c506f78705872620dd3363a1813db0903143338b7c63fc4cfa244e9e6077ab4b

Analysis

max time kernel
131s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_.exe
Size

5.7MB
MD5

5c27f2f209b25d4ecdf7da80c0f0dff1
SHA1

d47316267d523cb12322c38a5532a28f8c2a1a4b
SHA256

c506f78705872620dd3363a1813db0903143338b7c63fc4cfa244e9e6077ab4b
SHA512

4120f317eb7613585ae359f21c21c119b2fb7c88e4d164dd117fac75aaa005bae569e02bc7d7a956b0b627d5b195ab29aad2b51a12de13a4657161072fd9c283
SSDEEP

49152:aMdyl4lW0WDxDhdTKCM8XXpDYALLRENU9Qd+bukGMQ1nbHxjCjdJdYcirgDQMHLG:aMSDxDLrHXWU9w6ZoRHEK7+LU

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4872	Avira.Spotlight.Bootstrapper.exe
2924	_.exe
3028	Avira.Spotlight.Bootstrapper.exe

Loads dropped DLL 62 IoCs

pid	Process
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe

Checks for any installed AV software in registry 1 TTPs 17 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security\ConnectServices	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Avira\Security\UserInterface	Avira.Spotlight.Bootstrapper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security\ConnectServices	Avira.Spotlight.Bootstrapper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper	Avira.Spotlight.Bootstrapper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\MixpanelCommonProperties = "AAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10SAAAACQIAAAAlAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAABIAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAAyRvcwYGAAAAB1dpbmRvd3MB+f////z///8GCAAAAAskb3NfdmVyc2lvbgYJAAAACjEwLjAuMTkwNDEB9v////z///8GCwAAAAtPcyBMYW5ndWFnZQYMAAAABWVuLVVTAfP////8////Bg4AAAALT3MgUGxhdGZvcm0GDwAAAAN4NjQB8P////z///8GEQAAAAxzaGEyX3N1cHBvcnQIAQEB7v////z///8GEwAAABYuTkVUIEZyYW1ld29yayBWZXJzaW9uCRQAAAAB6/////z///8GFgAAAApQcm9jZXNzIElECAjUCwAAAen////8////BhgAAAASQ29tcGF0aWJpbGl0eSBNb2RlCRkAAAAB5v////z///8GGwAAAA1FeHBlcmltZW50SWRzCRwAAAAB4/////z///8GHgAAABBFeHBlcmltZW50R3JvdXBzCR8AAAAB4P////z///8GIQAAAA9Eb3dubG9hZCBTb3VyY2UGIgAAAAAB3f////z///8GJAAAAAlCdW5kbGUgSUQJIgAAAAHa/////P///wYnAAAAFEJvb3RzdHJhcHBlciBWZXJzaW9uBigAAAAIMS4wLjM0LjgB1/////z///8GKgAAAAZBY3Rpb24GKwAAAAdJbnN0YWxsAdT////8////Bi0AAAAHUnVuTW9kZQYuAAAAB0RlZmF1bHQB0f////z///8GMAAAAAZTaWxlbnQIAQABz/////z///8GMgAAAApTZXNzaW9uIElEBjMAAAAgZmI1OTBlZjllZDYzNGM0OWI0ZWJlZjI0YzBiMjBmNDABzP////z///8GNQAAABJTcG90bGlnaHQgTGFuZ3VhZ2UJDAAAAAQUAAAADlN5c3RlbS5WZXJzaW9uBAAAAAZfTWFqb3IGX01pbm9yBl9CdWlsZAlfUmV2aXNpb24AAAAACAgICAQAAAAIAAAA//////////8RGQAAAAAAAAARHAAAAAEAAAAGNwAAABRzcG90bGlnaHRzYWZlc2VhcmNoMhEfAAAAAQAAAAY4AAAAC3NwdGxpbnN0YWxsCw=="	Avira.Spotlight.Bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\UpdateBridgeEnvironment	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface	Avira.Spotlight.Bootstrapper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper\MixpanelCommonProperties = "AAEAAAD/////AQAAAAAAAAAEAQAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uT2JqZWN0LCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10SAAAACQIAAAAlAAAACQMAAAAEAgAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwMAAAAAAQAAABIAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLk9iamVjdCwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E/P///+QBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5PYmplY3QsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAgYFAAAAAyRvcwYGAAAAB1dpbmRvd3MB+f////z///8GCAAAAAskb3NfdmVyc2lvbgYJAAAACjEwLjAuMTkwNDEB9v////z///8GCwAAAAtPcyBMYW5ndWFnZQYMAAAABWVuLVVTAfP////8////Bg4AAAALT3MgUGxhdGZvcm0GDwAAAAN4NjQB8P////z///8GEQAAAAxzaGEyX3N1cHBvcnQIAQEB7v////z///8GEwAAABYuTkVUIEZyYW1ld29yayBWZXJzaW9uCRQAAAAB6/////z///8GFgAAAApQcm9jZXNzIElECAgIEwAAAen////8////BhgAAAASQ29tcGF0aWJpbGl0eSBNb2RlCRkAAAAB5v////z///8GGwAAAA1FeHBlcmltZW50SWRzCRwAAAAB4/////z///8GHgAAABBFeHBlcmltZW50R3JvdXBzCR8AAAAB4P////z///8GIQAAAA9Eb3dubG9hZCBTb3VyY2UGIgAAAAAB3f////z///8GJAAAAAlCdW5kbGUgSUQJIgAAAAHa/////P///wYnAAAAFEJvb3RzdHJhcHBlciBWZXJzaW9uBigAAAALMS4wLjMxLjM3OTYB1/////z///8GKgAAAAZBY3Rpb24GKwAAAAdJbnN0YWxsAdT////8////Bi0AAAAHUnVuTW9kZQYuAAAAB0RlZmF1bHQB0f////z///8GMAAAAAZTaWxlbnQIAQABz/////z///8GMgAAAApTZXNzaW9uIElEBjMAAAAgZTA3MWNhMzY5MmMwNGNjNTk4MGQ5NTBhNzViZjAyZDcBzP////z///8GNQAAABJTcG90bGlnaHQgTGFuZ3VhZ2UJDAAAAAQUAAAADlN5c3RlbS5WZXJzaW9uBAAAAAZfTWFqb3IGX01pbm9yBl9CdWlsZAlfUmV2aXNpb24AAAAACAgICAQAAAAIAAAA//////////8RGQAAAAAAAAARHAAAAAEAAAAGNwAAABRzcG90bGlnaHRzYWZlc2VhcmNoMhEfAAAAAQAAAAY4AAAAC3NwdGxpbnN0YWxsCw=="	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security\UserInterface	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security	Avira.Spotlight.Bootstrapper.