 2017-09-22 11:36 - 001623552 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\Program Files (x86)\LightingService\1.00.29\LED_DLL_forMB.dll 2017-10-20 22:33 - 2017-09-22 11:36 - 001624576 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\Program Files (x86)\LightingService\1.00.29\VGA_Extra.dll 2021-03-27 20:21 - 2021-01-28 06:27 - 001485312 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\Program Files\MiniTool ShadowMaker\core7z.dll 2017-10-22 22:30 - 2006-02-23 12:16 - 000047616 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\WINDOWS\System32\AvmColorFax.dll 2017-10-22 22:30 - 2006-02-22 10:53 - 000043520 _____ (TODO: <Company name>) [Datei ist nicht signiert] C:\WINDOWS\System32\AvmFax.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-4198695647-2910091461-4277131257-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation) BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\ssv.dll [2021-05-03] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Soda PDF Desktop Helper -> {A2792EEC-6618-4C4C-8ECF-B51ECB5DC2A1} -> C:\Program Files (x86)\Soda PDF Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2018-06-04] (LULU Software -> LULU Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-05-03] (Oracle America, Inc. -> Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\127.0.0.1 -> hxxp://127.0.0.1 ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2018-04-12 01:38 - 2020-12-28 21:40 - 000000923 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 view-localhost # view localhost server 127.0.0.1 tresor 127.0.0.1 cryptomator-vault 2017-10-19 22:57 - 2018-07-01 16:31 - 000000528 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.19.43.209 DESKTOP-HCA6LJN.mshome.net # 2023 6 5 30 14 31 5 973 10 830 192.168.137.1 DESKTOP-HCA6LJN.mshome.net # 2022 10 4 20 14 33 46 531 ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Player\bin\;C:\Python39\Scripts\;C:\Python39\;C:\Program Files (x86)\Rtools\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Ruby25-x64\bin;C:\ProgramData\Oracle\Java\javapath;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\MiKTeX 2.9\miktex\bin\x64\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\PuTTY\;C:\Program Files\Inkscape\bin;C:\Program Files (x86)\Boxcryptor\bin\;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin;C:\Program Files (x86)\PDFtk\bin\;C:\Program Files\NVIDIA Corporation\Nsight Compute 2020.3.1\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd;C:\Program Files\nodejs\ HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\thoma\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hintergrundbild der windows-fotoanzeige.jpg HKU\S-1-5-21-4198695647-2910091461-4277131257-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\sandr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg HKU\S-1-5-21-4198695647-2910091461-4277131257-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\maxim\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\p1050937.jpg HKU\S-1-5-21-4198695647-2910091461-4277131257-1010\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) ist aktiviert. Network Binding: ============= WLAN: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled) ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\StartupFolder: => "Adobe Acrobat Speed Launcher.lnk" HKLM\...\StartupApproved\StartupFolder: => "AutoStart IR.lnk" HKLM\...\StartupApproved\Run: => "Eraser" HKLM\...\StartupApproved\Run: => "MTPW" HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\StartupApproved\Run: => "Amazon Photos" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{37F4C6B7-CB96-44C7-8C4D-27C65EA72E5B}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{C6D8DF60-6E6D-48A4-8E01-0784E187F69A}] => (Allow) LPort=24727 FirewallRules: [{9BA25F6D-37AE-4544-B4C9-C43A89FA44AB}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [UDP Query User{79FD60F0-193B-4618-BC5E-D5EDF16B264D}C:\users\thoma\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\thoma\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{2EB4D38F-558D-4B01-878F-721AFEDBB595}C:\users\thoma\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\thoma\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6B89930B-80EB-4316-B79A-2DCA66107C16}] => (Allow) C:\Users\thoma\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei FirewallRules: [{17433C06-C9F4-4DE3-B8DC-D077599AF87B}] => (Allow) C:\Users\thoma\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{7165D1AB-630F-4006-B774-1479AF383DFA}C:\program files\rstudio\bin\rsession.exe] => (Allow) C:\program files\rstudio\bin\rsession.exe (RStudio, PBC) [Datei ist nicht signiert] FirewallRules: [TCP Query User{E9D9BF03-BE2B-4038-884B-43FDADB7550F}C:\program files\rstudio\bin\rsession.exe] => (Allow) C:\program files\rstudio\bin\rsession.exe (RStudio, PBC) [Datei ist nicht signiert] FirewallRules: [{E897B64E-91BB-43DA-BE48-6C00EB74C646}] => (Allow) LPort=31931 FirewallRules: [{46A6EADE-C1BC-43A4-AD0E-49580E6110CE}] => (Allow) LPort=14714 FirewallRules: [{6EDF3FA6-E7B5-4221-B0D5-44286354A5D2}] => (Allow) LPort=12972 FirewallRules: [{5D062739-9639-46A1-991E-67585D6C9BD1}] => (Allow) C:\Program Files (x86)\Audials\MusicTube 2020\Audials.exe (Audials AG -> Audials AG) FirewallRules: [{7D42551C-A9FF-4E9E-9547-477556B1C677}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 15\onlineTV.exe (concept/design GmbH -> concept/design GmbH) FirewallRules: [UDP Query User{BF9F99CA-DC1B-477B-883D-CBE9EF71923C}C:\program files (x86)\dvdfab 11\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 11\dvdfab.exe => Keine Datei FirewallRules: [TCP Query User{5BCD0B25-DFEA-421E-97BF-1FE93604AC33}C:\program files (x86)\dvdfab 11\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 11\dvdfab.exe => Keine Datei FirewallRules: [{3092A62F-87AC-4636-AAAC-228EC8389317}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{B7C1E2CE-FACE-4CF4-9331-AAFC0E81A238}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{53B6F849-F3D0-41D1-954E-2C688E5B0E4A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [UDP Query User{DF902C04-CE20-4BB0-9248-0DB35678BBEC}C:\users\thoma\desktop\sdi_r1909\sdi_x64_r1909.exe] => (Allow) C:\users\thoma\desktop\sdi_r1909\sdi_x64_r1909.exe => Keine Datei FirewallRules: [TCP Query User{6D16DA2C-0933-4B9B-9449-4B122F758893}C:\users\thoma\desktop\sdi_r1909\sdi_x64_r1909.exe] => (Allow) C:\users\thoma\desktop\sdi_r1909\sdi_x64_r1909.exe => Keine Datei FirewallRules: [UDP Query User{D9B3B97F-1140-4E15-BCB4-3A1886735A18}C:\users\thoma\desktop\sdi_r1909\sdi_r1909.exe] => (Allow) C:\users\thoma\desktop\sdi_r1909\sdi_r1909.exe => Keine Datei FirewallRules: [TCP Query User{0D7DFBD8-D1FD-46C4-812D-1822637D97B1}C:\users\thoma\desktop\sdi_r1909\sdi_r1909.exe] => (Allow) C:\users\thoma\desktop\sdi_r1909\sdi_r1909.exe => Keine Datei FirewallRules: [UDP Query User{B1C805DC-CC0C-47EF-BE8D-D54C60557B82}D:\download\aa\avm_capi_test.exe] => (Allow) D:\download\aa\avm_capi_test.exe => Keine Datei FirewallRules: [TCP Query User{191A0FC0-E7DF-45F5-940C-2D5CBFA82A1A}D:\download\aa\avm_capi_test.exe] => (Allow) D:\download\aa\avm_capi_test.exe => Keine Datei FirewallRules: [{4783FAA5-ABA4-401B-A46E-1A88600F9C37}] => (Allow) C:\Program Files\MAGIX\Photostory Deluxe COMPUTER BILD-Edition\2019\Fotos_dlx.exe (MAGIX Software GmbH -> MAGIX Software GmbH) FirewallRules: [{EA4D69BF-593F-4CEA-883C-DDDC1B00025D}] => (Allow) C:\Program Files\MAGIX\Video deluxe COMPUTER BILD-Edition\2019\Videodeluxe.exe (MAGIX Software GmbH -> MAGIX Software GmbH) FirewallRules: [{220FC1F1-AA5D-49A4-90F7-BEB72EC3F91E}] => (Allow) C:\Program Files\Common Files\MAGIX Services\MxCloudSync\MxCloudSync.exe (MAGIX Software GmbH -> MAGIX) FirewallRules: [{0246CAB7-898D-4613-8066-A87B0FFFEC2A}] => (Allow) C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QMxNetworkSync.exe (MAGIX Software GmbH -> MAGIX) FirewallRules: [{BC27A3A0-B844-4572-BB7C-DCA91257375A}] => (Allow) LPort=445 FirewallRules: [{F552658D-5996-4735-80B8-A1FD9E9A7332}] => (Allow) C:\Program Files\Docker\Docker\Resources\com.docker.proxy.exe => Keine Datei FirewallRules: [{3037AEF6-90C2-4D08-95CF-01F2322A9689}] => (Allow) LPort=1900 FirewallRules: [{9D31EB7E-9C31-4E29-92E6-76D2D41D3BF4}] => (Allow) LPort=2869 FirewallRules: [{21325355-53BA-439E-BA90-E69A2EBCCFDB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F64F56DC-0E98-49E3-ACE3-F0BFB3759F8A}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{10F56322-A674-4BAA-A1EC-0185FD520052}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{85468114-A645-4268-A88D-E786DDE8A712}] => (Block) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> ) FirewallRules: [{368B7975-E3BB-4CFF-A458-28E6687F0E1C}] => (Block) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> ) FirewallRules: [UDP Query User{5EDFB555-659A-4CA5-9B69-A9FA64D3CA4C}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> ) FirewallRules: [TCP Query User{57C2247D-A9FD-4115-9AFA-DD367B9C7DCD}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> ) FirewallRules: [UDP Query User{D3D201C4-83CF-4DE2-A268-5B5789DEF7CB}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Allow) C:\program files (x86)\wintv\wintv8\wintv8.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.) [Datei ist nicht signiert] FirewallRules: [TCP Query User{948D373A-D610-4BE6-BF50-3F42016CB4EC}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Allow) C:\program files (x86)\wintv\wintv8\wintv8.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.) [Datei ist nicht signiert] FirewallRules: [{17213AF6-BFF8-4CCA-B0F6-3EB5BDA0F4A4}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{7C221779-0AC9-41AC-9476-DEA3EF5203B4}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{F2EB169D-AE61-481A-AFDB-C70BC27F4ECF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7936B122-539C-474F-A831-055ED945C976}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{2F67176C-AB4C-4397-A22A-569DAC9C0D5F}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe => Keine Datei FirewallRules: [UDP Query User{807480DA-3336-49B4-87B6-C35D9CE01BB5}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe => Keine Datei FirewallRules: [TCP Query User{79C8B4D9-ED48-4377-88F8-75B141BF49E5}D:\download\avm_capi_test.exe] => (Allow) D:\download\avm_capi_test.exe => Keine Datei FirewallRules: [UDP Query User{586BBF26-F509-4B4C-ACC2-0F010459F090}D:\download\avm_capi_test.exe] => (Allow) D:\download\avm_capi_test.exe => Keine Datei FirewallRules: [{D64F71E3-0950-4590-82F0-29EBF001F077}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{048EF796-4D7A-4269-B2EB-553D474CEEA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{6802EED4-09E6-45D1-BB46-5BBCADD205FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{BA4497C0-1EFF-4771-A63E-7A283F0CAC58}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{CFB5D524-DD79-4B6C-94F8-01934ED9579F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe () [Datei ist nicht signiert] FirewallRules: [{5EAFD8E5-2992-482F-892B-9FFB2157C46E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe () [Datei ist nicht signiert] FirewallRules: [{0F1C08F3-80B1-41BD-9D89-021F3BEB6180}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{86D6FCE6-94AF-4D2E-A95A-9343BCC9EE67}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{3887A528-642B-49F7-AE9C-7666BBF3359D}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> ) FirewallRules: [{039A0524-9176-4F83-99FF-C5DB71BA72AA}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> ) FirewallRules: [{2B083EC3-E9D1-4F3D-B495-3A8A8D7A6979}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA) FirewallRules: [{1BDC89BC-90C2-4666-9348-9151C4ACC094}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA) FirewallRules: [{6C2ED52F-16D3-4D1B-9D13-2D222FA901AB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{009A93EE-1A85-4E87-8CA8-CBE64EDBBC47}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe () [Datei ist nicht signiert] FirewallRules: [{05C8229E-ED0E-464E-9C92-21F60374A0A2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe () [Datei ist nicht signiert] FirewallRules: [{1F97BE78-FCA4-44C1-B381-ECD682A9B8BC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe () [Datei ist nicht signiert] FirewallRules: [{4E0A7E95-913D-481A-B48E-370694AD4978}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe () [Datei ist nicht signiert] FirewallRules: [{30CCAACD-89C4-42BC-8E3B-46D444B1E55D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe () [Datei ist nicht signiert] FirewallRules: [{697DFF73-C8DC-453E-AEEA-CEC054697EA3}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe () [Datei ist nicht signiert] FirewallRules: [{B7DA265F-2310-41A7-B633-F9BF2A010F97}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe () [Datei ist nicht signiert] FirewallRules: [{A9CD180B-141C-4786-B4F9-E99326355120}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{6F0F8AA8-2927-4986-AA37-AB5452783183}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => Keine Datei FirewallRules: [TCP Query User{D7FE86A1-6E85-4BD1-B598-1CC53C981C7C}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [UDP Query User{7B77F5EC-200F-4F98-8487-F7EC357CC0E2}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [TCP Query User{A7391BF6-BAC2-41FD-9D07-0D23310AFFFC}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [UDP Query User{2DB15225-C550-4153-BCD2-E2A9A699B5F4}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{0964492B-5067-4F93-A81B-857A48247715}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker\25\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH) FirewallRules: [TCP Query User{9145BEA2-76BB-4161-BDDD-9EDCBABFAD80}C:\program files\windowsapps\arduinollc.arduinoide_1.8.10.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.10.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => Keine Datei FirewallRules: [UDP Query User{68C5D7AB-A3BC-4ACC-8FFA-A46F1C244357}C:\program files\windowsapps\arduinollc.arduinoide_1.8.10.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.10.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => Keine Datei FirewallRules: [{01292D08-00B6-4325-BB67-BA472EE389A4}] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.10.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => Keine Datei FirewallRules: [{07A0FE13-598E-43A9-9866-8B254ABB2D96}] => (Block) C:\program files\windowsapps\arduinollc.arduinoide_1.8.10.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => Keine Datei FirewallRules: [{2AF9D575-462D-4D6D-9C0D-C5CE7C4DE08E}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{0960CB8E-7675-46CB-9CD7-01BE81430405}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [TCP Query User{A604003E-10EB-4DE2-BEA1-29965A9C0187}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js) FirewallRules: [UDP Query User{FF79249E-1188-44EB-9176-D73B923969C1}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (OpenJS Foundation -> Node.js) FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) FirewallRules: [AusweisApp2-Firewall-Rule-In] => (Allow) C:\Program Files (x86)\AusweisApp2 1.14.0\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) FirewallRules: [TCP Query User{8C016E5E-CEDB-488B-AAFC-94DEFB61FCD5}C:\program files\dvdfab 10\dvdfab64.exe] => (Allow) C:\program files\dvdfab 10\dvdfab64.exe => Keine Datei FirewallRules: [UDP Query User{17DF202F-F55D-4776-A053-220516D8146A}C:\program files\dvdfab 10\dvdfab64.exe] => (Allow) C:\program files\dvdfab 10\dvdfab64.exe => Keine Datei FirewallRules: [TCP Query User{CE293691-93E6-43F0-ABAA-731BF3732C99}C:\program files\ruby25-x64\bin\ruby.exe] => (Allow) C:\program files\ruby25-x64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [Datei ist nicht signiert] FirewallRules: [UDP Query User{02061A6B-4877-4941-853F-0633343F033A}C:\program files\ruby25-x64\bin\ruby.exe] => (Allow) C:\program files\ruby25-x64\bin\ruby.exe (hxxp://www.ruby-lang.org/) [Datei ist nicht signiert] FirewallRules: [{EFC3F528-AFF2-4D4E-84EF-6F5E32BF5582}] => (Allow) C:\Users\thoma\AppData\Local\Apps\2.0\ER1KADGX.OEK\3Q153P43.PO1\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [{6BCC9560-D05D-4CB0-8ED9-D805E83CFED9}] => (Allow) C:\Users\thoma\AppData\Local\Apps\2.0\ER1KADGX.OEK\3Q153P43.PO1\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [{BF3B0539-DC6B-43D9-ACEB-286A9D1ABF27}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.) [Datei ist nicht signiert] FirewallRules: [{56EB2A11-24FB-44E1-84A2-A0B9C8C26EB0}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.) [Datei ist nicht signiert] FirewallRules: [{CA765333-82C0-4FB7-ABB3-E5402D8C9FC4}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.) [Datei ist nicht signiert] FirewallRules: [{A8AABDF1-84EC-46E4-99B7-B7B7A5745C29}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.) [Datei ist nicht signiert] FirewallRules: [{AFDC9808-8DAF-4EA0-B2C7-D9DB24EB93D7}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [{6C5B4FA9-6170-456C-A36C-2A68AA4171AF}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [{998D9583-8831-40AA-8349-C68A60BBD44D}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [{82B0401F-F6B5-479F-8BA0-18CBE0FDEE98}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [{25735172-7456-4756-9E22-2DA729524247}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [{0AED960D-DF39-4A82-8B11-80C58438C9EB}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [{02D0107B-499C-44D8-8F05-6F131CFC02A3}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [{E679284A-4FA4-40E3-B6C1-29105C524218}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] FirewallRules: [TCP Query User{D1EDC7BE-02F9-4938-8C98-C616C965897F}C:\program files (x86)\solarcoin\solarcoin-qt.exe] => (Block) C:\program files (x86)\solarcoin\solarcoin-qt.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{812F630C-5525-4893-83A8-00B9A5B7291D}C:\program files (x86)\solarcoin\solarcoin-qt.exe] => (Block) C:\program files (x86)\solarcoin\solarcoin-qt.exe () [Datei ist nicht signiert] FirewallRules: [{3B189224-19A7-4774-BE6F-8FD98236DED2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0105F134-7A85-40AF-BD3A-0DC3097BAA87}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{1BCC3FE5-CA03-42D6-B2F4-845A9D43E35F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{3BFE3789-3F94-4A54-BC6B-18943AD6785D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{26B3E283-C0EB-414C-9A56-523E11AC75AE}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{9894C12B-B0E8-4A8C-9B95-AAA450AA44A2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{5C1804C5-2180-4B4C-AC5F-855F99355A3E}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{5010A225-A6EF-43EF-B5F5-ED32299B7EBE}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{73825360-27DD-45EE-B1B1-9252FDF7961E}] => (Allow) C:\WINDOWS\system32\spacedeskService.exe (Datronicsoft, Inc. -> ) FirewallRules: [TCP Query User{605FE964-E259-4AF0-8FB3-532681E446AC}C:\program files\redis\redis-server.exe] => (Allow) C:\program files\redis\redis-server.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{09A4ED22-6D51-442C-8B27-0C08CC289076}C:\program files\redis\redis-server.exe] => (Allow) C:\program files\redis\redis-server.exe () [Datei ist nicht signiert] FirewallRules: [{97A1540D-39ED-4A4E-BCCE-8784F64FE752}] => (Block) C:\program files\redis\redis-server.exe () [Datei ist nicht signiert] FirewallRules: [{00CE171C-3864-40BB-AB12-C86813E74C51}] => (Block) C:\program files\redis\redis-server.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{8CC18E3C-E199-4735-B4D0-AB06EAEB9F02}C:\program files\neo4j desktop\neo4j desktop.exe] => (Allow) C:\program files\neo4j desktop\neo4j desktop.exe (Neo4j, Inc. -> Neo4j Inc.) FirewallRules: [UDP Query User{D8359F38-2A83-4943-9437-EC7584E55EEC}C:\program files\neo4j desktop\neo4j desktop.exe] => (Allow) C:\program files\neo4j desktop\neo4j desktop.exe (Neo4j, Inc. -> Neo4j Inc.) FirewallRules: [{D706A190-041B-4735-B50A-EA75B88DC69C}] => (Block) C:\program files\neo4j desktop\neo4j desktop.exe (Neo4j, Inc. -> Neo4j Inc.) FirewallRules: [{81970878-436E-40E8-AE62-CCCF70B9A467}] => (Block) C:\program files\neo4j desktop\neo4j desktop.exe (Neo4j, Inc. -> Neo4j Inc.) FirewallRules: [{71FA467A-0769-40CB-9E7E-A0AEAEC5DD10}] => (Allow) D:\download\cloudevo-x32-setup.exe => Keine Datei FirewallRules: [TCP Query User{9D1096A4-A9B7-49BB-ABFF-D20F81B7B752}C:\program files\1&1 verschlüsselung\1&1 verschluesselung.exe] => (Allow) C:\program files\1&1 verschlüsselung\1&1 verschluesselung.exe () [Datei ist nicht signiert] FirewallRules: [UDP Query User{AD88A7FE-BF84-4B9C-92B3-55E4AF0A3A81}C:\program files\1&1 verschlüsselung\1&1 verschluesselung.exe] => (Allow) C:\program files\1&1 verschlüsselung\1&1 verschluesselung.exe () [Datei ist nicht signiert] FirewallRules: [{100822C4-4DD1-4C08-A17F-577709A5BAFE}] => (Block) C:\program files\1&1 verschlüsselung\1&1 verschluesselung.exe () [Datei ist nicht signiert] FirewallRules: [{54617F60-4B69-4A0C-92FD-5BDCF437E73D}] => (Block) C:\program files\1&1 verschlüsselung\1&1 verschluesselung.exe () [Datei ist nicht signiert] FirewallRules: [TCP Query User{F8C4E6E3-DC5A-4ED8-BC03-39FEABB7018D}C:\program files (x86)\roger router\roger.exe] => (Allow) C:\program files (x86)\roger router\roger.exe => Keine Datei FirewallRules: [UDP Query User{92E18DC9-4AD9-4949-8E0F-1E464028AFA4}C:\program files (x86)\roger router\roger.exe] => (Allow) C:\program files (x86)\roger router\roger.exe => Keine Datei FirewallRules: [TCP Query User{ADBAFC3E-16A4-4833-BCCF-90F503D7A904}C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{5A83EF16-2A38-4A13-A445-2784F88DD8A8}C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{327986EC-C24A-43AF-AAC5-1F55475A4CBA}C:\users\thoma\appdata\local\microsip\microsip.exe] => (Allow) C:\users\thoma\appdata\local\microsip\microsip.exe (MSIP Code Signing -> www.microsip.org) [Datei ist nicht signiert] FirewallRules: [UDP Query User{F3949733-E3B1-42F5-A249-598F4DE40E74}C:\users\thoma\appdata\local\microsip\microsip.exe] => (Allow) C:\users\thoma\appdata\local\microsip\microsip.exe (MSIP Code Signing -> www.microsip.org) [Datei ist nicht signiert] FirewallRules: [{15369BE4-CC89-4748-BC5B-E7D9DC2722BA}] => (Allow) C:\Users\thoma\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe => Keine Datei FirewallRules: [{3AC6E6F1-138E-4795-B7A7-E1ACCC587B15}] => (Allow) C:\Users\thoma\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe => Keine Datei FirewallRules: [{CC6AD911-E5C3-49F7-984E-4514010DE2B1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{31DEA2C3-1337-41EC-8B91-83AED48B256D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{AA2DEDA8-0A48-4021-8DC0-32BC66D1B0FB}] => (Allow) C:\Program Files (x86)\Audials\Audials 2021\Audials.exe (Audials AG -> Audials AG) FirewallRules: [{B6F19AF5-0BC8-434A-A463-8921346C547A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{12548816-4D16-47DE-859C-AF10C52E9BB5}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{E4EF5DCD-81F7-4B95-BEE5-9F6918F9B28A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{D29F4A6A-230C-43DA-AE0E-5827266BFF8B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{9B12F4A0-200B-4F5A-9616-0AA6A1C7DD93}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{77AF9B99-906F-49CC-97EA-46F581AA9B63}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [TCP Query User{F40F040F-5E72-4C4A-AC3D-6A02FB376724}C:\users\thoma\appdata\local\programs\aioz_worker_node\aioz node.exe] => (Allow) C:\users\thoma\appdata\local\programs\aioz_worker_node\aioz node.exe (AIOZ Pte. Ltd. -> AIOZ Company) FirewallRules: [UDP Query User{5E08B2E8-EBC1-4855-828B-3A7E297FAFAB}C:\users\thoma\appdata\local\programs\aioz_worker_node\aioz node.exe] => (Allow) C:\users\thoma\appdata\local\programs\aioz_worker_node\aioz node.exe (AIOZ Pte. Ltd. -> AIOZ Company) FirewallRules: [{7B9C4482-4D7C-4CD4-BD76-E44FE03FFF36}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{831CEDAF-FF2E-4A1D-B7CA-DC74DA139647}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{4983C192-A4C6-41F2-897E-DDC87A9B54AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{040CC7D9-A611-4340-B9FA-07965C51C0FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{C7B6FC63-2911-449F-87FA-7E21804CB1CF}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{10C7C440-FF29-4965-8059-9808876436F8}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC) FirewallRules: [{9CA0EC33-A631-4B27-BA4A-C1DED43D778D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{748ED390-DD7F-474C-8668-F717D941B226}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{B221106D-4425-4374-A18E-419BD6027B4A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CDF46F33-BEEB-4768-85E1-1D8841A897E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FBC05E20-28F6-44AD-88F1-D69FB2FF74E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{BE73FAAB-662B-4192-B1A2-0ADC03F2629D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{21238254-9B30-4847-9B6B-74B564F9084D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F06D9240-80BD-4E39-A7A5-75E7C438C40A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A3EB4C60-C85F-4085-B405-BD43702386A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{67CD1ED7-7596-4CFB-930E-29B07CA99D5A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A2C10EAE-56A1-4985-A5A6-616A27C6FEC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2D4CFB98-15C5-4213-B7EB-536152AEDFAF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{52CB7ACC-B77B-4F95-A6F7-ED980B786EEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DB2E1FE5-3880-4ADC-825C-C33EE79D849B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{02E6A333-4B11-4D3A-9ECA-92674C71D13F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{744B6FDD-9CA3-4A26-865F-4BDF50AE415C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.161.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{130392B2-C94C-489D-A79E-9CA161E40AB3}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{4DB7EF25-E247-46DA-8934-63096927D5E6}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{E4EFEC18-8074-4EB9-BC5D-33FE70FA50A7}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{82987193-8FA3-4BE9-B229-6B2C34EBE815}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{DD9887F8-49F9-456C-B6E9-24894EDFDF08}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{2FDB15BC-AD28-463E-BA4E-E50F22D6F7D6}] => (Allow) C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs Limited -> SplitmediaLabs) FirewallRules: [{081033D6-6D30-4D08-88E4-0FA0A956E660}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.59\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{514D8199-5D1D-4659-8434-9907DF8512B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{150DA759-DC4F-41AE-9CBB-0D27C9BBEBE7}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> ) FirewallRules: [{AA9AB536-DFF2-4E6B-BD11-AE0C190434FD}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> ) FirewallRules: [{D6E37157-6B99-4EFC-AC9F-BA66A2FA253F}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{EA72E73F-502A-4CFE-A073-57A7A3E972BA}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{C6507A3E-7633-4DF4-B741-F514123242F5}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\ASUSDMS.exe => Keine Datei FirewallRules: [{9212DAB3-A789-43B3-BA25-CC801B607B47}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\ASUSDMS.exe => Keine Datei ==================== Wiederherstellungspunkte ========================= 24-06-2021 08:56:45 Windows Modules Installer 24-06-2021 09:00:00 Windows Modules Installer 24-06-2021 09:00:23 Windows Modules Installer 27-06-2021 20:00:26 Windows Modules Installer 27-06-2021 22:01:13 Removed Adobe Acrobat 8 Professional - English, Français, Deutsch ==================== Fehlerhafte Geräte im Gerätemanager ============ ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (06/27/2021 11:29:28 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/27/2021 11:29:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FreemakeUtilsService.exe, Version: 1.0.0.0, Zeitstempel: 0x5d37fb41 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1081, Zeitstempel: 0xb84bdad0 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0012b4b2 ID des fehlerhaften Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0x01d76b9b7d841002 Pfad der fehlerhaften Anwendung: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll Berichtskennung: f5406252-75c1-45fb-95d5-7fceed383227 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/27/2021 11:29:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: FreemakeUtilsService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.IO.FileNotFoundException bei FreemakeUtilsService.Program.Main(System.String[]) Error: (06/27/2021 11:29:20 PM) (Source: Adiscon EvntSLog) (EventID: 104) (User: ) Description: The initialization process failed. Error: (06/27/2021 11:29:20 PM) (Source: Adiscon EvntSLog) (EventID: 201) (User: ) Description: EventReporter trial expired. The Service is now disabled. Please visit hxxp://www.eventreporter.com/en/ to purchase the product. There is no need to reinstall the product after purchasing. You just need to enter the registration key. Your configuration will remain intact. Error: (06/27/2021 11:10:57 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/27/2021 11:05:40 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/27/2021 10:39:25 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Systemfehler: ============= Error: (06/27/2021 11:29:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (06/27/2021 11:29:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht. Error: (06/27/2021 11:29:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) TPM Provisioning Service erreicht. Error: (06/27/2021 11:29:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Adiscon EvntSLog" wurde mit folgendem Fehler beendet: Das System konnte die eingegebene Umgebungsoption nicht finden. Error: (06/27/2021 11:28:22 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Für den Miniport "Qualcomm Atheros QCA61x4A Wireless Network Adapter, {b2fdbaf9-7801-4d7f-b29c-71fd5d746b40}" ist das Ereignis "71" aufgetreten. Error: (06/27/2021 11:28:22 PM) (Source: Qcamain10x64) (EventID: 5002) (User: ) Description: Qualcomm Atheros QCA61x4A Wireless Network Adapter : Fehlfunktion des Netzwerkadapters wurde ermittelt. Error: (06/27/2021 10:39:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (06/27/2021 10:39:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht. Windows Defender: ================ Date: 2021-06-27 20:21:05 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {52E96D86-BBFB-4D6F-9352-3E736766F206} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2021-06-27 20:00:28 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {D1F0FCDC-4921-4B15-AF42-C8BB394D8F08} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM CodeIntegrity: =============== Date: 2021-06-27 23:30:22 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume8\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2021-06-27 23:29:33 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\1&1\1&1 Upload-Manager\SHNDLERS64.DLL that did not meet the Microsoft signing level requirements. Date: 2021-06-27 23:29:22 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Speicherinformationen =========================== BIOS: American Megatrends Inc. 1301 03/14/2018 Hauptplatine: ASUSTeK COMPUTER INC. MAXIMUS IX FORMULA Prozessor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Prozentuale Nutzung des RAM: 29% Installierter physikalischer RAM: 32628.76 MB Verfügbarer physikalischer RAM: 23040.72 MB Summe virtueller Speicher: 37492.76 MB Verfügbarer virtueller Speicher: 27409.17 MB ==================== Laufwerke ================================ Drive c: (SSD) (Fixed) (Total:428.24 GB) (Free:42.38 GB) NTFS Drive d: (DATEN) (Fixed) (Total:1862.97 GB) (Free:736.8 GB) NTFS Drive e: (BACKUP) (Fixed) (Total:1862.97 GB) (Free:18.62 GB) NTFS Drive f: (SOFTWARE) (Fixed) (Total:1862.97 GB) (Free:1200.67 GB) NTFS Drive g: (BACKUP) (Fixed) (Total:2794.39 GB) (Free:222.81 GB) NTFS Drive m: (DatenThomas) (Fixed) (Total:50 GB) (Free:15.82 GB) exFAT Drive s: (Daten Scan) (Fixed) (Total:20 GB) (Free:8.9 GB) exFAT Drive v: (AKTUAR) (Fixed) (Total:40 GB) (Free:10.21 GB) exFAT Drive z: (Mail) (Fixed) (Total:25 GB) (Free:8.01 GB) NTFS \\?\Volume{d1702751-8f2d-11eb-a3a9-107b4415ae9e}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS \\?\Volume{d170274f-8f2d-11eb-a3a9-107b4415ae9e}\ () (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ==================== Ende von Addition.txt ======================= |