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Security	Avira.Spotlight.Bootstrapper.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Bootstrapper	Avira.Spotlight.Bootstrapper.exe
Key opened	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Avira\Security\UserInterface	Avira.Spotlight.Bootstrapper.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
1724	schtasks.exe
5016	schtasks.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe	_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\SessionId = "e071ca3692c04cc5980d950a75bf02d7"	Avira.Spotlight.Bootstrapper.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe\NoStartPage = "0"	_.exe
Key created	\REGISTRY\MACHINE\Software\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}	Avira.Spotlight.Bootstrapper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\SessionId = "fb590ef9ed634c49b4ebef24c0b20f40"	Avira.Spotlight.Bootstrapper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\Action = "Install"	Avira.Spotlight.Bootstrapper.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe	_.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe\NoStartPage = "0"	_.exe
Key created	\REGISTRY\MACHINE\Software\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}	Avira.Spotlight.Bootstrapper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "4b9adcb4cbf74462b54aef99173b700eddc0c8f7"	Avira.Spotlight.Bootstrapper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\Action = "Install"	Avira.Spotlight.Bootstrapper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe	_.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	Avira.Spotlight.Bootstrapper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Avira.Spotlight.Bootstrapper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Avira.Spotlight.Bootstrapper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	Avira.Spotlight.Bootstrapper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Avira.Spotlight.Bootstrapper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Avira.Spotlight.Bootstrapper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Avira.Spotlight.Bootstrapper.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Avira.Spotlight.Bootstrapper.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4872	Avira.Spotlight.Bootstrapper.exe
Token: SeDebugPrivilege	3028	Avira.Spotlight.Bootstrapper.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4872	Avira.Spotlight.Bootstrapper.exe
4872	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe
3028	Avira.Spotlight.Bootstrapper.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 5016	1120	_.exe	82
PID 1120 wrote to memory of 5016	1120	_.exe	82
PID 1120 wrote to memory of 5016	1120	_.exe	82
PID 1120 wrote to memory of 4872	1120	_.exe	81
PID 1120 wrote to memory of 4872	1120	_.exe	81
PID 1120 wrote to memory of 4872	1120	_.exe	81
PID 4872 wrote to memory of 2924	4872	Avira.Spotlight.Bootstrapper.exe	94
PID 4872 wrote to memory of 2924	4872	Avira.Spotlight.Bootstrapper.exe	94
PID 4872 wrote to memory of 2924	4872	Avira.Spotlight.Bootstrapper.exe	94
PID 2924 wrote to memory of 3028	2924	_.exe	95
PID 2924 wrote to memory of 3028	2924	_.exe	95
PID 2924 wrote to memory of 3028	2924	_.exe	95
PID 2924 wrote to memory of 1724	2924	_.exe	96
PID 2924 wrote to memory of 1724	2924	_.exe	96
PID 2924 wrote to memory of 1724	2924	_.exe	96
PID 1120 wrote to memory of 4708	1120	_.exe	98
PID 1120 wrote to memory of 4708	1120	_.exe	98
PID 1120 wrote to memory of 4708	1120	_.exe	98