27.06.2021, 22:49 | #18 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Shortcut Teil 1
__________________Code:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 26-06-2021 durchgeführt von thoma (27-06-2021 23:44:44) Gestartet von D:\download\+++ troyaner +++ Start-Modus: Normal ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/easybcd Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 11\BesuchtDVDFabWebsite.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab11&v=11.0.8. Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Support-Forum.lnk -> hxxp://forum.audiograbber.de Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 11\BesuchtDVDFabWebsite.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab11&v=11.0.8. Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk -> C:\ProgramData\BlueStacks\Client\BlueStacks.exe (BlueStack Systems, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqdirec.exe (Hewlett-Packard Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Luminar 3.lnk -> C:\Program Files\Skylum\Luminar 3\Luminar 3.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\PDFill PDF Editor.lnk -> C:\Program Files (x86)\PlotSoft\PDFill\PDFill.exe (PlotSoft L.L.C.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Verschlüsselung.lnk -> C:\Program Files\1&1 Verschlüsselung\1&1 Verschluesselung.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyMusic.lnk -> C:\Program Files\AnyMusic\AnyMusic.exe (AmoyShare Technology Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 2021.lnk -> C:\Program Files (x86)\Audials\Audials 2021\AudialsStarter.exe (Audials AG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials Music Tube.lnk -> C:\Program Files (x86)\Audials\MusicTube 2020\AudialsStarter.exe (Audials AG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusweisApp2.lnk -> C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk -> C:\Program Files (x86)\BlueStacks\HD-MultiInstanceManager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk -> C:\ProgramData\BlueStacks\Client\Bluestacks.exe (BlueStack Systems, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 9 (64-bit).lnk -> C:\Program Files\CyberLink\PhotoDirector9\PhotoDirector9.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk -> C:\Program Files\Eraser\Eraser.exe (The Eraser Project) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.24.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.10.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk -> C:\Program Files (x86)\Gpg4win\bin\gpa.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HBCI-Modul für Money 99 Version 2000.lnk -> C:\Program Files (x86)\MSMoney99\System\hbci\hbcifm99.exe (Dr. Ulrich Amann) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk -> C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe (I.R.I.S. SA) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk -> C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePassXC.lnk -> C:\Windows\Installer\{ECCC6E1C-C5D1-4B71-94B0-B2F713AF9036}\ProductIcon.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk -> C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium viBoot.lnk -> C:\Program Files\Macrium\Reflect\viBoot.exe (Windows (R) Win 7 DDK provider) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Money.lnk -> C:\Program Files (x86)\MSMoney99\MSMONEY.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Money-Browser.lnk -> C:\Program Files (x86)\MSMoney99\System\Money-Browser\MNYBrowser.exe (Dr. Ulrich Amann) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neo4j Desktop.lnk -> C:\Program Files\Neo4j Desktop\Neo4j Desktop.exe (Neo4j Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung DeX.lnk -> C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\spacedesk SERVER.lnk -> C:\Windows\System32\spacedeskServiceTray.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk -> C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (General Workings, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware Horizon Client.lnk -> C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind.lnk -> C:\Program Files\XMind ZEN\XMind.exe (XMind Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube-DLG\Youtube-DLG entfernen.lnk -> C:\Program Files (x86)\Youtube-DLG\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube-DLG\Youtube-DLG.lnk -> C:\Program Files (x86)\Youtube-DLG\youtube-dl-gui.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit VCam.lnk -> C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind\XMind 8 Update 8.lnk -> C:\Program Files (x86)\XMind\XMind.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind\Support\Readme.lnk -> C:\Program Files (x86)\XMind\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind\Support\Uninstall XMind.lnk -> C:\Program Files (x86)\XMind\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 64bit\Uninstall XMedia Recode 64bit.lnk -> C:\Program Files\XMedia Recode 64bit\unins000.exe (XMedia Recode 64bit ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 64bit\XMedia Recode 64bit.lnk -> C:\Program Files\XMedia Recode 64bit\XMedia Recode.exe (XMedia Recode) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox\Xerox Notifications.lnk -> C:\Program Files\Xerox\XeroxPrintExperience\XeroxPrintExperience\XeroxToastNotifier.Exe (Xerox Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox\Xerox Scanner Management Utility.lnk -> C:\Program Files\Xerox\Xerox Scanner Management Utility\XrxScannerManagementUtility.exe (Xerox Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\Benutzerhandbuch.lnk -> C:\Program Files (x86)\WinMerge\Docs\WinMerge.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge\WinMerge.lnk -> C:\Program Files (x86)\WinMerge\WinMergeU.exe (hxxps://winmerge.org) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack\Documentation.lnk -> C:\Program Files\WinHTTrack\httrack-doc.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack\WinHTTrack Website Copier.lnk -> C:\Program Files\WinHTTrack\WinHTTrack.exe (HTTrack) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weka 3.8.4\Documentation.lnk -> C:\Program Files\Weka-3-8-4\documentation.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weka 3.8.4\Uninstall Weka 3.8.4.lnk -> C:\Program Files\Weka-3-8-4\uninstall.exe (Machine Learning Group, University of Waikato, Hamilton, NZ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\VMware Workstation 16 Player.lnk -> C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe (VMware, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual BCD\DualBootRepair.lnk -> C:\Program Files (x86)\Visual BCD\DualBootRepair.exe (BoYans) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual BCD\Visual BCD Editor.lnk -> C:\Program Files (x86)\Visual BCD\VisualBcd.exe (mail: 'boyans.gm@gmail.com') Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc\Deinstallieren VideoProc.lnk -> C:\Program Files (x86)\Digiarty\VideoProc\uninstaller.exe (Digiarty, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc\VideoProc.lnk -> C:\Program Files (x86)\Digiarty\VideoProc\VideoProc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCrypt.lnk -> C:\Program Files\VeraCrypt\VeraCrypt.exe (IDRIX) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCryptExpander.lnk -> C:\Program Files\VeraCrypt\VeraCryptExpander.exe (IDRIX) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS\VEGAS Pro 15.0\VEGAS Pro 15.0 Liesmich.lnk -> C:\Program Files\VEGAS\VEGAS Pro 15.0\readme\Vegas_readme_deu.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS\VEGAS Pro 15.0\VEGAS Pro 15.0.lnk -> C:\Program Files\VEGAS\VEGAS Pro 15.0\vegas150.exe (MAGIX Computer Products Intl. Co.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Manager\Uninstall Manager entfernen.lnk -> C:\Program Files (x86)\Martin Fuchs\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Manager\Uninstall Manager im Internet.lnk -> C:\Program Files (x86)\Martin Fuchs\uninstmgr.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Manager\Uninstall Manager.lnk -> C:\Program Files (x86)\Martin Fuchs\uninstmgr.exe (Martin Fuchs) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit\UltraEdit-Hilfe.lnk -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\uedit32.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit\UltraEdit-LIESMICH.lnk -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit\UltraEdit-Texteditor.lnk -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\PDF-XChange Editor (Compatibility mode).lnk -> C:\Program Files\Tracker Software\PDF Editor\PDFXEdit_low.exe (Tracker Software Products (Canada) Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\PDF-XChange Editor.lnk -> C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe (Tracker Software Products (Canada) Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\Tracker Updater.lnk -> C:\Program Files\Tracker Software\Update\TrackerUpdate.exe (Tracker Software Products (Canada) Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\PDF-XChange Lite\PDF-XChange Lite License Agreement.lnk -> C:\Program Files\Tracker Software\PDF-XChange Lite\Help\PDFXLicense.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\PDF-XChange Lite\PDF-XChange Lite User Manual.lnk -> C:\Program Files\Tracker Software\PDF-XChange Lite\Help\PDFX8ManLiteSm.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\PDF-XChange Editor\PDF-XChange Editor Help.lnk -> C:\Program Files\Tracker Software\PDF Editor\Help\PDFXVE8Sm.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\PDF-XChange Editor\PDF-XChange Editor License Agreement.lnk -> C:\Program Files\Tracker Software\PDF Editor\PDF_VE.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander 64 bit Entfernen oder Reparieren.lnk -> C:\Program Files\totalcmd\TCUNIN64.EXE () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander 64 bit.lnk -> C:\Program Files\totalcmd\TOTALCMD64.EXE (Ghisler Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Hilfe.lnk -> C:\Program Files\totalcmd\TOTALCMD.CHM () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechyGeeksHome\Ultimate Settings Panel.lnk -> C:\Windows\Installer\{2F0E2793-E444-4851-A4FC-61EC635326CF}\_D8C59A019EF6A81D071155.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio 3T\Studio 3T.lnk -> C:\Program Files\3T Software Labs\Studio 3T\Studio 3T.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Screen InStyle.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarCoin\SolarCoin.lnk -> C:\Program Files (x86)\SolarCoin\solarcoin-qt.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarCoin\Uninstall.lnk -> C:\Program Files (x86)\SolarCoin\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop\Soda PDF Desktop.lnk -> C:\Program Files\Soda PDF Desktop\soda.exe (LULU Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 7 Deutsch\SILKYPIX Developer Studio 7 Deutsch.lnk -> C:\Program Files\ISL\SILKYPIX Developer Studio 7 Deutsch\SILKYPIX_DS7.exe (Ichikawa Soft Laboratory) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SILKYPIX Developer Studio 7 Deutsch\Software Manual.lnk -> C:\Program Files\ISL\SILKYPIX Developer Studio 7 Deutsch\Manual\man0001.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate\SeaTools for Windows\Uninstall.lnk -> C:\Program Files (x86)\Seagate\SeaTools for Windows\uninst.exe (Seagate Technology LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Samsung Magician entfernen.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co. Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rtools 4.0\Rtools Bash.lnk -> C:\Program Files\rtools40\msys2.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rtools 4.0\Rtools MinGW 32-bit.lnk -> C:\Program Files\rtools40\mingw32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rtools 4.0\Rtools MinGW 64-bit.lnk -> C:\Program Files\rtools40\mingw64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rtools 4.0\Uninstall Rtools.lnk -> C:\Program Files\rtools40\unins000.exe (The R Foundation ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio\RStudio.lnk -> C:\Program Files\RStudio\bin\rstudio.exe (RStudio, PBC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio\Uninstall.lnk -> C:\Program Files\RStudio\Uninstall.exe (RStudio, PBC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recordify\Recordify.lnk -> C:\Program Files (x86)\Recordify\AbLauncher.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9\Python 3.9 (64-bit).lnk -> C:\Python39\python.exe (Python Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\Pageant.lnk -> C:\Program Files\PuTTY\pageant.exe (Simon Tatham) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PSFTP.lnk -> C:\Program Files\PuTTY\psftp.exe (Simon Tatham) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTY Manual.lnk -> C:\Program Files\PuTTY\putty.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTY Web Site.lnk -> C:\Program Files\PuTTY\website.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTY.lnk -> C:\Program Files\PuTTY\putty.exe (Simon Tatham) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTYgen.lnk -> C:\Program Files\PuTTY\puttygen.exe (Simon Tatham) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFtk - The PDF Toolkit\PDFtk - The PDF Toolkit.lnk -> C:\Program Files (x86)\PDFtk\bin\PdftkXp.exe (PDF Labs) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFtk - The PDF Toolkit\Uninstall PDFtk.lnk -> C:\Program Files (x86)\PDFtk\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\Help for PDFill PDF Editor.lnk -> C:\Program Files (x86)\PlotSoft\PDFill\PDFill.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\Help for PDFill PDF Tools.lnk -> C:\Program Files (x86)\PlotSoft\PDFill\PDFill_PDF_Tools.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\Help for PDFill PDF&Image Writer.lnk -> C:\Program Files (x86)\PlotSoft\PDFill\WriterSave.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\PDFill PDF Editor.lnk -> C:\Program Files (x86)\PlotSoft\PDFill\PDFill.exe (PlotSoft L.L.C.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\PDFill PDF Tools (FREE).lnk -> C:\Program Files (x86)\PlotSoft\PDFill\PDFill_PDF_Tools.exe (PlotSoft L.L.C.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\PDFill PDF&Image Writer (Free).lnk -> C:\Program Files (x86)\PlotSoft\PDFill\WriterSave.exe (PlotSoft LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\PDF24.lnk -> C:\Program Files\PDF24\pdf24-Toolbox.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator\Passbild-Generator entfernen.lnk -> C:\Program Files (x86)\Passbild-Generator\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator\Passbild-Generator.lnk -> C:\Program Files (x86)\Passbild-Generator\Passbild-Generator.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-websocket\Uninstall obs-websocket.lnk -> C:\Program Files\obs-studio\unins000.exe (Stephane Lepin ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk -> C:\Program Files\obs-studio\bin\64bit\obs64.exe (OBS) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk -> C:\Program Files\obs-studio\uninstall.exe (obsproject.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\NVIDIA Tools Extension (64 bit)\Browse NVIDIA Tools Extension.lnk -> C:\Program Files\NVIDIA Corporation\NvToolsExt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Visual Studio Edition 2020.3\Nsight Monitor.lnk -> C:\Program Files (x86)\NVIDIA Corporation\Nsight Visual Studio Edition 2020.3\Monitor\Common\Nsight.Monitor.exe (NVIDIA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Visual Studio Edition 2020.3\Nsight Redistributable.lnk -> C:\ProgramData\NVIDIA Corporation\Nsight\NVIDIA_Nsight_Visual_Studio_Edition_Win64_2020.3.1.21012_29495073.msi () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Systems 2020.4.3\Nsight Systems 2020.4.3.lnk -> C:\Program Files\NVIDIA Corporation\Nsight Systems 2020.4.3\host-windows-x64\nsys-ui.exe (NVIDIA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Compute 2020.3.1\Nsight Compute.lnk -> C:\Program Files\NVIDIA Corporation\Nsight Compute 2020.3.1\host\windows-desktop-win7-x64\ncu-ui.exe (NVIDIA Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js.lnk -> C:\Program Files\nodejs\node.exe (Node.js) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\EasyBCD 2.4.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Uninstall EasyBCD.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAPS2\NAPS2.lnk -> C:\Program Files (x86)\NAPS2\NAPS2.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MovieJack free\MovieJack free.lnk -> C:\Program Files (x86)\Engelmann Software\MovieJack free\MovieJack.exe (Engelmann Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker\ MiniTool ShadowMaker entfernen.lnk -> C:\Program Files\MiniTool ShadowMaker\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker\MiniTool ShadowMaker.lnk -> C:\Program Files\MiniTool ShadowMaker\system_backup_gui.exe (MiniTool) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12\MiniTool Partition Wizard entfernen.lnk -> C:\Program Files\MiniTool Partition Wizard 12\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12\MiniTool Partition Wizard.lnk -> C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe (MiniTool Software Limited) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool MovieMaker\MiniTool MovieMaker.lnk -> C:\Program Files (x86)\MiniTool MovieMaker\bin\Launcher.exe (MiniTool) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool MovieMaker\Uninstall MiniTool MovieMaker.lnk -> C:\Program Files (x86)\MiniTool MovieMaker\Uninstaller\unins000.exe (MiniTool ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Digitales Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office 2010-Spracheinstellungen.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010-Tools\Office Anytime Upgrade.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman\YouTube to MP3 Converter\MediaHuman YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\YouTubeToMP3.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\Music Maker\Music Maker.lnk -> C:\Program Files (x86)\MAGIX\Music Maker\25\MusicMaker.exe (MAGIX Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Video deluxe COMPUTER BILD-Edition\MAGIX Video deluxe COMPUTER BILD-Edition.lnk -> C:\Program Files\MAGIX\Video deluxe COMPUTER BILD-Edition\2019\Videodeluxe.exe (MAGIX Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Photostory Deluxe COMPUTER BILD-Edition\MAGIX Photostory Deluxe COMPUTER BILD-Edition.lnk -> C:\Program Files\MAGIX\Photostory Deluxe COMPUTER BILD-Edition\2019\Fotos_dlx.exe (MAGIX Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium\Reflect\Macrium Reflect.lnk -> C:\Program Files\Macrium\Reflect\reflect.exe (Paramount Software UK Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Luminar 2018\Luminar 2018.lnk -> C:\Windows\Installer\{935AB8A6-0E0A-41E4-BAC3-5EBDCDC7F766}\LogoIcon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardSystems\Wi-Fi Scanner\Uninstall Wi-Fi Scanner.lnk -> C:\Program Files (x86)\LizardSystems\Wi-Fi Scanner\unins000.exe (LizardSystems ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardSystems\Wi-Fi Scanner\Wi-Fi Scanner.lnk -> C:\Program Files (x86)\LizardSystems\Wi-Fi Scanner\wifiscanner.exe (LizardSystems) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks\lightworks x64 (14.0.0.0).lnk -> C:\Program Files\Lightworks\lightworks.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks\Uninstall Lightworks.lnk -> C:\Program Files\Lightworks\uninstall.exe (EditShare) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNIME\KNIME Analytics Platform.lnk -> C:\Program Files\KNIME\knime.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNIME\Uninstall KNIME Analytics Platform.lnk -> C:\Program Files\KNIME\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kite\Kite.lnk -> C:\Program Files\Kite\kited.exe (Kite) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains\PyCharm Community Edition 2019.3.3.lnk -> C:\Program Files\JetBrains\PyCharm Community Edition 2019.3.3\bin\pycharm64.exe (JetBrains s.r.o.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra\Jabra Direct.lnk -> C:\Program Files (x86)\Jabra\Direct4\jabra-direct.exe (GN Audio A/S) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\About IrfanView.lnk -> C:\Program Files\IrfanView\i_about.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Available Languages.lnk -> C:\Program Files\IrfanView\i_languages.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Available PlugIns.lnk -> C:\Program Files\IrfanView\i_plugins.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Command line Options.lnk -> C:\Program Files\IrfanView\i_options.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 64 4.50.lnk -> C:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 64 4.51.lnk -> C:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Help.lnk -> C:\Program Files\IrfanView\i_view32.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Hilfe.lnk -> C:\Program Files\IrfanView\Help\i_view32_deutsch.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Kommandozeilen-Optionen.lnk -> C:\Program Files\IrfanView\i_options.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare PlugIns.lnk -> C:\Program Files\IrfanView\i_plugins.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare Sprachen.lnk -> C:\Program Files\IrfanView\i_languages.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Was ist neu.lnk -> C:\Program Files\IrfanView\i_changes.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\What's New.lnk -> C:\Program Files\IrfanView\i_changes.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Über IrfanView.lnk -> C:\Program Files\IrfanView\i_about.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Inkscape.lnk -> C:\Program Files\Inkscape\bin\inkscape.exe (Inkscape project) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Inkview.lnk -> C:\Program Files\Inkscape\bin\inkview.exe (Inkscape project) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Uninstall.lnk -> C:\Program Files\Inkscape\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential.lnk -> C:\Program Files (x86)\HP\Photosmart Essential\HP_IZE.exe (Hewlett-Packard, Co.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Produktassistent.lnk -> C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbui.exe (Hewlett-Packard Co.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqdirec.exe (Hewlett-Packard Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Scanjet\8200\Benutzerhandbuch.lnk -> C:\Program Files (x86)\HP\Digital Imaging\sj8270\SJumDI.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Scanjet\8200\Info.lnk -> C:\Program Files (x86)\HP\Digital Imaging\sj8270\readme.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Scanjet\8200\Produktregistrierung.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Co.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Scanjet\8200\Produktsupport-Website.lnk -> C:\Program Files (x86)\HP\Digital Imaging\sj8270\Support.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential\HP Photosmart Essential.lnk -> C:\Program Files (x86)\HP\Photosmart Essential\HP_IZE.exe (Hewlett-Packard, Co.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HBCI-Modul für Money 99 Version 2000\FAQ zum HBCI-Modul für Money 99 Version 2000.lnk -> C:\Program Files (x86)\MSMoney99\System\hbci\FAQ.CHM () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HBCI-Modul für Money 99 Version 2000\HBCI-Modul für Money 99 Version 2000.lnk -> C:\Program Files (x86)\MSMoney99\System\hbci\hbcifm99.exe (Dr. Ulrich Amann) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HBCI-Modul für Money 99 Version 2000\Hilfe zum HBCI-Modul für Money 99 Version 2000.lnk -> C:\Program Files (x86)\MSMoney99\System\hbci\HBCIFM99.CHM () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV\WinTV 8.5.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe (Hauppauge Computer Works, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV\WinTV v8.5 Help.lnk -> C:\Users\Public\WinTV\Help\German\WinTV7.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Manager 25 Anniversary LE\Logs Collector Tool.lnk -> C:\Program Files\Paragon Software\Hard Disk Manager 25 Anniversary LE\program\logsaver.exe (Paragon Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Manager 25 Anniversary LE\Paragon Festplatten Manager™ 25 Jahre Limitierte Jubiläumsedition.lnk -> C:\Program Files\Paragon Software\Hard Disk Manager 25 Anniversary LE\program\hdm17.exe (Paragon Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HackCheck\HackCheck.lnk -> C:\Program Files (x86)\HackCheck\AbLauncher.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gsview\gsview 6.0.LNK -> C:\Program Files\Artifex Software\gsview6.0\bin\gsview.exe (Artifex Software Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gsview\Uninstall gsview 6.0.LNK -> C:\Program Files\Artifex Software\gsview6.0\uninstgsview.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash\Deinstallieren von GnuCash.lnk -> C:\Program Files (x86)\gnucash\uninstall\gnucash\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash\Erweiterung um Wechselkurse mit GnuCash online abzurufen.lnk -> C:\Program Files (x86)\gnucash\bin\install-fq-mods.cmd () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash\GnuCash README anzeigen.lnk -> C:\Program Files (x86)\gnucash\doc\gnucash\README-de.win32-bin.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash\GnuCash.lnk -> C:\Program Files (x86)\gnucash\bin\gnucash.exe (GnuCash Development Team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire\GlassWire.lnk -> C:\Program Files (x86)\GlassWire\GlassWire.exe (SecureMix LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire\Uninstall.lnk -> C:\Program Files (x86)\GlassWire\uninstall.exe (SecureMix LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git GUI.lnk -> C:\Program Files\Git\cmd\git-gui.exe (The Git Development Community) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git Release Notes.lnk -> C:\Program Files\Git\ReleaseNotes.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaset QuickSync\Gigaset QuickSync.lnk -> C:\Program Files (x86)\Gigaset QuickSync\Gqs.UI.exe (Gigaset Communications GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript Readme 9.53.3.LNK -> C:\Program Files\gs\gs9.53.3\doc\Readme.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript\Uninstall Ghostscript 9.53.3.LNK -> C:\Program Files\gs\gs9.53.3\uninstgs.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk -> C:\Program Files (x86)\Garmin\Express\express.exe (Garmin Ltd. or its subsidiaries) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind\FreeMind.lnk -> C:\Program Files (x86)\FreeMind\FreeMind.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind\Uninstall FreeMind.lnk -> C:\Program Files (x86)\FreeMind\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis\HDR projects 4\HDR projects 4 (64-Bit).lnk -> C:\Program Files\Franzis\HDR projects 4\HDR projects 4.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EventReporter\EventReporter Configuration.lnk -> C:\Program Files (x86)\EventReporter\CFGEvntSLog.exe (Adiscon GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EventReporter\EventReporter Legacy Client.lnk -> C:\Program Files (x86)\EventReporter\oldCFGEvntSLog.exe (Adiscon GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EventReporter\EventReporter Manual.lnk -> C:\Program Files (x86)\EventReporter\manual\EventReporter.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eudora\Eudora Help.lnk -> C:\Program Files (x86)\Qualcomm\Eudora\EUDORA.hlp () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eudora\Eudora Quick Start Guide.lnk -> C:\Program Files (x86)\Qualcomm\Eudora\Qckstart.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eudora\Eudora.lnk -> C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe (QUALCOMM Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eudora\Visit Website.lnk -> C:\Program Files (x86)\Qualcomm\Eudora\eudora.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Infodatei - Support.lnk -> C:\Program Files (x86)\ElsterFormular\bin\hotlinetool.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Lizenzvertrag.lnk -> C:\Program Files (x86)\ElsterFormular\lizenzvertrag.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\FreeStudioManager.exe (Digital Wave Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube To MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (Digital Wave Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe (DVDVideoSoft Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\PremiumMembershipOffer.exe (DVDVideoSoft Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 11\DeinstalliertDVDFab.lnk -> C:\Program Files (x86)\DVDFab 11\uninstall.exe (Keine Datei) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 11\DVDFab 11 Mini.lnk -> C:\Program Files (x86)\DVDFab 11\DVDFab.exe (Keine Datei) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 11\DVDFab 11.lnk -> C:\Program Files (x86)\DVDFab 11\DVDFab.exe (Keine Datei) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Dia Manual (CHM).lnk -> C:\Program Files (x86)\Dia\help\C\dia-manual.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Dia Manual (PDF).lnk -> C:\Program Files (x86)\Dia\help\C\dia-manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\FAQ.lnk -> C:\Program Files (x86)\Dia\help\C\faq.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Uninstall.lnk -> C:\Program Files (x86)\Dia\dia-0.97.2-uninstall.exe (The Dia Developers) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Polish\Dia Manual (CHM).lnk -> C:\Program Files (x86)\Dia\help\pl\dia-manual.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Polish\Dia Manual (PDF).lnk -> C:\Program Files (x86)\Dia\help\pl\dia-manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\French\Dia Manual (CHM).lnk -> C:\Program Files (x86)\Dia\help\fr\dia-manual.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\French\Dia Manual (PDF).lnk -> C:\Program Files (x86)\Dia\help\fr\dia-manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Basque\Dia Manual (CHM).lnk -> C:\Program Files (x86)\Dia\help\eu\dia-manual.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Basque\Dia Manual (PDF).lnk -> C:\Program Files (x86)\Dia\help\eu\dia-manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite\DB Browser for SQLite.lnk -> C:\Program Files\DB Browser for SQLite\DB Browser for SQLite.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite\Uninstall.lnk -> C:\Program Files\DB Browser for SQLite\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\darktable\darktable.lnk -> C:\Program Files\darktable\bin\darktable.exe (The darktable team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\darktable\Uninstall.lnk -> C:\Program Files\darktable\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cut Out pro 4\Cut Out pro 4.lnk -> C:\Program Files\Franzis\Cut Out pro 4\CutOut.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cut Out pro 4\Photoshop plugins.lnk -> C:\Program Files\Franzis\Cut Out pro 4\Photoshop Plugins () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cut Out pro 4\Uninstall Cut Out pro 4.lnk -> C:\Program Files\Franzis\Cut Out pro 4\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cryptomator.org\Cryptomator.lnk -> C:\Program Files\Cryptomator\Cryptomator.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptomator\Cryptomator.lnk -> C:\Program Files\Cryptomator\Cryptomator.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.ini () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair LINK 4\Corsair LINK 4.lnk -> C:\Windows\Installer\{C636E92F-74DD-42A1-B614-64BC42D2DA3A}\Icon.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\calibre 64bit - E-book management.lnk -> C:\Program Files\Calibre2\calibre.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\E-book viewer 64bit.lnk -> C:\Program Files\Calibre2\ebook-viewer.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Edit E-book 64bit.lnk -> C:\Program Files\Calibre2\ebook-edit.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\LRF viewer 64bit.lnk -> C:\Program Files\Calibre2\lrfviewer.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design\DaVinci Resolve\DaVinci Resolve Panels.lnk -> C:\Program Files (x86)\Blackmagic Design\DaVinci Resolve Panels\DaVinci Resolve Panels Setup.exe (Blackmagic Design) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BeCyPDFMetaEdit\BeCyPDFMetaEdit.lnk -> C:\Program Files (x86)\BeCyPDFMetaEdit\BeCyPDFMetaEdit.exe (Benjamin Bentmann) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BeCyPDFMetaEdit\UnInstaller.lnk -> C:\Program Files (x86)\BeCyPDFMetaEdit\UnInstall.exe (Benjamin Bentmann) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora\Aurora.lnk -> C:\Windows\Installer\{BB7ADD89-7C4D-430B-9D3C-8597736DFB4E}\LogoIcon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Audiograbber.lnk -> C:\Program Files (x86)\Audiograbber\audiograbber.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Deinstallieren.lnk -> C:\Program Files (x86)\Audiograbber\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Erste Schritte.lnk -> C:\Program Files (x86)\Audiograbber\Erste_Schritte.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Hilfe.lnk -> C:\Program Files (x86)\Audiograbber\German.hlp () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber\Line In Aufnahme.lnk -> C:\Program Files (x86)\Audiograbber\Line-In.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AURA.lnk -> C:\Program Files (x86)\ASUS\AURA\Aura.exe (ASUSTek Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\GameFirst IV.lnk -> C:\Program Files (x86)\ASUS\GameFirst IV\GameFirst IV.exe (Apextitan) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\AI Suite 3.lnk -> C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe (ASUSTeK Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Home Design 5\Ashampoo Home Design 5 .lnk -> C:\Program Files\Ashampoo\Ashampoo Home Design 5\Program\CAD.exe (VICABO GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Home Design 5\Hilfe\Ashampoo Home Design 5.lnk -> C:\Program Files\Ashampoo\Ashampoo Home Design 5\Program\de-DE\Ashampoo.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Home Design 5\Handbücher\Handbuch Ashampoo Home Design 5.lnk -> C:\Program Files\Ashampoo\Ashampoo Home Design 5\Manuals\de-De\Manual.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Home Design 5\Handbücher\Handbuch Tastaturbelegung.lnk -> C:\Program Files\Ashampoo\Ashampoo Home Design 5\Manuals\de-De\ShortCuts.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 2017\Ashampoo Burning Studio 2017 .lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2017\burningstudio2017.exe (Ashampoo) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft\ApowerMirror\ApowerMirror entfernen.lnk -> C:\Program Files (x86)\Apowersoft\ApowerMirror\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft\ApowerMirror\ApowerMirror.lnk -> C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Recorder\Any Video Recorder entfernen.lnk -> C:\Program Files (x86)\Any Video Recorder\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Recorder\Any Video Recorder.lnk -> C:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exe (any-video-recorder.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Adobe Digital Editions 4.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Home Page.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 4.5\Uninstall.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe (Adobe Systems Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1\1&1 Upload-Manager\1&1 Upload-Manager.lnk -> C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)\UFRaw.lnk -> C:\Program Files (x86)\UFRaw\bin\ufraw.exe () Shortcut: C:\ProgramData\Magix\Music Maker\25\MxSynth\Concert Grand LE.lnk -> C:\Program Files (x86)\Common Files\MAGIX Services\MxSynth\Concert Grand LE () Shortcut: C:\Users\Default\Desktop\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\thoma\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim\Cloudevo\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\josef\Links\Desktop.lnk -> C:\Users\josef\Desktop () Shortcut: C:\Users\josef\Links\Downloads.lnk -> D:\download () Shortcut: C:\Users\josef\Desktop\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Keine Datei) Shortcut: C:\Users\josef\Desktop\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\josef\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim\Cloudevo\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Keine Datei) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\Links\Desktop.lnk -> C:\Users\maxim\Desktop () Shortcut: C:\Users\maxim\Links\Downloads.lnk -> D:\download () Shortcut: C:\Users\maxim\Desktop\Binomialverteilung.lnk -> D:\Maximilian\Binomialverteilung.xlsx () Shortcut: C:\Users\maxim\Desktop\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Keine Datei) Shortcut: C:\Users\maxim\Desktop\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\maxim\Desktop\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe () Shortcut: C:\Users\maxim\Desktop\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe () Shortcut: C:\Users\maxim\Desktop\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe () Shortcut: C:\Users\maxim\Desktop\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) |
27.06.2021, 22:50 | #19 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Shortcut Teil 2 Code:
ATTFilter Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Word\Textbeschreibung%20%20zu%20Schule306921733876313431\Textbeschreibung%20%20zu%20Schule.docx.lnk -> O:\Textbeschreibung zu Schule.docx (Keine Datei) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\maxim\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim\Cloudevo\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Keine Datei) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\maxim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander 64 bit.lnk -> C:\Program Files\totalcmd\TOTALCMD64.EXE (Ghisler Software GmbH) Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Documents\MAGIX\Photostory Deluxe COMPUTER BILD-Edition\Dokumentation\MAGIX Photostory Deluxe COMPUTER BILD-Edition Handbuch.lnk -> C:\Program Files\MAGIX\Photostory Deluxe COMPUTER BILD-Edition\2019\Fotos_dlx_DE.pdf () Shortcut: C:\Users\Public\Desktop\1&1 Upload-Manager.lnk -> C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG) Shortcut: C:\Users\Public\Desktop\BlueStacks.lnk -> C:\ProgramData\BlueStacks\Client\Bluestacks.exe (BlueStack Systems, Inc.) Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\OBS Studio.lnk -> C:\Program Files\obs-studio\bin\64bit\obs64.exe (OBS) Shortcut: C:\Users\Public\Desktop\PDF-XChange Editor.lnk -> C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe (Tracker Software Products (Canada) Ltd.) Shortcut: C:\Users\Public\Desktop\Streamlabs OBS.lnk -> C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (General Workings, Inc.) Shortcut: C:\Users\Public\Desktop\VMware Horizon Client.lnk -> C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe (VMware, Inc.) Shortcut: C:\Users\Public\Desktop\XSplit VCam.lnk -> C:\Program Files\XSplit\VCam\x64\XSplitVCam.exe (SplitmediaLabs) Shortcut: C:\Users\sandr\Links\Desktop.lnk -> C:\Users\sandr\Desktop () Shortcut: C:\Users\sandr\Links\Downloads.lnk -> D:\download () Shortcut: C:\Users\sandr\Desktop\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Keine Datei) Shortcut: C:\Users\sandr\Desktop\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\sandr\Desktop\fritz.box.lnk -> \\fritz.box\FritzBox7490\CBMV88-CBMV88-01\Benutzer Shortcut: C:\Users\sandr\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\Desktop\OneDrive.lnk -> C:\Users\sandr\OneDrive (Keine Datei) Shortcut: C:\Users\sandr\Desktop\Scanner.lnk -> D:\Sandra\Scanner () Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Word\Impfkomplikation%20Ha,%20A307901781495616539\Impfkomplikation%20Ha,%20A.docx.lnk -> M:\Impfkomplikation Ha, A.docx (Keine Datei) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\sandr\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre7.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe (PhotoFiltre) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim\Cloudevo\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Keine Datei) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Keine Datei) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Avast Secure Browser.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Keine Datei) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\IJ Scan Utility.lnk -> C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Keine Datei) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe () Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe () Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe () Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander 64 bit.lnk -> C:\Program Files\totalcmd\TOTALCMD64.EXE (Ghisler Software GmbH) Shortcut: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WinTV 8.5.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe (Hauppauge Computer Works, Inc.) Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\Videos\Musik - Verknüpfung.lnk -> C:\Users\thoma\Music () Shortcut: C:\Users\thoma\Links\Desktop.lnk -> C:\Users\thoma\Desktop () Shortcut: C:\Users\thoma\Links\Downloads.lnk -> D:\download () Shortcut: C:\Users\thoma\Desktop\1&1 Verschlüsselung.lnk -> C:\Program Files\1&1 Verschlüsselung\1&1 Verschluesselung.exe () Shortcut: C:\Users\thoma\Desktop\AIOZ Node.lnk -> C:\Users\thoma\AppData\Local\Programs\aioz_worker_node\AIOZ Node.exe (AIOZ Company) Shortcut: C:\Users\thoma\Desktop\Autostart.lnk -> C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup () Shortcut: C:\Users\thoma\Desktop\DeepL.lnk -> C:\Users\thoma\AppData\Local\DeepL\DeepL.exe (DeepL GmbH) Shortcut: C:\Users\thoma\Desktop\DesktopOK.lnk -> C:\Program Files\DesktopOK\DesktopOK_x64.exe (Nenad Hrg SoftwareOK) Shortcut: C:\Users\thoma\Desktop\MicroSIP.lnk -> C:\Users\thoma\AppData\Local\MicroSIP\microsip.exe (www.microsip.org) Shortcut: C:\Users\thoma\Desktop\RStudio.lnk -> C:\Program Files\RStudio\bin\rstudio.exe (RStudio, PBC) Shortcut: C:\Users\thoma\Desktop\Signal.lnk -> C:\Users\thoma\AppData\Local\Programs\signal-desktop\Signal.exe (Open Whisper Systems) Shortcut: C:\Users\thoma\Desktop\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\Desktop\Slack.lnk -> C:\Users\thoma\AppData\Local\slack\slack.exe (Slack Technologies Inc.) Shortcut: C:\Users\thoma\Desktop\Telegram.lnk -> C:\Users\thoma\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC) Shortcut: C:\Users\thoma\Desktop\W & W.lnk -> M:\W & W () Shortcut: C:\Users\thoma\Desktop\System\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\Users\thoma\Desktop\System\Dual-boot Repair.lnk -> C:\Program Files (x86)\Visual BCD\DualBootRepair.exe (BoYans) Shortcut: C:\Users\thoma\Desktop\System\EasyBCD 2.4.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies) Shortcut: C:\Users\thoma\Desktop\System\Eraser.lnk -> C:\Program Files\Eraser\Eraser.exe (The Eraser Project) Shortcut: C:\Users\thoma\Desktop\System\IObit Software Updater.lnk -> C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe (Keine Datei) Shortcut: C:\Users\thoma\Desktop\System\MEGAsync.lnk -> C:\Users\thoma\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Shortcut: C:\Users\thoma\Desktop\System\MiniTool Partition Wizard.lnk -> C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe (MiniTool Software Limited) Shortcut: C:\Users\thoma\Desktop\System\MiniTool ShadowMaker.lnk -> C:\Program Files\MiniTool ShadowMaker\system_backup_gui.exe (MiniTool) Shortcut: C:\Users\thoma\Desktop\System\OkayFreedom.lnk -> C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe (Keine Datei) Shortcut: C:\Users\thoma\Desktop\System\UFRaw.lnk -> C:\Program Files (x86)\UFRaw\bin\ufraw.exe () Shortcut: C:\Users\thoma\Desktop\System\Ultimate Settings Panel.lnk -> C:\Windows\Installer\{2F0E2793-E444-4851-A4FC-61EC635326CF}\_806681F0577CE5C659DED3.exe () Shortcut: C:\Users\thoma\Desktop\System\Visual BCD Editor.lnk -> C:\Program Files (x86)\Visual BCD\VisualBcd.exe (mail: 'boyans.gm@gmail.com') Shortcut: C:\Users\thoma\Desktop\System\Wi-Fi Scanner.lnk -> C:\Program Files (x86)\LizardSystems\Wi-Fi Scanner\wifiscanner.exe (LizardSystems) Shortcut: C:\Users\thoma\Desktop\Programme\AusweisApp2.lnk -> C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG) Shortcut: C:\Users\thoma\Desktop\Programme\BlueStacks Multi-Instance Manager.lnk -> C:\Program Files (x86)\BlueStacks\HD-MultiInstanceManager.exe () Shortcut: C:\Users\thoma\Desktop\Programme\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\thoma\Desktop\Programme\Gigaset QuickSync.lnk -> C:\Program Files (x86)\Gigaset QuickSync\Gqs.UI.exe (Gigaset Communications GmbH) Shortcut: C:\Users\thoma\Desktop\Programme\MediaHuman YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\YouTubeToMP3.exe () Shortcut: C:\Users\thoma\Desktop\Programme\PDF24.lnk -> C:\Program Files (x86)\PDF24\pdf24-Launcher.exe (Keine Datei) Shortcut: C:\Users\thoma\Desktop\Programme\Samsung DeX.lnk -> C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd.) Shortcut: C:\Users\thoma\Desktop\Programme\VideoProc.lnk -> C:\Program Files (x86)\Digiarty\VideoProc\VideoProc.exe () Shortcut: C:\Users\thoma\Desktop\Multimedia\AnyMusic.lnk -> C:\Program Files\AnyMusic\AnyMusic.exe (AmoyShare Technology Company) Shortcut: C:\Users\thoma\Desktop\Multimedia\Olive.lnk -> C:\Program Files\Olive\olive-editor.exe (Olive Team) Shortcut: C:\Users\thoma\Desktop\Multimedia\onlineTV 15.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTV.exe (concept/design GmbH) Shortcut: C:\Users\thoma\Desktop\Multimedia\Recordify.lnk -> C:\Program Files (x86)\Recordify\AbLauncher.exe () Shortcut: C:\Users\thoma\Desktop\Games\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.) Shortcut: C:\Users\thoma\Desktop\Games\TeamSpeak 3 Client.lnk -> C:\Users\thoma\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH) Shortcut: C:\Users\thoma\Desktop\Games\Twitch.lnk -> C:\Users\thoma\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.) Shortcut: C:\Users\thoma\Desktop\ADS\ADS.lnk -> M:\aktuar\ADS (Keine Datei) Shortcut: C:\Users\thoma\Desktop\ADS\KNIME Analytics Platform.lnk -> C:\Program Files\KNIME\knime.exe () Shortcut: C:\Users\thoma\Desktop\ADS\MongoDBCompass.lnk -> C:\Users\thoma\AppData\Local\MongoDBCompass\MongoDBCompass.exe (MongoDB Inc) Shortcut: C:\Users\thoma\Desktop\ADS\Neo4j Desktop.lnk -> C:\Program Files\Neo4j Desktop\Neo4j Desktop.exe (Neo4j Inc.) Shortcut: C:\Users\thoma\Desktop\ADS\PyCharm Community Edition 2019.3.3.lnk -> C:\Program Files\JetBrains\PyCharm Community Edition 2019.3.3\bin\pycharm64.exe (JetBrains s.r.o.) Shortcut: C:\Users\thoma\Desktop\ADS\redis-cli.lnk -> C:\Program Files\Redis\redis-cli.exe () Shortcut: C:\Users\thoma\Desktop\ADS\redis-server.lnk -> C:\Program Files\Redis\redis-server.exe () Shortcut: C:\Users\thoma\Desktop\ADS\RStudio.lnk -> C:\Program Files\RStudio\bin\rstudio.exe (RStudio, PBC) Shortcut: C:\Users\thoma\Desktop\ADS\Studio 3T.lnk -> C:\Program Files\3T Software Labs\Studio 3T\Studio 3T.exe () Shortcut: C:\Users\thoma\AppData\Roaming\SplitmediaLabs\XSplit VCam 2.1.2101.0603\install\808E021\x64\XSplitVCam.lnk -> D:\Program Files (x86)\SplitmediaLabs\XSplit VCam\x64\XSplitVCam.exe (Keine Datei) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\FreeMind.lnk -> C:\Program Files (x86)\FreeMind\FreeMind.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Connect.lnk -> C:\Users\thoma\AppData\Roaming\Adobe\Connect\connect.exe (Adobe Systems, Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIOZ Node.lnk -> C:\Users\thoma\AppData\Local\Programs\aioz_worker_node\AIOZ Node.exe (AIOZ Company) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music.lnk -> C:\Users\thoma\AppData\Local\Amazon Music\Amazon Music.exe (Amazon.com Services LLC) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk -> D:\download\ESETOnlineScanner_DEU.exe (Keine Datei) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IOTA Wallet.lnk -> C:\Users\thoma\AppData\Local\Programs\iota\IOTA Wallet.exe (IOTA Foundation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Neo4j Desktop.lnk -> C:\Program Files\Neo4j Desktop\Neo4j Desktop.exe (Neo4j Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\thoma\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roger Router.lnk -> C:\Program Files (x86)\Roger Router\roger.exe (Keine Datei) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signal.lnk -> C:\Users\thoma\AppData\Local\Programs\signal-desktop\Signal.exe (Open Whisper Systems) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\simpleos.lnk -> C:\Users\thoma\AppData\Local\Programs\simpleos\simpleos.exe (EOSRio) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SplitCam.lnk -> C:\Users\thoma\AppData\Roaming\Microsoft\Installer\{C04D8FAF-1AA0-4B3E-B549-E31BE1E6BC7B}\_47A728F2C26004D7DE03E9.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sqrl.lnk -> C:\Users\thoma\AppData\Local\Programs\Sqrl\Sqrl.exe (Telos Foundation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk -> C:\Users\thoma\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trinity.lnk -> C:\Users\thoma\AppData\Local\Programs\trinity-desktop\Trinity.exe (IOTA Foundation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk -> C:\Users\thoma\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\thoma\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xournal++\Uninstall.lnk -> C:\Program Files\Xournal++\Uninstall.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xournal++\Xournal++.lnk -> C:\Program Files\Xournal++\bin\xournalpp.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code\Visual Studio Code.lnk -> C:\Users\thoma\AppData\Local\Programs\Microsoft VS Code\Code.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop\Telegram entfernen.lnk -> C:\Users\thoma\AppData\Roaming\Telegram Desktop\unins000.exe (Telegram FZ-LLC ) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop\Telegram.lnk -> C:\Users\thoma\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\TechPowerUp GPU-Z.lnk -> C:\Program Files (x86)\GPU-Z\GPU-Z.exe (techPowerUp (www.techpowerup.com)) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z\Uninstall.lnk -> C:\Program Files (x86)\GPU-Z\uninstall.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc\Slack.lnk -> C:\Users\thoma\AppData\Local\slack\slack.exe (Slack Technologies Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.5.0-2-x64\Uninstall Ruby 2.5.0-2-x64.lnk -> C:\Program Files\Ruby25-x64\unins000.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.5.0-2-x64\Documentation\Ruby 2.5.0 API Reference.lnk -> C:\Program Files\Ruby25-x64\share\doc\ruby\html\index.html () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software\Rossmann Fotowelt Software.lnk -> C:\Program Files (x86)\Rossmann Fotowelt Software\Rossmann Fotowelt Software.exe (ORWO Net GmbH, Bitterfeld-Wolfen, Germany, hxxp://www.orwonet.de) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software\Setup.lnk -> C:\Program Files (x86)\Rossmann Fotowelt Software\maintenancetool.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.8\Python 3.8 (32-bit).lnk -> C:\Users\thoma\AppData\Local\Programs\Python\Python38-32\python.exe (Python Software Foundation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProRealTime\ProRealTime.lnk -> C:\Users\thoma\AppData\Local\IT-Finance\ProRealTime\ProRealTime.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\PhotoFiltre 7 information.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.htm () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\PhotoFiltre 7.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe (PhotoFiltre) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\PhotoMasque information.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoMasque.htm () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\Uninstall PhotoFiltre 7.lnk -> C:\Program Files (x86)\PhotoFiltre 7\Uninst.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Olive\Olive.lnk -> C:\Program Files\Olive\olive-editor.exe (Olive Team) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Olive\Uninstall Olive.lnk -> C:\Program Files\Olive\uninstall.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MongoDB Inc\MongoDBCompass.lnk -> C:\Users\thoma\AppData\Local\MongoDBCompass\MongoDBCompass.exe (MongoDB Inc) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX\MiKTeX Console.lnk -> C:\Users\thoma\AppData\Local\Programs\MiKTeX\miktex\bin\x64\miktex-console.exe (MiKTeX.org) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX\TeXworks.lnk -> C:\Users\thoma\AppData\Local\Programs\MiKTeX\miktex\bin\x64\miktex-texworks.exe (TeX Users Group) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicroSIP\License.lnk -> C:\Users\thoma\AppData\Local\MicroSIP\License.txt () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicroSIP\MicroSIP Website.lnk -> C:\Users\thoma\AppData\Local\MicroSIP\MicroSIP Website.url () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicroSIP\MicroSIP.lnk -> C:\Users\thoma\AppData\Local\MicroSIP\microsip.exe (www.microsip.org) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicroSIP\Uninstall.lnk -> C:\Users\thoma\AppData\Local\MicroSIP\Uninstall.exe (www.microsip.org) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk -> C:\Users\thoma\AppData\Local\MEGAsync\MEGA Website.url () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk -> C:\Users\thoma\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk -> C:\Users\thoma\AppData\Local\MEGAsync\uninst.exe (MEGA Limited) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeeForm\Uninstall KeeForm for KeePass 2.0.lnk -> C:\Users\thoma\AppData\Local\KeeForm\KeeForm Uninstaller\unins000.