C:\Users\Admin\AppData\Local\Temp\_.exe
"C:\Users\Admin\AppData\Local\Temp\_.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Users\Admin\AppData\Local\Temp\.CR.17498\Avira.Spotlight.Bootstrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\.CR.17498\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.17498\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=_.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Users\Admin\AppData\Local\Temp\f926075d-340f-4720-907b-1be6d0870c27\_.exe
    "C:\Users\Admin\AppData\Local\Temp\f926075d-340f-4720-907b-1be6d0870c27\_.exe" SelfUpdate=false AllowMultipleInstances=true
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\.CR.20240\Avira.Spotlight.Bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\.CR.20240\Avira.Spotlight.Bootstrapper.exe" "C:\Users\Admin\AppData\Local\Temp\.CR.20240\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=_.exe SelfUpdate=false AllowMultipleInstances=true
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks for any installed AV software in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:3028
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\system32\schtasks.exe" /Create /Xml "C:\Users\Admin\AppData\Local\Temp\.CR.7663\Avira_Security_Installation.xml" /F /TN "Avira_Security_Installation"
      4⤵
      Creates scheduled task(s)
      PID:1724
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /Create /Xml "C:\Users\Admin\AppData\Local\Temp\.CR.11763\Avira_Security_Installation.xml" /F /TN "Avira_Security_Installation"
  2⤵
  - Creates scheduled task(s)
  PID:5016
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /Delete /F /TN "Avira_Security_Installation"
  2⤵
  PID:4708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Security Software Discovery

T1063

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.CR.11763\Avira_Security_Installation.xml

Filesize
1KB

MD5
2059a985d7bfbc134a02ae24c2273645

SHA1
aaff480d5128b4e578a1da578b1a8bba3f04217c

SHA256
bb5f54c89ce29d8fa93c2b8970b5dded69472a71daf2d1dd03ab37fc9d3f688b

SHA512
045213f381d8885e9886cb2a47c3ad9fbf130d38668c6fd2dd13f355c8077d59a670dbd10f4fcf6df471ca8c4c352c4ea573ff2ba505838b573601dd3caef901

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.COMMON.GUARDS.DLL

Filesize
17KB

MD5
6cf81b96db8fdfff68430face73bad08

SHA1
6f4cdc34ab357d373c3701cdbc7ca015c811acd9

SHA256
3b6d79226ccabb6136810f921a1f1688d30f442ce8867eeae0e8d5023e2602d2

SHA512
2f823d2f904dc0dd5e9be5b4f58672f8f719991fbb46bc43b425e6b7287b8fab80e37bb761e62fbcf1e3a4b7dbd098dd1ea8d099429b6fd03beeb73d001eaf74