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\About IrfanView.lnk -> C:\Program Files\IrfanView\i_about.txt () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Available Languages.lnk -> C:\Program Files\IrfanView\i_languages.txt () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Available PlugIns.lnk -> C:\Program Files\IrfanView\i_plugins.txt () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Command line Options.lnk -> C:\Program Files\IrfanView\i_options.txt () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 64 4.57.lnk -> C:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Help.lnk -> C:\Program Files\IrfanView\i_view32.chm () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\What's New.lnk -> C:\Program Files\IrfanView\i_changes.txt () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMAPSize\IMAPSize on the Web.lnk -> C:\Program Files (x86)\IMAPSize\imapsize.url () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMAPSize\IMAPSize.lnk -> C:\Program Files (x86)\IMAPSize\imapsize.exe (Broobles) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMAPSize\Uninstall IMAPSize.lnk -> C:\Program Files (x86)\IMAPSize\unins000.exe (Jordan Russell) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim\Cloudevo\Cloudevo.lnk -> C:\Program Files\Evorim\Cloudevo\Cloudevo.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum ABC\Electrum ABC.lnk -> C:\Program Files (x86)\Electrum ABC\ElectrumABC.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum ABC\Uninstall.lnk -> C:\Program Files (x86)\Electrum ABC\Uninstall.exe (Electrum ABC) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electron Cash\Electron Cash.lnk -> C:\Program Files (x86)\Electron Cash\Electron-Cash.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electron Cash\Uninstall.lnk -> C:\Program Files (x86)\Electron Cash\Uninstall.exe (Electron Cash) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easyHDR 2\easyHDR 2.lnk -> C:\Program Files (x86)\easyHDR 2\easyHDR_2.exe (BRTKSOFT Bartlomiej Okonek) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easyHDR 2\Uninstall.lnk -> C:\Program Files (x86)\easyHDR 2\uninstall.exe (BRTKSOFT Bartlomiej Okonek) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 11\DeinstalliertDVDFab.lnk -> C:\Program Files (x86)\DVDFab 11\uninstall.exe (Keine Datei) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 11\DVDFab 11 Mini.lnk -> C:\Program Files (x86)\DVDFab 11\DVDFab.exe (Keine Datei) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 11\DVDFab 11.lnk -> C:\Program Files (x86)\DVDFab 11\DVDFab.exe (Keine Datei) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeepL GmbH\DeepL.lnk -> C:\Users\thoma\AppData\Local\DeepL\DeepL.exe (DeepL GmbH) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\onlineTV 15.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTV.exe (concept/design GmbH) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\onlineTV @ Android.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTVAndroid.url () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\Ressource\Weitere Sender.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTVRes.url () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design\DaVinci Resolve\Resolve.lnk -> C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AusweisApp2\AusweisApp2.lnk -> C:\Program Files (x86)\AusweisApp2 1.14.0\AusweisApp2.exe (Governikus GmbH & Co. KG) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Amazon Music.lnk -> C:\Users\thoma\AppData\Local\Amazon Music\Amazon Music.exe (Amazon.com Services LLC) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\thoma\AppData\Local\Amazon Music\Uninstall.exe (Amazon) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Network Shortcuts\1&1 Thomas\target.lnk -> \\sd2dav.1und1.de@SSL\DavWWWRoot Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\1&1 Upload-Manager.lnk -> C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 4.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ApowerMirror.lnk -> C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BeCyPDFMetaEdit.lnk -> C:\Program Files (x86)\BeCyPDFMetaEdit\BeCyPDFMetaEdit.exe (Benjamin Bentmann) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GlassWire 2.3.lnk -> C:\Program Files (x86)\GlassWire\GlassWire.exe (SecureMix LLC) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Passbild-Generator.lnk -> C:\Program Files (x86)\Passbild-Generator\Passbild-Generator.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Soda PDF Desktop.lnk -> C:\Program Files\Soda PDF Desktop\soda.exe (LULU Software) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UFRaw.lnk -> C:\Program Files (x86)\UFRaw\bin\ufraw.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Uninstall Manager.lnk -> C:\Program Files (x86)\Martin Fuchs\uninstmgr.exe (Martin Fuchs) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VideoProc.lnk -> C:\Program Files (x86)\Digiarty\VideoProc\VideoProc.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XMind 8 Update 8.lnk -> C:\Program Files (x86)\XMind\XMind.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\EXCEL - Verknüpfung.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqdirec.exe (Hewlett-Packard Company) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KeePass 2.lnk -> C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe () Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird (2).lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander 64 bit.lnk -> C:\Program Files\totalcmd\TOTALCMD64.EXE (Ghisler Software GmbH) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UltraEdit.lnk -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VeraCrypt.lnk -> C:\Program Files\VeraCrypt\VeraCrypt.exe (IDRIX) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VMware Workstation 16 Player.lnk -> C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe (VMware, Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WinTV 8.5.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe (Hauppauge Computer Works, Inc.) Shortcut: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\XMind.lnk -> C:\Program Files\XMind ZEN\XMind.exe (XMind Ltd.) Shortcut: C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\opt\sagemath-8.8\local\share\giac\doc\el\casinter\casinter.lnk -> [LF../en/casinterc:\xcas\doc\en\en\casinter] (Keine Datei) Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\thoma\AppData\Local\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\thoma\AppData\Local\Amazon Music\Uninstall.exe (Amazon) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Install Additional Tools for Node.js.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /d /c "C:\Program Files\nodejs\install_tools.bat" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (Anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\ProgramData\Anaconda3\Scripts\activate.bat C:\ProgramData\Anaconda3 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (r_env).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\ProgramData\Anaconda3\Scripts\activate.bat C:\Users\thoma\.conda\envs\r_env ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Anaconda Prompt (Anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\ProgramData\Anaconda3\Scripts\activate.bat C:\ProgramData\Anaconda3 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAServiceHelper.exe (Intel) -> installstartup ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox PowerENGAGE\Xerox PowerENGAGE.lnk -> C:\Program Files (x86)\Xerox PowerENGAGE\xeroxreg.exe (Aviata Inc) -> /LSRC=StartMenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weka 3.8.4\Weka 3.8.4 (with console).lnk -> C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64\bin\java.exe (Azul Systems Inc.) -> -classpath "C:\Program Files\Weka-3-8-4" RunWeka -i "C:\Program Files\Weka-3-8-4\RunWeka.ini" -w "C:\Program Files\Weka-3-8-4\weka.jar" -c console -jre-path "C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weka 3.8.4\Weka 3.8.4.lnk -> C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64\bin\javaw.exe (Azul Systems Inc.) -> -classpath "C:\Program Files\Weka-3-8-4" RunWeka -i "C:\Program Files\Weka-3-8-4\RunWeka.ini" -w "C:\Program Files\Weka-3-8-4\weka.jar" -jre-path "C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware\Command Prompt for vctl.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k set PATH=C:\Program Files (x86)\VMware\VMware Player\;%PATH% && vctl.exe -h ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual BCD\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {436D50FF-8FA1-4FDD-A9C9-48B52A990F57} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software\PDF-XChange Lite\PDF-XChange Lite pdfSaver.lnk -> C:\Program Files\Tracker Software\PDF-XChange Lite\pdfSaverL.exe (Tracker Software Products (Canada) Ltd.) -> /Show ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop\Uninstall or Modify Soda PDF Desktop.lnk -> C:\ProgramData\Soda PDF Desktop\Installation\Soda_PDF_Desktop_Installer.exe (LULU Software) -> /uninstall ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop\Uninstall Soda PDF Desktop.lnk -> C:\ProgramData\Soda PDF Desktop\Installation\Soda_PDF_Desktop_Installer.exe (LULU Software) -> /uninstall ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate\SeaTools for Windows\SeaTools for Windows.lnk -> C:\Program Files (x86)\Seagate\SeaTools for Windows\SeaToolsforWindows.exe (Seagate Technology) -> C:\Program Files (x86)\Seagate\SeaTools for Windows\Seagate_Logo.ico ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R\R i386 3.6.2.lnk -> C:\Program Files\R\R-3.6.2\bin\i386\Rgui.exe () -> --cd-to-userdocs ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R\R i386 4.0.3.lnk -> C:\Program Files\R\R-4.0.3\bin\i386\Rgui.exe () -> --cd-to-userdocs ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R\R x64 3.6.2.lnk -> C:\Program Files\R\R-3.6.2\bin\x64\Rgui.exe () -> --cd-to-userdocs ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R\R x64 4.0.3.lnk -> C:\Program Files\R\R-4.0.3\bin\x64\Rgui.exe () -> --cd-to-userdocs ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9\IDLE (Python 3.9 64-bit).lnk -> C:\Python39\pythonw.exe (Python Software Foundation) -> "C:\Python39\Lib\idlelib\idle.pyw" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9\Python 3.9 Manuals (64-bit).lnk -> C:\Windows\hh.exe (Microsoft Corporation) -> C:\Python39\Doc\python394.chm ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9\Python 3.9 Module Docs (64-bit).lnk -> C:\Python39\python.exe (Python Software Foundation) -> -m pydoc -b ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\Uninstall PDFill Package.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {26037138-C111-4BC5-88E8-DD2B2F2460C7} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Systems 2020.4.3\Uninstall NVIDIA Nsight Systems 2020.4.3.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {8A00392B-A561-4D04-990C-4D1741A5CDDE} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Nsight Compute 2020.3.1\Uninstall NVIDIA Nsight Compute 2020.3.1.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {1259B3DA-CFC4-4BEE-8DBD-B497981D2047} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Uninstall Node.js.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {140389EF-5573-4B66-9218-B739F767AFBD} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX\MAGIX Connect\MAGIX Connect.lnk -> C:\Program Files\Common Files\MAGIX Services\QMxNetworkSync\QMxNetworkSync.exe (MAGIX) -> -show ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) -> -tab update ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) -> -tab about ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView - Thumbnails.lnk -> C:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan) -> /thumbs ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential\Deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {EB21A812-671B-4D08-B974-2A347F0D8F70} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV\Erweiterte Optionen.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Program Files (x86)\WinTV\WinTV8\Erweiterte Optionen\ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git Bash.lnk -> C:\Program Files\Git\git-bash.exe (The Git Development Community) -> --cd-to-home ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git CMD.lnk -> C:\Program Files\Git\git-cmd.exe (The Git Development Community) -> --cd-to-home ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript 9.53.3.LNK -> C:\Program Files\gs\gs9.53.3\bin\gswin64.exe () -> "-IC:\Program Files\gs\gs9.53.3\lib;C:\Program Files\gs\gs9.53.3\..\fonts" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EventReporter\Uninstall EventReporter.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {E03F80A2-8024-4C2D-BC36-9EACD6E660BF} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Hilfe.lnk -> C:\Program Files (x86)\ElsterFormular\bin\hilfepica.exe (Digia Plc and/or its subsidiary(-ies)) -> -collectionFile "C:\Program Files (x86)\ElsterFormular\/hilfe/elfo.bedienung.qhc" -showUrl "qthelp://elfo.bedienung/hilfe/bed_kap01/910000.html" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Installationsverwaltung.lnk -> C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung.exe () -> --zeigeDlg ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Integritätsprüfer.lnk -> C:\Program Files (x86)\ElsterFormular\bin\integritaetspruefer.exe () -> -path "C:\Program Files (x86)\ElsterFormular\ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Screenreadermodus.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe () -> --sehbehindertenmodus ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EIZO\Screen InStyle\Screen InStyle.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation) -> /m ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia\Dia.lnk -> C:\Program Files (x86)\Dia\bin\diaw.exe () -> --integrated ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite 3\Uninstall AI Suite 3.lnk -> C:\ProgramData\ASUS\AI Suite III\Setup.exe () -> -u ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Navigator (Anaconda3).lnk -> C:\ProgramData\Anaconda3\pythonw.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\pythonw.exe C:\ProgramData\Anaconda3\Scripts\anaconda-navigator-script.py ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Navigator.lnk -> C:\ProgramData\Anaconda3\pythonw.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\pythonw.exe C:\ProgramData\Anaconda3\Scripts\anaconda-navigator-script.py ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Powershell Prompt (Anaconda3).lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -ExecutionPolicy ByPass -NoExit -Command "& 'C:\ProgramData\Anaconda3\shell\condabin\conda-hook.ps1' ; conda activate 'C:\ProgramData\Anaconda3' " ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Jupyter Notebook (Anaconda3).lnk -> C:\ProgramData\Anaconda3\python.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\python.exe C:\ProgramData\Anaconda3\Scripts\jupyter-notebook-script.py "%USERPROFILE%/" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Jupyter Notebook (r_env).lnk -> C:\ProgramData\Anaconda3\python.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\Users\thoma\.conda\envs\r_env C:\Users\thoma\.conda\envs\r_env\python.exe C:\Users\thoma\.conda\envs\r_env\Scripts\jupyter-notebook-script.py "%USERPROFILE%/" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Reset Spyder Settings (Anaconda3).lnk -> C:\ProgramData\Anaconda3\python.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\python.exe C:\ProgramData\Anaconda3\Scripts\spyder-script.py --reset ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Spyder (Anaconda3).lnk -> C:\ProgramData\Anaconda3\pythonw.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\pythonw.exe C:\ProgramData\Anaconda3\Scripts\spyder-script.py ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\josef\Desktop\Monitor Power OFF.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation) -> /off ShortcutWithArgument: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\josef\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\josef\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\josef\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\josef\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\maxim\Desktop\Monitor Power OFF.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation) -> /off ShortcutWithArgument: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\maxim\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\maxim\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\Public\Videos\WinTV v8 Aufnahmen.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Public\Videos\ ShortcutWithArgument: C:\Users\sandr\Desktop\Monitor Power OFF.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation) -> /off ShortcutWithArgument: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Notizen – Notizen & Listen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Notes in Google™ Keep.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bnekgeakipbeljnpdnoggpakknfifdjf ShortcutWithArgument: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\sandr\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\sandr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\sandr\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ShortcutWithArgument: C:\Users\thoma\Desktop\Amazon Backup.lnk -> C:\Users\thoma\AppData\Local\Amazon Drive\AmazonPhotos.exe (Amazon.com Inc.) -> --source-desktop --show-status-window ShortcutWithArgument: C:\Users\thoma\Desktop\Discord.lnk -> C:\Users\thoma\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe ShortcutWithArgument: C:\Users\thoma\Desktop\Microsoft Teams.lnk -> C:\Users\thoma\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe" ShortcutWithArgument: C:\Users\thoma\Desktop\Monitor Power OFF.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation) -> /off ShortcutWithArgument: C:\Users\thoma\Desktop\Out of Milk.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -json "{""app_icon_url"": """", ""app_name"": ""Out of Milk"", ""app_url"": """", ""app_pkg"": ""com.capigami.outofmilk""}" ShortcutWithArgument: C:\Users\thoma\Desktop\Screen InStyle.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation) -> /m ShortcutWithArgument: C:\Users\thoma\Desktop\Programme\Amazon Alexa.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -json "{""app_icon_url"": """", ""app_name"": ""Amazon Alexa"", ""app_url"": """", ""app_pkg"": ""com.amazon.dee.app""}" ShortcutWithArgument: C:\Users\thoma\Desktop\Programme\Kasa.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -json "{""app_icon_url"": """", ""app_name"": ""Kasa"", ""app_url"": """", ""app_pkg"": ""com.tplink.kasa_android""}" ShortcutWithArgument: C:\Users\thoma\Desktop\Programme\XDA.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -json "{""app_icon_url"": """", ""app_name"": ""XDA"", ""app_url"": """", ""app_pkg"": ""com.xda.labs.play""}" ShortcutWithArgument: C:\Users\thoma\Desktop\Mathe\SageMath 8.8 Notebook.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Notebook Server' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage --notebook jupyter' ShortcutWithArgument: C:\Users\thoma\Desktop\Mathe\SageMath 8.8 Shell.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Shell' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage -sh' ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Anaconda Navigator (Anaconda3).lnk -> C:\ProgramData\Anaconda3\pythonw.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\pythonw.exe C:\ProgramData\Anaconda3\Scripts\anaconda-navigator-script.py ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Anaconda Powershell Prompt (Anaconda3).lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -ExecutionPolicy ByPass -NoExit -Command "& 'C:\ProgramData\Anaconda3\shell\condabin\conda-hook.ps1' ; conda activate 'C:\ProgramData\Anaconda3' " ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Jupyter Notebook (Anaconda3).lnk -> C:\ProgramData\Anaconda3\python.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\python.exe C:\ProgramData\Anaconda3\Scripts\jupyter-notebook-script.py "%USERPROFILE%/" ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\R x64 3.6.2.lnk -> C:\Program Files\R\R-3.6.2\bin\x64\Rgui.exe () -> --cd-to-userdocs ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Reset Spyder Settings (Anaconda3).lnk -> C:\ProgramData\Anaconda3\python.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\python.exe C:\ProgramData\Anaconda3\Scripts\spyder-script.py --reset ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Spyder (Anaconda3).lnk -> C:\ProgramData\Anaconda3\pythonw.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\ProgramData\Anaconda3 C:\ProgramData\Anaconda3\pythonw.exe C:\ProgramData\Anaconda3\Scripts\spyder-script.py ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Weka 3.8.4 (with console).lnk -> C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64\bin\java.exe (Azul Systems Inc.) -> -classpath "C:\Program Files\Weka-3-8-4" RunWeka -i "C:\Program Files\Weka-3-8-4\RunWeka.ini" -w "C:\Program Files\Weka-3-8-4\weka.jar" -c console -jre-path "C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64" ShortcutWithArgument: C:\Users\thoma\Desktop\ADS\Weka 3.8.4.lnk -> C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64\bin\javaw.exe (Azul Systems Inc.) -> -classpath "C:\Program Files\Weka-3-8-4" RunWeka -i "C:\Program Files\Weka-3-8-4\RunWeka.ini" -w "C:\Program Files\Weka-3-8-4\weka.jar" -jre-path "C:\Program Files\Weka-3-8-4\jre\zulu11.35.15-ca-fx-jre11.0.5-win_x64" ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Photos.lnk -> C:\Users\thoma\AppData\Local\Amazon Drive\AmazonPhotos.exe (Amazon.com Inc.) -> --source-startmenu ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\thoma\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe" ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) -> /tsr ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\thoma\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MicroSIP.lnk -> C:\Users\thoma\AppData\Local\MicroSIP\microsip.exe (www.microsip.org) -> /minimized ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SageMath 8.8\SageMath 8.8 Notebook.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Notebook Server' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage --notebook jupyter' ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SageMath 8.8\SageMath 8.8 Shell.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Shell' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage -sh' ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SageMath 8.8\SageMath 8.8.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Console' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage' ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.5.0-2-x64\Interactive Ruby.lnk -> C:\Program Files\Ruby25-x64\bin\irb.cmd () -> -rirb/completion ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.5.0-2-x64\RubyGems Documentation Server.lnk -> C:\Program Files\Ruby25-x64\bin\gem.cmd () -> server --launch ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.5.0-2-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Program Files\Ruby25-x64\bin\setrbvars.cmd ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.8\IDLE (Python 3.8 32-bit).lnk -> C:\Users\thoma\AppData\Local\Programs\Python\Python38-32\pythonw.exe (Python Software Foundation) -> "C:\Users\thoma\AppData\Local\Programs\Python\Python38-32\Lib\idlelib\idle.pyw" ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.8\Python 3.8 Module Docs (32-bit).lnk -> C:\Users\thoma\AppData\Local\Programs\Python\Python38-32\python.exe (Python Software Foundation) -> -m pydoc -b ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit\MSYS2 MinGW 32-bit.lnk -> C:\Program Files\msys2\msys2_shell.cmd () -> -mingw32 ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit\MSYS2 MinGW 64-bit.lnk -> C:\Program Files\msys2\msys2_shell.cmd () -> -mingw64 ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit\MSYS2 MSYS.lnk -> C:\Program Files\msys2\msys2_shell.cmd () -> -msys ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView - Thumbnails.lnk -> C:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan) -> /thumbs ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum ABC\Electrum ABC (Software OpenGL).lnk -> C:\Program Files (x86)\Electrum ABC\ElectrumABC.exe () -> --qt_opengl software ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum ABC\Electrum ABC Testnet.lnk -> C:\Program Files (x86)\Electrum ABC\ElectrumABC.exe () -> --testnet ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electron Cash\Electron Cash (Software OpenGL).lnk -> C:\Program Files (x86)\Electron Cash\Electron-Cash.exe () -> --qt_opengl software ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electron Cash\Electron Cash Scalenet.lnk -> C:\Program Files (x86)\Electron Cash\Electron-Cash.exe () -> --scalenet ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electron Cash\Electron Cash Testnet.lnk -> C:\Program Files (x86)\Electron Cash\Electron-Cash.exe () -> --testnet ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electron Cash\Electron Cash Testnet4.lnk -> C:\Program Files (x86)\Electron Cash\Electron-Cash.exe () -> --testnet4 ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\thoma\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AusweisApp2\Uninstall AusweisApp2.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {27284E9D-0BCF-441A-82B9-5B96F5C09701} ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Reset Spyder Settings (r_env).lnk -> C:\ProgramData\Anaconda3\python.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\Users\thoma\.conda\envs\r_env C:\Users\thoma\.conda\envs\r_env\python.exe C:\Users\thoma\.conda\envs\r_env\Scripts\spyder-script.py --reset ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Spyder (r_env).lnk -> C:\ProgramData\Anaconda3\pythonw.exe (Python Software Foundation) -> C:\ProgramData\Anaconda3\cwp.py C:\Users\thoma\.conda\envs\r_env C:\Users\thoma\.conda\envs\r_env\pythonw.exe C:\Users\thoma\.conda\envs\r_env\Scripts\spyder-script.py ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\SendTo\WinSCP (zum Hochladen).lnk -> C:\Program Files (x86)\WinSCP\WinSCP.exe (Martin Prikryl) -> /upload ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle ShortcutWithArgument: C:\Users\thoma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ShortcutWithArgument: C:\Users\thoma\AppData\Local\SageMath 8.8\SageMath 8.8 Notebook.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Notebook Server' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage --notebook jupyter' ShortcutWithArgument: C:\Users\thoma\AppData\Local\SageMath 8.8\SageMath 8.8 Shell.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Shell' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage -sh' ShortcutWithArgument: C:\Users\thoma\AppData\Local\SageMath 8.8\SageMath 8.8.lnk -> C:\Users\thoma\AppData\Local\SageMath 8.8\runtime\bin\mintty.exe (Andy Koppe / Thomas Wolff) -> -t 'SageMath 8.8 Console' -i sagemath.ico /bin/bash --login -c '/opt/sagemath-8.8/sage' ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\thoma\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 64bit\XMedia Recode 64bit im Internet.url -> URL: hxxp://www.xmedia-recode.de/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual BCD\Visit Visual BCD site.url -> URL: hxxp://boyans.my3gb.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt\VeraCrypt Website.url -> URL: hxxps://www.veracrypt.fr InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill\Visit PDFill Home Page.url -> URL: hxxp://www.PDFill.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-websocket\obs-websocket on the Web.url -> URL: hxxp://github.com/Palakis/obs-websocket InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url -> URL: hxxps://nodejs.org/download/release/v14.17.0/docs/api/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url -> URL: hxxps://nodejs.org/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker\MiniTool Web site.url -> URL: hxxps://www.minitool.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12\MiniTool Partition Wizard im Internet.url -> URL: hxxp://www.partitionwizard.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LizardSystems\Wi-Fi Scanner\Wi-Fi Scanner on the Web.url -> URL: hxxps://lizardsystems.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNIME\Additional resources\How to update KNIME Analytics Platform.url -> URL: hxxps://www.knime.com/downloads/update InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNIME\Additional resources\KNIME Analytics Platform on the Web.url -> URL: hxxps://www.knime.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNIME\Additional resources\KNIME Forum.url -> URL: hxxps://www.knime.com/forum InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNIME\Additional resources\Learning hub.url -> URL: hxxps://www.knime.com/learning-hub InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.url -> URL: hxxps://java.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.url -> URL: hxxps://java.com/help InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Inkscape Homepage.url -> URL: hxxps://inkscape.org InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HBCI-Modul für Money 99 Version 2000\Online-FAQ von Gerald Vogt.url -> URL: hxxps://money.gvogt.de/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash\Fehlerbericht einsenden für GnuCash (online, engl.).url -> URL: hxxps://bugs.gnucash.org/enter_bug.cgi?product=GnuCash InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash\GnuCash Häufige Fragen (online, engl.).url -> URL: hxxp://wiki.gnucash.org/wiki/FAQ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git\Git FAQs (Frequently Asked Questions).url -> URL: hxxps://github.com/git-for-windows/git/wiki/FAQ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis\HDR projects 4\Webseite - HDR projects 4.url -> URL: hxxp://www.hdr-projects.de InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Get Involved.url -> URL: hxxps://calibre-ebook.com/get-involved InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\User Manual.url -> URL: hxxps://manual.calibre-ebook.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft\ApowerMirror\ApowerMirror im Internet.url -> URL: hxxps://www.apowersoft.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Recorder\Any Video Recorder im Internet.url -> URL: hxxp://www.anvsoft.com/ InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games\Darksiders II Deathinitive Edition.url -> URL: twitch://fuel-launch/790f3b07-fc9c-4efe-bb66-32bd348a9d23 InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games\Double Cross.url -> URL: twitch://fuel-launch/e3bc3283-5464-4946-80b8-8ac1401f7b16 InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games\Planet Alpha.url -> URL: twitch://fuel-launch/fe19ef5f-a1e0-4caf-96b4-590b2c022b15 InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games\Sword Legacy Omen.url -> URL: twitch://fuel-launch/25071895-d6cb-49ce-98fe-4a2c3c92b9fc InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games\Turmoil.url -> URL: twitch://fuel-launch/9f710b74-9960-4411-bdfc-3cd846ca812c InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Source SDK Base 2007.url -> URL: steam://rungameid/218 InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeeForm\KeeForm help.url -> URL: hxxps://keeform.org/keepass/keeform-faq InternetURL: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box\FRITZ!Box USB-Fernanschluss Onlineunterstützung.url -> BASEURL: hxxps://avm.de/ URL: hxxps://avm.de/ InternetURL: C:\Users\thoma\AppData\Local\MicroSIP\MicroSIP Website.url -> URL: hxxp://www.microsip.org/ InternetURL: C:\Users\thoma\AppData\Local\MEGAsync\MEGA Website.url -> URL: hxxp://www.mega.nz InternetURL: C:\Users\thoma\.conda\pkgs\m2w64-gettext-0.19.7-2\Library\mingw-w64\share\gettext\projects\TP\teams.url -> InternetURL: C:\Users\thoma\.conda\pkgs\m2w64-gettext-0.19.7-2\Library\mingw-w64\share\gettext\projects\KDE\teams.url -> InternetURL: C:\Users\thoma\.conda\pkgs\m2w64-gettext-0.19.7-2\Library\mingw-w64\share\gettext\projects\GNOME\teams.url -> InternetURL: C:\Users\thoma\.conda\envs\r_env\Library\mingw-w64\share\gettext\projects\TP\teams.url -> InternetURL: C:\Users\thoma\.conda\envs\r_env\Library\mingw-w64\share\gettext\projects\KDE\teams.url -> InternetURL: C:\Users\thoma\.conda\envs\r_env\Library\mingw-w64\share\gettext\projects\GNOME\teams.url -> ==================== Ende vom Shortcut.txt ============================= |
28.06.2021, 01:09 | #20 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Ich habe das EXE mal mit dem Procmon analysiert, vielleicht hilft das ja weiter, was das Programm macht? Teil 1 Code:
ATTFilter "Time of Day","Process Name","PID","Operation","Path","Result","Detail" "01:38:41,8794575","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 5660" "01:38:41,8815454","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","SUCCESS","Image Base: 0xdf0000, Image Size: 0x18000" "01:38:41,8816073","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffa42130000, Image Size: 0x1f5000" "01:38:41,8816746","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Image Base: 0x76f40000, Image Size: 0x1a3000" "01:38:41,8818138","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8818629","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","AllocationSize: 4.096, EndOfFile: 3.656, NumberOfLinks: 1, DeletePending: False, Directory: False" "01:38:41,8818855","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","Offset: 0, Length: 3.656, Priority: Normal" "01:38:41,8819639","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","" "01:38:41,8850363","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "01:38:41,8850514","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "01:38:41,8850658","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "01:38:41,8850810","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8850989","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "01:38:41,8851117","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "01:38:41,8851516","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8851672","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8851814","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "01:38:41,8852108","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8856085","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8857911","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\wow64.dll","SUCCESS","Image Base: 0x7ffa402c0000, Image Size: 0x59000" "01:38:41,8859678","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\wow64win.dll","SUCCESS","Image Base: 0x7ffa41540000, Image Size: 0x83000" "01:38:41,8867837","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "01:38:41,8872331","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8872813","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows","SUCCESS","Name: \Windows" "01:38:41,8873009","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows","SUCCESS","" "01:38:41,8873745","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86","SUCCESS","Desired Access: Read" "01:38:41,8874011","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","NAME NOT FOUND","Length: 520" "01:38:41,8874160","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\(Default)","SUCCESS","Type: REG_SZ, Length: 26, Data: wow64cpu.dll" "01:38:41,8874321","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\Wow64\x86","SUCCESS","" "01:38:41,8875623","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\wow64cpu.dll","SUCCESS","Image Base: 0x76f30000, Image Size: 0xa000" "01:38:41,8878367","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "01:38:41,8878543","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "01:38:41,8878734","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:41,8878859","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "01:38:41,8879072","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8879249","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "01:38:41,8879389","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "01:38:41,8879796","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8879923","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8880070","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:41,8880225","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "01:38:41,8880364","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8883756","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Users\thoma\AppData\Local\Temp","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8885083","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x75310000, Image Size: 0xf0000" "01:38:41,8886869","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Image Base: 0x76640000, Image Size: 0x214000" "01:38:41,8888836","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8889071","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryBasicInformationFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","CreationTime: 03.06.2021 11:14:38, LastAccessTime: 28.06.2021 01:38:32, LastWriteTime: 03.06.2021 11:14:38, ChangeTime: 03.06.2021 11:14:50, FileAttributes: A" "01:38:41,8889178","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","" "01:38:41,8890185","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8890537","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryEAFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","" "01:38:41,8890756","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","FileSystemControl","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "01:38:41,8891054","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:41,8891333","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "01:38:41,8891494","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "01:38:41,8891625","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "01:38:41,8891755","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8891880","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "01:38:41,8891998","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "01:38:41,8892115","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "01:38:41,8892232","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8892350","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","SyncType: SyncTypeOther" "01:38:41,8892935","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Image Base: 0x6edf0000, Image Size: 0x10000" "01:38:41,8893453","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","" "01:38:41,8900582","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8901088","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\System32\conhost.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:41,8901339","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "01:38:41,8901477","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "01:38:41,8901603","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "01:38:41,8901736","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8901894","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "01:38:41,8902117","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "01:38:41,8902288","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "01:38:41,8902449","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8902626","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\System32\conhost.exe","SUCCESS","SyncType: SyncTypeOther" "01:38:41,8902916","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Conhost.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8903223","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QuerySecurityFile","C:\Windows\System32\conhost.exe","SUCCESS","Information: Label" "01:38:41,8903597","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","Name: \Windows\System32\conhost.exe" "01:38:41,8907485","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","FileSystemControl","C:\Windows\System32\conhost.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "01:38:41,8907744","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","AllocationSize: 876.544, EndOfFile: 875.008, NumberOfLinks: 2, DeletePending: False, Directory: False" "01:38:41,8907941","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","AllocationSize: 876.544, EndOfFile: 875.008, NumberOfLinks: 2, DeletePending: False, Directory: False" "01:38:41,8908120","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 0, Length: 2, Priority: Normal" "01:38:41,8908441","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 60, Length: 4" "01:38:41,8908562","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 248, Length: 4" "01:38:41,8908660","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 252, Length: 20" "01:38:41,8908747","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 416, Length: 4" "01:38:41,8908840","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 875.000, Length: 8" "01:38:41,8908954","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 874.952, Length: 8" "01:38:41,8909679","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QuerySecurityFile","C:\Windows\System32\conhost.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "01:38:41,8909839","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryFileInternalInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","IndexNumber: 0x10000001c623e" "01:38:41,8910008","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","FileSystemControl","C:\Windows\System32\conhost.exe","SUCCESS","Control: FSCTL_GET_NTFS_VOLUME_DATA" "01:38:41,8910743","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\aswSnx","SUCCESS","Desired Access: Read" "01:38:41,8910975","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\aswSnx","SUCCESS","" "01:38:41,8912625","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8913168","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","AllocationSize: 4.096, EndOfFile: 446, NumberOfLinks: 1, DeletePending: False, Directory: False" "01:38:41,8913372","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","Offset: 0, Length: 446, Priority: Normal" "01:38:41,8913859","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","" "01:38:41,8916255","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8916944","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\System32\conhost.exe","BUFFER OVERFLOW","Name: \Windo" "01:38:41,8917193","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","Name: \Windows\System32\conhost.exe" "01:38:41,8919330","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS","" "01:38:41,8935417","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001","SUCCESS","Desired Access: All Access" "01:38:41,8935568","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001\\Device\HarddiskVolume8\Windows\System32\conhost.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: ..." "01:38:41,8935713","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001\\Device\HarddiskVolume8\Windows\System32\conhost.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: ..." "01:38:41,8936579","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001","SUCCESS","" "01:38:41,8936716","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BAM","REPARSE","Desired Access: Query Value" "01:38:41,8936849","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\BAM","NAME NOT FOUND","Desired Access: Query Value" "01:38:41,8960744","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Process Create","C:\WINDOWS\System32\Conhost.exe","SUCCESS","PID: 19684, Command line: \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1" "01:38:41,8961131","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS","" "01:38:42,0673296","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528" "01:38:42,0674136","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll" "01:38:42,0675244","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528" "01:38:42,0675917","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll" "01:38:42,0679254","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "01:38:42,0679520","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "01:38:42,0679714","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read" "01:38:42,0679875","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read" "01:38:42,0680169","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers","REPARSE","Desired Access: Query Value" "01:38:42,0680360","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "01:38:42,0680534","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0680632","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "01:38:42,0680835","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "01:38:42,0681078","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "01:38:42,0681389","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "01:38:42,0681486","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "01:38:42,0681681","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0681809","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "01:38:42,0682060","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "01:38:42,0682228","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "01:38:42,0682323","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "01:38:42,0682430","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0682532","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LPGO","NAME NOT FOUND","Length: 20" "01:38:42,0682714","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "01:38:42,0687762","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\crypt32.dll","SUCCESS","Image Base: 0x75110000, Image Size: 0x101000" "01:38:42,0689490","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Image Base: 0x76c20000, Image Size: 0x120000" "01:38:42,0711512","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 12284" "01:38:42,0717516","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read" "01:38:42,0717697","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read" "01:38:42,0717941","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0718059","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 00060305" "01:38:42,0718243","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "01:38:42,0719233","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "01:38:42,0719447","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "01:38:42,0719671","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0719799","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "01:38:42,0719957","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:42,0720904","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 11532" "01:38:42,0724063","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe" "01:38:42,0724492","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "01:38:42,0724652","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "01:38:42,0724880","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0725002","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-DE","NAME NOT FOUND","Length: 532" "01:38:42,0725164","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "01:38:42,0725353","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "01:38:42,0725499","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "01:38:42,0725655","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0725757","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-DE","NAME NOT FOUND","Length: 532" "01:38:42,0725878","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "01:38:42,0726100","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "01:38:42,0726219","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "01:38:42,0726350","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0726489","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US","NAME NOT FOUND","Length: 532" "01:38:42,0726667","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "01:38:42,0726934","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "01:38:42,0727110","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "01:38:42,0727345","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0727498","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US","NAME NOT FOUND","Length: 532" "01:38:42,0727667","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "01:38:42,0728108","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "01:38:42,0730284","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "01:38:42,0731827","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:42,0732025","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3.375.104, EndOfFile: 3.371.404, NumberOfLinks: 2, DeletePending: False, Directory: False" "01:38:42,0735542","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther" "01:38:42,0736166","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","" "01:38:42,0737190","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read" "01:38:42,0737399","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read" "01:38:42,0737632","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0737789","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en-US","NAME NOT FOUND","Length: 90" "01:38:42,0738000","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en","NAME NOT FOUND","Length: 90" "01:38:42,0738946","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read" "01:38:42,0739227","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0739329","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0739506","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32","REPARSE","Desired Access: Read" "01:38:42,0739696","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","Desired Access: Read" "01:38:42,0739866","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0739983","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Services\crypt32\DiagLevel","NAME NOT FOUND","Length: 16" "01:38:42,0740118","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Services\crypt32\DiagMatchAnyMask","NAME NOT FOUND","Length: 20" "01:38:42,0740313","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","" "01:38:42,0740514","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0740627","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0740833","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32","REPARSE","Desired Access: Read" "01:38:42,0740976","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","Desired Access: Read" "01:38:42,0741113","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0754324","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 3692" "01:38:42,0755260","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0755481","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0756064","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Desired Access: Read" "01:38:42,0756576","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0757031","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Index: 0, Name: EncodingType 0" "01:38:42,0757742","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0757987","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Desired Access: Read" "01:38:42,0758596","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0758809","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Desired Access: Read" "01:38:42,0759081","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Index: 0, Name: #16" "01:38:42,0759393","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0759693","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Desired Access: Read" "01:38:42,0760003","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0760303","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\cryptnet.dll" "01:38:42,0760494","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 36, Data: LdapProvOpenStore" "01:38:42,0760836","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","" "01:38:42,0761042","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Index: 1, Name: Ldap" "01:38:42,0761319","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0761461","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Desired Access: Read" "01:38:42,0761631","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0761820","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\cryptnet.dll" "01:38:42,0762105","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 36, Data: LdapProvOpenStore" "01:38:42,0762773","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap","SUCCESS","" "01:38:42,0763109","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","NO MORE ENTRIES","Index: 2, Length: 288" "01:38:42,0763310","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","" "01:38:42,0764009","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","" "01:38:42,0764413","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Index: 1, Name: EncodingType 1" "01:38:42,0764869","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0765035","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","Desired Access: Read" "01:38:42,0765307","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0765464","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv","NAME NOT FOUND","Desired Access: Read" "01:38:42,0765805","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\AppModel\Lookaside\Packages","NAME NOT FOUND","Desired Access: Read" "01:38:42,0766006","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","" "01:38:42,0766132","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","NO MORE ENTRIES","Index: 2, Length: 288" "01:38:42,0766277","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","" "01:38:42,0768695","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read" "01:38:42,0769028","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0769177","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: Name" "01:38:42,0769424","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "01:38:42,0769774","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0770008","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: Name" "01:38:42,0770330","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\Software\Microsoft\SystemCertificates\ROOT\PhysicalStores","NAME NOT FOUND","Desired Access: Read" "01:38:42,0770561","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU","SUCCESS","" "01:38:42,0771280","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0771448","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: Name" "01:38:42,0771683","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "01:38:42,0771989","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0772123","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: Name" "01:38:42,0772369","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCreateKey","HKCU\Software\Microsoft\SystemCertificates\ROOT","SUCCESS","Desired Access: Read/Write, Delete, Disposition: REG_OPENED_EXISTING_KEY" "01:38:42,0773919","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0774106","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU","SUCCESS","" "01:38:42,0774256","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","" "01:38:42,0774507","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0774620","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0774846","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots","REPARSE","Desired Access: Read" "01:38:42,0775009","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots","NAME NOT FOUND","Desired Access: Read" "01:38:42,0775849","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0775969","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: Name" "01:38:42,0776204","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "01:38:42,0776560","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0776705","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: Name" "01:38:42,0776920","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCreateKey","HKCU\Software\Microsoft\SystemCertificates\ROOT","SUCCESS","Desired Access: Read/Write, Delete, Disposition: REG_OPENED_EXISTING_KEY" "01:38:42,0778547","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0779021","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0779197","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: Name" "01:38:42,0779490","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "01:38:42,0779810","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0779967","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: Name" "01:38:42,0780201","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\Software\Microsoft\SystemCertificates\Root\ProtectedRoots","SUCCESS","Desired Access: Read" "01:38:42,0780444","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0780639","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots","SUCCESS","" "01:38:42,0780845","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU","SUCCESS","" "01:38:42,0781106","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0781266","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","Desired Access: Read" "01:38:42,0781523","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0781664","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCreateKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","Desired Access: Read/Write, Delete, Disposition: REG_OPENED_EXISTING_KEY" "01:38:42,0783263","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0783393","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0783534","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","" |
28.06.2021, 01:09 | #21 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Teil 2 Code:
ATTFilter "Time of Day","Process Name","PID","Operation","Path","Result","Detail" "01:38:41,8794575","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 5660" "01:38:41,8815454","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","SUCCESS","Image Base: 0xdf0000, Image Size: 0x18000" "01:38:41,8816073","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\ntdll.dll","SUCCESS","Image Base: 0x7ffa42130000, Image Size: 0x1f5000" "01:38:41,8816746","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\ntdll.dll","SUCCESS","Image Base: 0x76f40000, Image Size: 0x1a3000" "01:38:41,8818138","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8818629","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","AllocationSize: 4.096, EndOfFile: 3.656, NumberOfLinks: 1, DeletePending: False, Directory: False" "01:38:41,8818855","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","Offset: 0, Length: 3.656, Priority: Normal" "01:38:41,8819639","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\Prefetch\6DC8E1C9-BDA7-4C8A-A834-54798-20215CB6.pf","SUCCESS","" "01:38:41,8850363","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "01:38:41,8850514","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "01:38:41,8850658","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "01:38:41,8850810","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8850989","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "01:38:41,8851117","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "01:38:41,8851516","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8851672","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8851814","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "01:38:41,8852108","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8856085","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8857911","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\wow64.dll","SUCCESS","Image Base: 0x7ffa402c0000, Image Size: 0x59000" "01:38:41,8859678","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\wow64win.dll","SUCCESS","Image Base: 0x7ffa41540000, Image Size: 0x83000" "01:38:41,8867837","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\System32\wow64log.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "01:38:41,8872331","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8872813","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows","SUCCESS","Name: \Windows" "01:38:41,8873009","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows","SUCCESS","" "01:38:41,8873745","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\Microsoft\Wow64\x86","SUCCESS","Desired Access: Read" "01:38:41,8874011","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","NAME NOT FOUND","Length: 520" "01:38:41,8874160","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\(Default)","SUCCESS","Type: REG_SZ, Length: 26, Data: wow64cpu.dll" "01:38:41,8874321","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\Wow64\x86","SUCCESS","" "01:38:41,8875623","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\System32\wow64cpu.dll","SUCCESS","Image Base: 0x76f30000, Image Size: 0xa000" "01:38:41,8878367","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "01:38:41,8878543","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "01:38:41,8878734","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:41,8878859","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\RaiseExceptionOnPossibleDeadlock","NAME NOT FOUND","Length: 80" "01:38:41,8879072","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8879249","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap","REPARSE","Desired Access: Query Value" "01:38:41,8879389","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\Segment Heap","NAME NOT FOUND","Desired Access: Query Value" "01:38:41,8879796","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8879923","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8880070","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:41,8880225","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "01:38:41,8880364","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:41,8883756","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Users\thoma\AppData\Local\Temp","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8885083","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\kernel32.dll","SUCCESS","Image Base: 0x75310000, Image Size: 0xf0000" "01:38:41,8886869","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Image Base: 0x76640000, Image Size: 0x214000" "01:38:41,8888836","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8889071","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryBasicInformationFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","CreationTime: 03.06.2021 11:14:38, LastAccessTime: 28.06.2021 01:38:32, LastWriteTime: 03.06.2021 11:14:38, ChangeTime: 03.06.2021 11:14:50, FileAttributes: A" "01:38:41,8889178","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","" "01:38:41,8890185","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8890537","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryEAFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","" "01:38:41,8890756","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","FileSystemControl","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "01:38:41,8891054","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:41,8891333","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "01:38:41,8891494","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "01:38:41,8891625","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "01:38:41,8891755","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8891880","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "01:38:41,8891998","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "01:38:41,8892115","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "01:38:41,8892232","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8892350","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","SyncType: SyncTypeOther" "01:38:41,8892935","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","Image Base: 0x6edf0000, Image Size: 0x10000" "01:38:41,8893453","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Program Files\AVAST Software\Avast\x86\aswhook.dll","SUCCESS","" "01:38:41,8900582","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8901088","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\System32\conhost.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:41,8901339","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "01:38:41,8901477","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "01:38:41,8901603","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "01:38:41,8901736","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8901894","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "01:38:41,8902117","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "01:38:41,8902288","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "01:38:41,8902449","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:41,8902626","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\System32\conhost.exe","SUCCESS","SyncType: SyncTypeOther" "01:38:41,8902916","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Conhost.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "01:38:41,8903223","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QuerySecurityFile","C:\Windows\System32\conhost.exe","SUCCESS","Information: Label" "01:38:41,8903597","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","Name: \Windows\System32\conhost.exe" "01:38:41,8907485","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","FileSystemControl","C:\Windows\System32\conhost.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "01:38:41,8907744","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","AllocationSize: 876.544, EndOfFile: 875.008, NumberOfLinks: 2, DeletePending: False, Directory: False" "01:38:41,8907941","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","AllocationSize: 876.544, EndOfFile: 875.008, NumberOfLinks: 2, DeletePending: False, Directory: False" "01:38:41,8908120","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 0, Length: 2, Priority: Normal" "01:38:41,8908441","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 60, Length: 4" "01:38:41,8908562","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 248, Length: 4" "01:38:41,8908660","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 252, Length: 20" "01:38:41,8908747","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 416, Length: 4" "01:38:41,8908840","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 875.000, Length: 8" "01:38:41,8908954","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\Windows\System32\conhost.exe","SUCCESS","Offset: 874.952, Length: 8" "01:38:41,8909679","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QuerySecurityFile","C:\Windows\System32\conhost.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "01:38:41,8909839","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryFileInternalInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","IndexNumber: 0x10000001c623e" "01:38:41,8910008","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","FileSystemControl","C:\Windows\System32\conhost.exe","SUCCESS","Control: FSCTL_GET_NTFS_VOLUME_DATA" "01:38:41,8910743","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\aswSnx","SUCCESS","Desired Access: Read" "01:38:41,8910975","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\aswSnx","SUCCESS","" "01:38:41,8912625","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8913168","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","AllocationSize: 4.096, EndOfFile: 446, NumberOfLinks: 1, DeletePending: False, Directory: False" "01:38:41,8913372","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","ReadFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","Offset: 0, Length: 446, Priority: Normal" "01:38:41,8913859","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\ProgramData\AVAST Software\Avast\snx_lconfig.xml","SUCCESS","" "01:38:41,8916255","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\System32\conhost.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "01:38:41,8916944","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\System32\conhost.exe","BUFFER OVERFLOW","Name: \Windo" "01:38:41,8917193","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\System32\conhost.exe","SUCCESS","Name: \Windows\System32\conhost.exe" "01:38:41,8919330","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS","" "01:38:41,8935417","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001","SUCCESS","Desired Access: All Access" "01:38:41,8935568","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001\\Device\HarddiskVolume8\Windows\System32\conhost.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: ..." "01:38:41,8935713","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001\\Device\HarddiskVolume8\Windows\System32\conhost.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: ..." "01:38:41,8936579","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001","SUCCESS","" "01:38:41,8936716","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BAM","REPARSE","Desired Access: Query Value" "01:38:41,8936849","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager\BAM","NAME NOT FOUND","Desired Access: Query Value" "01:38:41,8960744","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Process Create","C:\WINDOWS\System32\Conhost.exe","SUCCESS","PID: 19684, Command line: \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1" "01:38:41,8961131","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\System32\conhost.exe","SUCCESS","" "01:38:42,0673296","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\3c74afb9-8d82-44e3-b52c-365dbf48382a","NAME NOT FOUND","Length: 528" "01:38:42,0674136","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll" "01:38:42,0675244","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\05f95efe-7f75-49c7-a994-60a55cc09571","NAME NOT FOUND","Length: 528" "01:38:42,0675917","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\SysWOW64\KernelBase.dll","SUCCESS","Name: \Windows\SysWOW64\KernelBase.dll" "01:38:42,0679254","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","REPARSE","Desired Access: Query Value, Set Value" "01:38:42,0679520","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\SafeBoot\Option","NAME NOT FOUND","Desired Access: Query Value, Set Value" "01:38:42,0679714","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","REPARSE","Desired Access: Read" "01:38:42,0679875","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Srp\GP\DLL","NAME NOT FOUND","Desired Access: Read" "01:38:42,0680169","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers","REPARSE","Desired Access: Query Value" "01:38:42,0680360","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","SUCCESS","Desired Access: Query Value" "01:38:42,0680534","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0680632","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled","NAME NOT FOUND","Length: 80" "01:38:42,0680835","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers","SUCCESS","" "01:38:42,0681078","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers","NAME NOT FOUND","Desired Access: Query Value" "01:38:42,0681389","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "01:38:42,0681486","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "01:38:42,0681681","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0681809","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabled","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1" "01:38:42,0682060","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "01:38:42,0682228","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem\","REPARSE","Desired Access: Read" "01:38:42,0682323","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","Desired Access: Read" "01:38:42,0682430","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0682532","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\FileSystem\LPGO","NAME NOT FOUND","Length: 20" "01:38:42,0682714","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\FileSystem","SUCCESS","" "01:38:42,0687762","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\crypt32.dll","SUCCESS","Image Base: 0x75110000, Image Size: 0x101000" "01:38:42,0689490","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\ucrtbase.dll","SUCCESS","Image Base: 0x76c20000, Image Size: 0x120000" "01:38:42,0711512","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 12284" "01:38:42,0717516","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","REPARSE","Desired Access: Read" "01:38:42,0717697","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","Desired Access: Read" "01:38:42,0717941","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0718059","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\(Default)","SUCCESS","Type: REG_SZ, Length: 18, Data: 00060305" "01:38:42,0718243","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "01:38:42,0719233","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value, Enumerate Sub Keys" "01:38:42,0719447","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value, Enumerate Sub Keys" "01:38:42,0719671","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0719799","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\ResourcePolicies","NAME NOT FOUND","Length: 24" "01:38:42,0719957","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" "01:38:42,0720904","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 11532" "01:38:42,0724063","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe" "01:38:42,0724492","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "01:38:42,0724652","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "01:38:42,0724880","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0725002","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\de-DE","NAME NOT FOUND","Length: 532" "01:38:42,0725164","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "01:38:42,0725353","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "01:38:42,0725499","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "01:38:42,0725655","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0725757","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\de-DE","NAME NOT FOUND","Length: 532" "01:38:42,0725878","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "01:38:42,0726100","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","REPARSE","Desired Access: Read" "01:38:42,0726219","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","Desired Access: Read" "01:38:42,0726350","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0726489","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US","NAME NOT FOUND","Length: 532" "01:38:42,0726667","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\CustomLocale","SUCCESS","" "01:38:42,0726934","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","REPARSE","Desired Access: Read" "01:38:42,0727110","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","Desired Access: Read" "01:38:42,0727345","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0727498","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale\en-US","NAME NOT FOUND","Length: 532" "01:38:42,0727667","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\ExtendedLocale","SUCCESS","" "01:38:42,0728108","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions\000603xx","SUCCESS","Type: REG_SZ, Length: 26, Data: kernel32.dll" "01:38:42,0730284","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "01:38:42,0731827","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:42,0732025","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryStandardInformationFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","AllocationSize: 3.375.104, EndOfFile: 3.371.404, NumberOfLinks: 2, DeletePending: False, Directory: False" "01:38:42,0735542","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","SyncType: SyncTypeOther" "01:38:42,0736166","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\Globalization\Sorting\SortDefault.nls","SUCCESS","" "01:38:42,0737190","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","REPARSE","Desired Access: Read" "01:38:42,0737399","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","Desired Access: Read" "01:38:42,0737632","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0737789","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en-US","NAME NOT FOUND","Length: 90" "01:38:42,0738000","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids\en","NAME NOT FOUND","Length: 90" "01:38:42,0738946","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM","SUCCESS","Desired Access: Maximum Allowed, Granted Access: Read" "01:38:42,0739227","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0739329","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0739506","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32","REPARSE","Desired Access: Read" "01:38:42,0739696","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","Desired Access: Read" "01:38:42,0739866","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0739983","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Services\crypt32\DiagLevel","NAME NOT FOUND","Length: 16" "01:38:42,0740118","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Services\crypt32\DiagMatchAnyMask","NAME NOT FOUND","Length: 20" "01:38:42,0740313","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","" "01:38:42,0740514","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0740627","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0740833","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\crypt32","REPARSE","Desired Access: Read" "01:38:42,0740976","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","Desired Access: Read" "01:38:42,0741113","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0754324","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Create","","SUCCESS","Thread ID: 3692" "01:38:42,0755260","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0755481","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0756064","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Desired Access: Read" "01:38:42,0756576","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0757031","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Index: 0, Name: EncodingType 0" "01:38:42,0757742","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0757987","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Desired Access: Read" "01:38:42,0758596","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0758809","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Desired Access: Read" "01:38:42,0759081","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Index: 0, Name: #16" "01:38:42,0759393","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0759693","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Desired Access: Read" "01:38:42,0760003","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0760303","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\cryptnet.dll" "01:38:42,0760494","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 36, Data: LdapProvOpenStore" "01:38:42,0783740","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0783872","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCreateKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","Desired Access: Read/Write, Delete, Disposition: REG_OPENED_EXISTING_KEY" "01:38:42,0785302","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0785587","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0785854","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","" "01:38:42,0786190","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0786387","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCreateKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","Desired Access: Read/Write, Delete, Disposition: REG_OPENED_EXISTING_KEY" "01:38:42,0787953","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0788158","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0788350","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","" "01:38:42,0788746","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0788873","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: Name" "01:38:42,0789077","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "01:38:42,0790487","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Image Base: 0x75400000, Image Size: 0x75000" "01:38:42,0794133","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\rpcrt4.dll","SUCCESS","Image Base: 0x76af0000, Image Size: 0xbf000" "01:38:42,0798421","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\ca967c75-04bf-40b5-9a16-98b5f9332a92","NAME NOT FOUND","Length: 528" "01:38:42,0799237","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Name: \Windows\SysWOW64\sechost.dll" "01:38:42,0800244","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\WMI\Security\b6fd710b-f783-4b1c-ab9c-c68099dcc0c7","NAME NOT FOUND","Length: 528" "01:38:42,0800806","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryNameInformationFile","C:\Windows\SysWOW64\sechost.dll","SUCCESS","Name: \Windows\SysWOW64\sechost.dll" "01:38:42,0801430","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0801903","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: Name" "01:38:42,0803545","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\Software\Microsoft\SystemCertificates\Root\ProtectedRoots","SUCCESS","Desired Access: Read" "01:38:42,0803997","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0804838","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKeySecurity","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots","SUCCESS","" "01:38:42,0805324","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates","BUFFER OVERFLOW","Length: 12" "01:38:42,0805629","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates","SUCCESS","Type: REG_BINARY, Length: 24, Data: ... "01:38:42,0806038","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots","SUCCESS","" "01:38:42,0806377","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU","SUCCESS","" "01:38:42,0806785","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","" "01:38:42,0807162","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU","SUCCESS","" "01:38:42,0807937","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0808241","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0808703","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\SystemCertificates\ROOT\PhysicalStores","REPARSE","Desired Access: Read" "01:38:42,0809095","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\PhysicalStores","NAME NOT FOUND","Desired Access: Read" "01:38:42,0809736","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0810126","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0810489","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\SystemCertificates\ROOT","REPARSE","Desired Access: Read" "01:38:42,0810825","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","Desired Access: Read" "01:38:42,0811155","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0811549","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","" "01:38:42,0811860","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0812004","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0812277","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots","REPARSE","Desired Access: Read" "01:38:42,0812539","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots","NAME NOT FOUND","Desired Access: Read" "01:38:42,0813076","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0813218","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0813479","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\SystemCertificates\ROOT","REPARSE","Desired Access: Read" "01:38:42,0813645","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","Desired Access: Read" "01:38:42,0813806","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0814023","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0814172","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","Desired Access: Read" "01:38:42,0814420","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0814621","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Desired Access: Read" "01:38:42,0814827","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Query: Cached, SubKeys: 22, Values: 0" "01:38:42,0816149","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Query: Cached, SubKeys: 22, Values: 0" "01:38:42,0816400","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Index: 0, Name: 0119E81BE9A14CD8E22F40AC118C687ECBA3F4D8" "01:38:42,0816753","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0817000","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,0817289","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,0817517","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,0817761","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 2.001, Data: "01:38:42,0818036","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0xxx","SUCCESS","" "01:38:42,0818525","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0818698","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0819044","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Desired Access: Read" "01:38:42,0819344","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0819674","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Index: 0, Name: EncodingType 0" "01:38:42,0820112","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0820340","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Desired Access: Read" "01:38:42,0820742","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0820966","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllDecodeObjectEx","NAME NOT FOUND","Desired Access: Read" "01:38:42,0821228","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0","SUCCESS","" "01:38:42,0821429","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Index: 1, Name: EncodingType 1" "01:38:42,0821776","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0821958","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","Desired Access: Read" "01:38:42,0822280","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0822484","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Desired Access: Read" "01:38:42,0822773","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Index: 0, Name: 1.2.840.113549.1.9.16.1.1" "01:38:42,0823172","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0823416","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.1.1","SUCCESS","Desired Access: Read" "01:38:42,0823617","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.1.1","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0823817","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.1.1","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\inetcomm.dll" "01:38:42,0823995","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.1.1","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 38, Data: EssReceiptDecodeEx" "01:38:42,0824359","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.1.1","SUCCESS","" "01:38:42,0824522","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Index: 1, Name: 1.2.840.113549.1.9.16.2.1" "01:38:42,0824901","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0825180","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.1","SUCCESS","Desired Access: Read" "01:38:42,0825712","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.1","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0826080","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.1","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\inetcomm.dll" "01:38:42,0826404","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.1","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 52, Data: EssReceiptRequestDecodeEx" "01:38:42,0826929","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.1","SUCCESS","" "01:38:42,0827241","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Index: 2, Name: 1.2.840.113549.1.9.16.2.11" "01:38:42,0827686","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0828033","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.11","SUCCESS","Desired Access: Read" "01:38:42,0828403","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.11","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0828718","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.11","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\inetcomm.dll" "01:38:42,0829100","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.11","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 58, Data: EssKeyExchPreferenceDecodeEx" "01:38:42,0829528","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.11","SUCCESS","" "01:38:42,0829858","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Index: 3, Name: 1.2.840.113549.1.9.16.2.12" "01:38:42,0830199","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0830491","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.12","SUCCESS","Desired Access: Read" "01:38:42,0830947","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.12","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0831255","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.12","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\inetcomm.dll" "01:38:42,0831382","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.12","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 54, Data: EssSignCertificateDecodeEx" "01:38:42,0831604","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.12","SUCCESS","" "01:38:42,0831743","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Index: 4, Name: 1.2.840.113549.1.9.16.2.2" "01:38:42,0831946","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0832074","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.2","SUCCESS","Desired Access: Read" "01:38:42,0832238","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.2","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0832431","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.2","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\inetcomm.dll" "01:38:42,0832556","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.2","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 50, Data: EssSecurityLabelDecodeEx" "01:38:42,0832835","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.2","SUCCESS","" "01:38:42,0833029","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Index: 5, Name: 1.2.840.113549.1.9.16.2.3" "01:38:42,0833307","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0833472","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.3","SUCCESS","Desired Access: Read" "01:38:42,0833666","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.3","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0833826","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.3","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\inetcomm.dll" "01:38:42,0833987","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.3","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 42, Data: EssMLHistoryDecodeEx" "01:38:42,0834233","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.3","SUCCESS","" "01:38:42,0834401","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Index: 6, Name: 1.2.840.113549.1.9.16.2.4" "01:38:42,0834633","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0834786","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.4","SUCCESS","Desired Access: Read" "01:38:42,0834978","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.4","SUCCESS","Query: Cached, SubKeys: 0, Values: 2" "01:38:42,0835125","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.4","SUCCESS","Index: 0, Name: Dll, Type: REG_SZ, Length: 66, Data: C:\Windows\SysWOW64\inetcomm.dll" "01:38:42,0835263","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.4","SUCCESS","Index: 1, Name: FuncName, Type: REG_SZ, Length: 46, Data: EssContentHintDecodeEx" "01:38:42,0835453","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx\1.2.840.113549.1.9.16.2.4","SUCCESS","" "01:38:42,0835595","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","NO MORE ENTRIES","Index: 7, Length: 288" "01:38:42,0835836","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObjectEx","SUCCESS","" "01:38:42,0836047","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1","SUCCESS","" "01:38:42,0836224","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","NO MORE ENTRIES","Index: 2, Length: 288" "01:38:42,0836444","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID","SUCCESS","" "01:38:42,0837488","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","REPARSE","Desired Access: Query Value" "01:38:42,0837820","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","Desired Access: Query Value" "01:38:42,0838106","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0838284","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode","NAME NOT FOUND","Length: 16" "01:38:42,0842557","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Users\thoma\AppData\Local\Temp\MSASN1.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "01:38:42,0846693","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:42,0847272","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryBasicInformationFile","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","CreationTime: 16.10.2020 08:19:29, LastAccessTime: 28.06.2021 01:38:32, LastWriteTime: 16.10.2020 08:19:29, ChangeTime: 24.06.2021 09:04:29, FileAttributes: A" "01:38:42,0847470","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","" "01:38:42,0849889","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:42,0851043","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\SysWOW64\msasn1.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:42,0851456","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "01:38:42,0851740","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "01:38:42,0851969","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "01:38:42,0852130","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:42,0852339","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "01:38:42,0852507","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "01:38:42,0852672","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "01:38:42,0852849","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:42,0853000","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","SyncType: SyncTypeOther" "01:38:42,0854246","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","Image Base: 0x6ea70000, Image Size: 0xe000" "01:38:42,0855131","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\SysWOW64\msasn1.dll","SUCCESS","" "01:38:42,0856290","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0856416","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0856629","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\msasn1","NAME NOT FOUND","Desired Access: Read" "01:38:42,0857395","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Index: 1, Name: xxx" "01:38:42,0857659","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0857797","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,0858027","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,0858157","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,0858357","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 1.199, Data: ..." "01:38:42,0858578","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx","SUCCESS","" "01:38:42,0859010","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Index: 2, Name: 18F7C1FCC3090203FD5BAA2F861A754976C8DD25" "01:38:42,0859214","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" ... "01:38:42,0899293","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,0899464","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,0899614","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,0906571","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 1.071, Data: ..." "01:38:42,0909158","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx","SUCCESS","" "01:38:42,0909549","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Index: 21, Name: xxx" "01:38:42,0909825","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0909975","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,0910161","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,0910301","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,0910533","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 1.059, Data: ..." "01:38:42,0910733","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\xxx","SUCCESS","" "01:38:42,0911053","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates","SUCCESS","" "01:38:42,0911305","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0911463","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs","SUCCESS","Desired Access: Read" "01:38:42,0911831","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0912000","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0912149","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs","SUCCESS","" "01:38:42,0912333","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0913289","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs","SUCCESS","Desired Access: Read" "01:38:42,0913467","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0913604","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,0913754","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs","SUCCESS","" "01:38:42,0913903","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","" "01:38:42,0914220","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,0914387","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,0914658","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\SystemCertificates\AuthRoot","REPARSE","Desired Access: Read" "01:38:42,0915408","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","Desired Access: Read" "01:38:42,0915667","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,0915876","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0916004","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","Desired Access: Read" "01:38:42,0916211","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0916327","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Desired Access: Read" "01:38:42,0916512","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Query: Cached, SubKeys: 56, Values: 0" "01:38:42,0916653","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Query: Cached, SubKeys: 56, Values: 0" "01:38:42,0916784","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Index: 0, Name: xxx" "01:38:42,0916996","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,0917131","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,0917381","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,0917537","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,0917971","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 1.579, Data: ..." 01:38:42,0918307","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","" ... "01:38:42,1091760","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Index: 53, Name: xxx" "01:38:42,1092510","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1094109","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,1094393","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,1094601","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,1094751","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 1.502, Data: ..." "01:38:42,1095111","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","" "01:38:42,1095968","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Index: 54, Name: xxx" "01:38:42,1096341","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1096525","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,1096962","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,1097212","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,1097465","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 1.628, Data: ..." "01:38:42,1097857","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","" "01:38:42,1098545","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegEnumKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Index: 55, Name: xxx" "01:38:42,1098902","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1099079","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","Desired Access: Read" "01:38:42,1099414","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 12" "01:38:42,1099656","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","BUFFER OVERFLOW","Length: 144" "01:38:42,1099960","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx\Blob","SUCCESS","Type: REG_BINARY, Length: 1.873, Data: ... "01:38:42,1100259","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\xxx","SUCCESS","" "01:38:42,1100747","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates","SUCCESS","" "01:38:42,1101276","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1101622","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs","SUCCESS","Desired Access: Read" "01:38:42,1102129","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1102382","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1102606","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs","SUCCESS","" "01:38:42,1102834","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1103049","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs","SUCCESS","Desired Access: Read" "01:38:42,1103287","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1103616","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1103899","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs","SUCCESS","" "01:38:42,1104114","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","" "01:38:42,1104708","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,1105026","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,1105425","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Policies\Microsoft\SystemCertificates\ROOT","REPARSE","Desired Access: Read" "01:38:42,1105757","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\ROOT","SUCCESS","Desired Access: Read" "01:38:42,1106095","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,1106529","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1106948","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","Desired Access: Read" "01:38:42,1107269","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1107566","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1107829","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates","SUCCESS","" "01:38:42,1108080","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1108263","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","Desired Access: Read" "01:38:42,1108551","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1108687","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1108863","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs","SUCCESS","" "01:38:42,1109074","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1109275","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","Desired Access: Read" "01:38:42,1109488","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1109762","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1109979","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs","SUCCESS","" "01:38:42,1110158","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root","SUCCESS","" "01:38:42,1110527","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,1110710","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,1111114","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates\ROOT\PhysicalStores","REPARSE","Desired Access: Read" "01:38:42,1111428","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\PhysicalStores","NAME NOT FOUND","Desired Access: Read" "01:38:42,1111879","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,1112170","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,1112466","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates\ROOT","REPARSE","Desired Access: Read" "01:38:42,1112690","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT","SUCCESS","Desired Access: Read" "01:38:42,1113075","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,1113339","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","" "01:38:42,1113767","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,1113957","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,1114240","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates\ROOT","REPARSE","Desired Access: Read" "01:38:42,1114443","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT","SUCCESS","Desired Access: Read" "01:38:42,1114759","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,1115114","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1115273","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","Desired Access: Read" "01:38:42,1115751","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1116068","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates","SUCCESS","Desired Access: Read" "01:38:42,1116547","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1116872","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1117118","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates","SUCCESS","" "01:38:42,1117485","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1117645","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs","SUCCESS","Desired Access: Read" "01:38:42,1117888","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1118147","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1118612","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs","SUCCESS","" "01:38:42,1119023","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1119335","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs","SUCCESS","Desired Access: Read" "01:38:42,1119581","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1119840","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1120733","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs","SUCCESS","" "01:38:42,1121299","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","" "01:38:42,1123166","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,1123545","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM","SUCCESS","Query: Name" "01:38:42,1124333","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\SystemCertificates\SmartCardRoot","REPARSE","Desired Access: Read" "01:38:42,1125022","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Desired Access: Read" "01:38:42,1125799","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,1126277","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1126676","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Desired Access: Read" "01:38:42,1127361","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1127717","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","Desired Access: Read" "01:38:42,1128080","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1128405","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1128770","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","" "01:38:42,1129396","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1129872","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","Desired Access: Read" "01:38:42,1130368","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1130707","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1131148","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","" "01:38:42,1131441","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1131682","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","Desired Access: Read" "01:38:42,1132163","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1132395","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1132619","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","" "01:38:42,1132970","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","" "01:38:42,1135856","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,1136135","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKU","SUCCESS","Query: Name" "01:38:42,1136703","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed, Granted Access: All Access" "01:38:42,1137839","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: HandleTags, HandleTags: 0x0" "01:38:42,1138184","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU","SUCCESS","Query: Name" "01:38:42,1138640","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\Software\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Desired Access: Read" "01:38:42,1139179","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetInfoKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" "01:38:42,1139790","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1140150","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Desired Access: Read" "01:38:42,1140615","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1141087","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","Desired Access: Read" "01:38:42,1141455","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1141601","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1141877","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates","SUCCESS","" "01:38:42,1142110","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1142405","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","Desired Access: Read" "01:38:42,1142877","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1143023","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1143172","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs","SUCCESS","" "01:38:42,1143366","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","Query: HandleTags, HandleTags: 0x400" "01:38:42,1143504","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","Desired Access: Read" "01:38:42,1143692","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1143819","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","Query: Cached, SubKeys: 0, Values: 0" "01:38:42,1143978","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs","SUCCESS","" "01:38:42,1144129","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","" "01:38:42,1144259","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU","SUCCESS","" "01:38:49,7492828","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","" "01:38:49,7493248","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot","SUCCESS","" "01:38:49,7493401","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root","SUCCESS","" "01:38:49,7493599","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot","SUCCESS","" "01:38:49,7495285","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT","SUCCESS","" "01:38:49,7496112","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKCU\SOFTWARE\Microsoft\SystemCertificates\Root","SUCCESS","" "01:38:49,7499669","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:49,7499955","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","QueryBasicInformationFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","CreationTime: 16.10.2020 08:19:25, LastAccessTime: 28.06.2021 01:38:32, LastWriteTime: 16.10.2020 08:19:25, ChangeTime: 24.06.2021 09:04:29, FileAttributes: A" "01:38:49,7500092","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","" "01:38:49,7501665","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "01:38:49,7502427","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\SysWOW64\kernel.appcore.dll","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "01:38:49,7502790","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Read" "01:38:49,7503025","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Read" "01:38:49,7503209","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 20" "01:38:49,7503376","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:49,7503567","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","REPARSE","Desired Access: Query Value" "01:38:49,7503731","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","Desired Access: Query Value" "01:38:49,7503891","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Control\CI\Disable26178932","NAME NOT FOUND","Length: 80" "01:38:49,7504035","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\CI","SUCCESS","" "01:38:49,7504194","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CreateFileMapping","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","SyncType: SyncTypeOther" "01:38:49,7505433","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","Image Base: 0x73de0000, Image Size: 0xf000" "01:38:49,7506988","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Load Image","C:\Windows\SysWOW64\msvcrt.dll","SUCCESS","Image Base: 0x76020000, Image Size: 0xbf000" "01:38:49,7511208","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows\SysWOW64\kernel.appcore.dll","SUCCESS","" "01:38:49,7514526","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Exit","","SUCCESS","Thread ID: 3692, User Time: 0.0000000, Kernel Time: 0.0000000" "01:38:49,7514584","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Exit","","SUCCESS","Thread ID: 11532, User Time: 0.0000000, Kernel Time: 0.0000000" "01:38:49,7514608","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Exit","","SUCCESS","Thread ID: 12284, User Time: 0.0000000, Kernel Time: 0.0000000" "01:38:49,7515481","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Thread Exit","","SUCCESS","Thread ID: 5660, User Time: 0.5781250, Kernel Time: 1.2968750" "01:38:49,7523461","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","Process Exit","","SUCCESS","Exit Status: 0, User Time: 0.5781250 seconds, Kernel Time: 1.2968750 seconds, Private Bytes: 1.196.032, Peak Private Bytes: 1.212.416, Working Set: 5.177.344, Peak Working Set: 5.181.440" "01:38:49,7523628","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegOpenKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001","SUCCESS","Desired Access: All Access" "01:38:49,7523820","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001\\Device\HarddiskVolume8\Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: 59 A2 03 90 AD 6B D7 01 00 00 00 00 00 00 00 00" "01:38:49,7524078","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegSetValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001\\Device\HarddiskVolume8\Users\thoma\AppData\Local\Temp\6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","SUCCESS","Type: REG_BINARY, Length: 24, Data: 6F 9A 9C 94 AD 6B D7 01 00 00 00 00 00 00 00 00" "01:38:49,7525290","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001","SUCCESS","" "01:38:49,7525598","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Windows","SUCCESS","" "01:38:49,7526196","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","CloseFile","C:\Users\thoma\AppData\Local\Temp","SUCCESS","" "01:38:49,7526805","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Versions","SUCCESS","" "01:38:49,7526880","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Nls\Sorting\Ids","SUCCESS","" "01:38:49,7526986","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM","SUCCESS","" "01:38:49,7527063","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Services\crypt32","SUCCESS","" "01:38:49,7527505","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKU","SUCCESS","" "01:38:49,7527582","6dc8e1c9-bda7-4c8a-a834-54798e89ae3b.tmp.exe","18388","RegCloseKey","HKLM\System\CurrentControlSet\Control\Session Manager","SUCCESS","" |
28.06.2021, 07:15 | #22 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Habe die halbe Nacht weider gesucht, zur Einschränkung könnte folgendes bestimmt weiterhelfen: Code:
ATTFilter "Time of Day","Process Name","PID","Operation","Path","Result","Detail" "07:51:30,9101127","jabra-direct.exe","17812","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:30,9107822","jabra-direct.exe","17812","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" "07:51:30,9108755","jabra-direct.exe","17812","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:30, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:30,9108901","jabra-direct.exe","17812","WriteFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 0, Length: 82.944, Priority: Normal" "07:51:30,9110605","jabra-direct.exe","17812","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:30,9145562","jabra-direct.exe","17812","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:30,9145904","jabra-direct.exe","17812","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:30, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:30,9146093","jabra-direct.exe","17812","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:30,9151181","jabra-direct.exe","17812","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "07:51:30,9153254","jabra-direct.exe","17812","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:30,9156731","jabra-direct.exe","17812","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","SyncType: SyncTypeOther" "07:51:30,9157238","jabra-direct.exe","17812","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "07:51:30,9157402","jabra-direct.exe","17812","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:30,9160554","jabra-direct.exe","17812","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","SyncType: SyncTypeOther" "07:51:30,9161036","jabra-direct.exe","17812","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "07:51:30,9161352","jabra-direct.exe","17812","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Label" "07:51:30,9162618","jabra-direct.exe","17812","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:30,9167263","jabra-direct.exe","17812","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:30,9167489","jabra-direct.exe","17812","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:30,9167641","jabra-direct.exe","17812","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:30,9167800","jabra-direct.exe","17812","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 0, Length: 2, Priority: Normal" "07:51:30,9168128","jabra-direct.exe","17812","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 60, Length: 4" "07:51:30,9168337","jabra-direct.exe","17812","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 264, Length: 4" "07:51:30,9168502","jabra-direct.exe","17812","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 268, Length: 20" "07:51:30,9168738","jabra-direct.exe","17812","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 416, Length: 4" "07:51:30,9168903","jabra-direct.exe","17812","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 82.936, Length: 8" "07:51:30,9169060","jabra-direct.exe","17812","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 82.888, Length: 8" "07:51:30,9170417","jabra-direct.exe","17812","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:30,9170691","jabra-direct.exe","17812","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE" "07:51:30,9170844","jabra-direct.exe","17812","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:30,9176387","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:30,9179865","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:30,9190709","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:30,9296368","AvastSvc.exe","4208","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe:Zone.Identifier","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Disallow Exclusive, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" "07:51:30,9298582","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:30,9300190","AvastSvc.exe","4208","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Disallow Exclusive, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:30,9300972","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:30,9301246","AvastSvc.exe","4208","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:30,9303493","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:30,9304791","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,2362074","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2362698","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2365866","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2366149","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2405240","AvastSvc.exe","4208","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT-AUTORITÄT\SYSTEM, OpenResult: Opened" "07:51:31,2405621","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","BUFFER OVERFLOW","Name: \Users" "07:51:31,2405871","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,2406039","AvastSvc.exe","4208","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2421063","jabra-direct.exe","17812","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "07:51:31,2421268","jabra-direct.exe","17812","QueryFileInternalInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","IndexNumber: 0xf0000000648d7" "07:51:31,2422448","jabra-direct.exe","17812","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_GET_NTFS_VOLUME_DATA" "07:51:31,2461036","jabra-direct.exe","17812","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Query Value" "07:51:31,2465791","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2466182","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2467475","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2486094","AvastSvc.exe","4208","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2486448","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","BUFFER OVERFLOW","Name: \Users" "07:51:31,2486678","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,2486848","AvastSvc.exe","4208","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2501103","AvastSvc.exe","4208","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "07:51:31,2502789","AvastSvc.exe","4208","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DESKTOP-HCA6LJN\thoma, OpenResult: Opened" "07:51:31,2503391","AvastSvc.exe","4208","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "07:51:31,2504801","AvastSvc.exe","4208","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","SyncType: SyncTypeOther" "07:51:31,2505136","AvastSvc.exe","4208","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Query Value, Enumerate Sub Keys" "07:51:31,2505794","AvastSvc.exe","4208","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Label" "07:51:31,2506199","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,2510487","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2510734","AvastSvc.exe","4208","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2510912","AvastSvc.exe","4208","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2511102","AvastSvc.exe","4208","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 0, Length: 2, Priority: Normal" "07:51:31,2511467","AvastSvc.exe","4208","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 60, Length: 4" "07:51:31,2511646","AvastSvc.exe","4208","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 264, Length: 4" "07:51:31,2511794","AvastSvc.exe","4208","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 268, Length: 20" "07:51:31,2511929","AvastSvc.exe","4208","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 416, Length: 4" "07:51:31,2512061","AvastSvc.exe","4208","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 82.936, Length: 8" "07:51:31,2512206","AvastSvc.exe","4208","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 82.888, Length: 8" "07:51:31,2528475","AvastSvc.exe","4208","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "07:51:31,2528682","AvastSvc.exe","4208","QueryFileInternalInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","IndexNumber: 0xf0000000648d7" "07:51:31,2528901","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_GET_NTFS_VOLUME_DATA" "07:51:31,2538224","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open By ID, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2539774","aswidsagent.exe","8388","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2563049","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2568013","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2568129","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2568254","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2568375","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2568395","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2568514","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2583778","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2584065","aswidsagent.exe","8388","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2584209","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2584362","aswidsagent.exe","8388","QueryFileInternalInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","IndexNumber: 0xf0000000648d7" "07:51:31,2584515","aswidsagent.exe","8388","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2584711","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2752988","aswidsagent.exe","8388","CreateFile","C:\Windows\System32\0AC87FC9-82F1-4E9E-B17B-69EAF3C2AC8F.TMP.EXE","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "07:51:31,2757226","aswidsagent.exe","8388","CreateFile","C:\Windows\SysWOW64\0AC87FC9-82F1-4E9E-B17B-69EAF3C2AC8F.TMP.EXE","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "07:51:31,2799573","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Open By ID, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2800622","aswidsagent.exe","8388","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 0, Length: 64, Priority: Low" "07:51:31,2800876","aswidsagent.exe","8388","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 288, Length: 2" "07:51:31,2801088","aswidsagent.exe","8388","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 264, Length: 248" "07:51:31,2801239","aswidsagent.exe","8388","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 512, Length: 200" "07:51:31,2801366","aswidsagent.exe","8388","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 78.336, Length: 16" "07:51:31,2801545","aswidsagent.exe","8388","ReadFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Offset: 78.352, Length: 8" "07:51:31,2804337","aswidsagent.exe","8388","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%/USERS/THOMA/APPDATA/LOCAL/TEMP/0AC87FC9-82F1-4E9E-B17B-69EAF3C2AC8F.TMP.EXE","NAME NOT FOUND","Desired Access: Read" "07:51:31,2805675","AvastSvc.exe","4208","QueryNetworkOpenInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A" "07:51:31,2806016","AvastSvc.exe","4208","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "07:51:31,2808975","aswidsagent.exe","8388","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2809107","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2828807","AvastSvc.exe","4208","QueryNetworkOpenInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A" "07:51:31,2829208","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2829669","AvastSvc.exe","4208","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "07:51:31,2840826","aswidsagent.exe","8388","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2840986","aswidsagent.exe","8388","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2841102","aswidsagent.exe","8388","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2841327","aswidsagent.exe","8388","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "07:51:31,2862300","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2865664","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2865937","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2866085","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2870080","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2870341","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2870479","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2903132","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2905483","aswidsagent.exe","8388","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,2906754","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2906945","aswidsagent.exe","8388","QueryFileInternalInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","IndexNumber: 0xf0000000648d7" "07:51:31,2907105","aswidsagent.exe","8388","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,2910764","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,2915099","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,2915433","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,2915551","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,3050880","AvastSvc.exe","4208","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: DESKTOP-HCA6LJN\thoma, OpenResult: Opened" "07:51:31,3051505","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","BUFFER OVERFLOW","Name: \Users" "07:51:31,3051731","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,3051926","AvastSvc.exe","4208","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,3054748","AvastSvc.exe","4208","RegQueryValue","HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4198695647-2910091461-4277131257-1001\\Device\HarddiskVolume8\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Length: 40" "07:51:31,3068892","jabra-direct.exe","17812","Process Create","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","PID: 17312, Command line: C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,3076532","AvastSvc.exe","4208","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Length: 16" "07:51:31,3077206","AvastSvc.exe","4208","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "07:51:31,3079930","AvastSvc.exe","4208","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,3080584","AvastSvc.exe","4208","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,3080796","AvastSvc.exe","4208","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner" "07:51:31,3081000","AvastSvc.exe","4208","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,3086111","AvastSvc.exe","4208","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,3087444","AvastSvc.exe","4208","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Length: 1.024" "07:51:31,3088024","AvastSvc.exe","4208","RegQueryValue","HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Length: 1.024" "07:51:31,3088399","AvastSvc.exe","4208","RegOpenKey","HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,3090432","AvastSvc.exe","4208","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,3090637","AvastSvc.exe","4208","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ" "07:51:31,3090824","AvastSvc.exe","4208","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,3111274","AvastSvc.exe","4208","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,3113371","csrss.exe","912","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "07:51:31,3116421","csrss.exe","912","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,3116788","csrss.exe","912","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "07:51:31,3116944","csrss.exe","912","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,3118444","csrss.exe","912","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe.Config","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: DESKTOP-HCA6LJN\thoma" "07:51:31,3118928","csrss.exe","912","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,3119064","csrss.exe","912","QueryIdInformation","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,3149975","AvastSvc.exe","4208","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,3170930","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","Load Image","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Image Base: 0xd60000, Image Size: 0x18000" "07:51:31,3247614","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","RegQueryValue","HKLM\SOFTWARE\Microsoft\Wow64\x86\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Length: 520" "07:51:31,3359125","aswidsagent.exe","8388","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,3359382","aswidsagent.exe","8388","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,3359535","aswidsagent.exe","8388","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,4030155","Conhost.exe","16816","CreateFile","C:\Windows\SysWOW64\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" "07:51:31,4033997","Conhost.exe","16816","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,4034496","Conhost.exe","16816","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,4034655","Conhost.exe","16816","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,4088379","Conhost.exe","16816","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,4089256","Conhost.exe","16816","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,4090328","Conhost.exe","16816","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,4102375","Conhost.exe","16816","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,4102898","Conhost.exe","16816","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,4103065","Conhost.exe","16816","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,4107124","Conhost.exe","16816","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,4107560","Conhost.exe","16816","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,4107727","Conhost.exe","16816","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,4110258","Conhost.exe","16816","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Disallow Exclusive, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,4112258","Conhost.exe","16816","QueryEAFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,4112612","Conhost.exe","16816","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,4113061","Conhost.exe","16816","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" "07:51:31,4113250","Conhost.exe","16816","QueryStandardInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","AllocationSize: 86.016, EndOfFile: 82.944, NumberOfLinks: 1, DeletePending: False, Directory: False" "07:51:31,4116620","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,4126149","AvastSvc.exe","4208","FileSystemControl","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Control: FSCTL_READ_FILE_USN_DATA" "07:51:31,4184368","Conhost.exe","16816","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","FILE LOCKED WITH ONLY READERS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE" "07:51:31,4185692","Conhost.exe","16816","CreateFileMapping","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","SyncType: SyncTypeOther" "07:51:31,4186215","Conhost.exe","16816","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,4188246","Conhost.exe","16816","CreateFile","C:\Users\thoma\AppData\Local\SystemResources\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe.mun","PATH NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a" "07:51:31,4291846","Conhost.exe","16816","RegOpenKey","HKU\__avast! sandbox\0ac87fc9-82f1-4e9e-b_{b767c359-d7d4-11eb-8796-107b4415ae9e}\REGISTRY\USER\S-1-5-21-4198695647-2910091461-4277131257-1001\Console\C:_Users_thoma_AppData_Local_Temp_0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Maximum Allowed" "07:51:31,4292476","Conhost.exe","16816","RegOpenKey","HKU\__avast! sandbox\0ac87fc9-82f1-4e9e-b_{b767c359-d7d4-11eb-8796-107b4415ae9e}\REGISTRY\USER\S-1-5-21-4198695647-2910091461-4277131257-1001\Console\C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Maximum Allowed" "07:51:31,7250587","Explorer.EXE","11148","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7253873","Explorer.EXE","11148","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,7254250","Explorer.EXE","11148","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,7254507","Explorer.EXE","11148","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,7270712","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7271154","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7272523","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7272936","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7276702","Explorer.EXE","11148","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7284193","Explorer.EXE","11148","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,7284478","Explorer.EXE","11148","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,7284681","Explorer.EXE","11148","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,7334170","Explorer.EXE","11148","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7336909","Explorer.EXE","11148","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,7337197","Explorer.EXE","11148","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,7337364","Explorer.EXE","11148","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,7351908","Explorer.EXE","11148","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7354475","Explorer.EXE","11148","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,7354775","Explorer.EXE","11148","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,7354943","Explorer.EXE","11148","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,7356364","Explorer.EXE","11148","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7358791","Explorer.EXE","11148","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,7359029","Explorer.EXE","11148","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,7359172","Explorer.EXE","11148","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,7367981","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7368220","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7369121","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7369397","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7370955","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7371184","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7371992","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7372222","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7394935","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7395192","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7396025","Explorer.EXE","11148","RegOpenKey","HKCU\Software\Classes\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7396231","Explorer.EXE","11148","RegOpenKey","HKCR\Applications\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","NAME NOT FOUND","Desired Access: Read" "07:51:31,7398944","Explorer.EXE","11148","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,7399325","Explorer.EXE","11148","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,7399480","Explorer.EXE","11148","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,7538328","Explorer.EXE","11148","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7540961","svchost.exe","1264","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7549496","Explorer.EXE","11148","QueryNameInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Name: \Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe" "07:51:31,7658692","Explorer.EXE","11148","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,7659079","Explorer.EXE","11148","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,7659235","Explorer.EXE","11148","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,8079989","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" "07:51:31,8080648","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","BUFFER OVERFLOW","Information: Owner" "07:51:31,8080867","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner" "07:51:31,8081024","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,8220859","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "07:51:31,8293115","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "07:51:31,8297071","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" "07:51:31,8297498","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","CloseFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","" "07:51:31,8299545","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","CreateFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" "07:51:31,8301776","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","QuerySecurityFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","Information: Owner, Group, DACL, SACL, Label, Attribute, Process Trust Label, 0x100" "07:51:31,8301952","0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","17312","QueryBasicInformationFile","C:\Users\thoma\AppData\Local\Temp\0ac87fc9-82f1-4e9e-b17b-69eaf3c2ac8f.tmp.exe","SUCCESS","CreationTime: 28.06.2021 07:51:30, LastAccessTime: 28.06.2021 07:51:31, LastWriteTime: 28.06.2021 07:51:30, ChangeTime: 28.06.2021 07:51:30, FileAttributes: A" https://www.virustotal.com/gui/file/85592c6fce2bef0e22d4e1cae2ea07d53fb48ea419d78edba523ffda2dced137/detection |
28.06.2021, 08:41 | #23 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Und du willst jetzt irgendwie nicht wahrhaben, dass die Datei ok ist? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.06.2021, 09:13 | #24 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Nutze JABRA als Headset. Habe daher u.a. für Firmware Updates und Ladeanzeige die JABRA Software installiert. Ist aber Original von der Herstellerseite. Was soll ich machen? - Problem an Hersteller melden? - Das Zeug deinstallieren? Das Headset sollte auch ohne die Software funktionieren. |
28.06.2021, 09:19 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Wieso redest du dir da überhaupt ein Problem ein? Nur weil du die EXE nicht kennst muss das ein Schädling sein? Erklär mal bitte. Dass Virenscanner auch mal Fehlalarme werfen ist echt nicht bekannt? Ich verschiebe nach Diskussion.
__________________ Logfiles bitte immer in CODE-Tags posten |
28.06.2021, 10:33 | #26 |
| Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Danke, falls Du keinen Bedarf an Bereinigung siehst, ist es auch OK. Ich finde es nur komisch, dass ein Hersteller solche Prozesse in seine Software integriert. Nochmal Danke für Deine Unterstützung, insbesondere den zeitnahmen Support. Euer Forum ist echt Klasse. Eine Frage nochmal zu 7zip. Du hattest empfpohlen die v19.0 zu deinstallieren. Weil sie von 2019 ist? Alternativ gibt es aber nur eine aktuelle alpha. Oder übersehe ich hier etwas (https://www.7-zip.de/). |
28.06.2021, 10:39 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Oh, da hab ich mich vertan, 19.00 ist aktuell.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt |
appdata, bytes, canon, datei, einloggen, exe, fenster, folge, folgende, login, malwarebytes, melde, meldet, microsoft, programm, roaming, start, startup, temp, troyaner, umgeleitet, virus, virustotal, windows, zahlen, öffnet |