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.COMMON.GUARDS.DLL

Filesize
17KB

MD5
6cf81b96db8fdfff68430face73bad08

SHA1
6f4cdc34ab357d373c3701cdbc7ca015c811acd9

SHA256
3b6d79226ccabb6136810f921a1f1688d30f442ce8867eeae0e8d5023e2602d2

SHA512
2f823d2f904dc0dd5e9be5b4f58672f8f719991fbb46bc43b425e6b7287b8fab80e37bb761e62fbcf1e3a4b7dbd098dd1ea8d099429b6fd03beeb73d001eaf74

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.COMMON.MIXPANEL.DLL

Filesize
63KB

MD5
8c8ef664a54a610a2dbf669ec61ccb5c

SHA1
d2cfb0d895de042497e30edcd93c30e12b569616

SHA256
326202cc3709126e12aa3c73da3e89f5995b6ce8e982468bb4d7b05d3af118e5

SHA512
56983c8659c32b2465b8f8d59ab244d274bb91946b878c38b40ede0bee6e7d0852410a7ba49d10043ba6eaebb79c71d8244c546ca8ea75fc3fb4214a31f06214

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.COMMON.MIXPANEL.DLL

Filesize
63KB

MD5
8c8ef664a54a610a2dbf669ec61ccb5c

SHA1
d2cfb0d895de042497e30edcd93c30e12b569616

SHA256
326202cc3709126e12aa3c73da3e89f5995b6ce8e982468bb4d7b05d3af118e5

SHA512
56983c8659c32b2465b8f8d59ab244d274bb91946b878c38b40ede0bee6e7d0852410a7ba49d10043ba6eaebb79c71d8244c546ca8ea75fc3fb4214a31f06214

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.FILEDOWNLOADER.DLL

Filesize
47KB

MD5
4b8286e3b83e1ea7c7fc9fd1c415b570

SHA1
c9181c80e876cd8fa000f1dd4b7682465b50e9a9

SHA256
e145364740b1412031976a422be9619ab33131127edd13fc24c3ae23a66585da

SHA512
4b9985074e0b0542f1a704f5dd5aab7b6fdb325448a4c0720fb4d42903415d538979bfc3d9b574fddc5439e4e33ff6508041ee0a4d34196ea4b739d31287fc47

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.FILEDOWNLOADER.DLL

Filesize
47KB

MD5
4b8286e3b83e1ea7c7fc9fd1c415b570

SHA1
c9181c80e876cd8fa000f1dd4b7682465b50e9a9

SHA256
e145364740b1412031976a422be9619ab33131127edd13fc24c3ae23a66585da

SHA512
4b9985074e0b0542f1a704f5dd5aab7b6fdb325448a4c0720fb4d42903415d538979bfc3d9b574fddc5439e4e33ff6508041ee0a4d34196ea4b739d31287fc47

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL

Filesize
344KB

MD5
a5ab1d34a45484dc43f68aacbbade71f

SHA1
93ce2525247445bb485950608a3ad96bf588e3a1

SHA256
eb569c9de9a237c25b1dad79e03e8563e8cea3136767ba0ca68e7e18324d88ec

SHA512
93f016c17416815cab41630e19a70b8bfd40d478aad391864400126dbed9d45af12a68b13a40baa7d5af43e28814fe1349819f82d5ba0f06a54ece01ceb91a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL

Filesize
344KB

MD5
a5ab1d34a45484dc43f68aacbbade71f

SHA1
93ce2525247445bb485950608a3ad96bf588e3a1

SHA256
eb569c9de9a237c25b1dad79e03e8563e8cea3136767ba0ca68e7e18324d88ec

SHA512
93f016c17416815cab41630e19a70b8bfd40d478aad391864400126dbed9d45af12a68b13a40baa7d5af43e28814fe1349819f82d5ba0f06a54ece01ceb91a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL

Filesize
342KB

MD5
b8a7f067de778bec2dc9e3e4a6088d81

SHA1
4e5ba1534f53d818ac71fc62a00574e481439c8b

SHA256
6fa10d8bdc93b0f7a2ce82199a9f0e56a491da195208637cb7283c6d836fa302

SHA512
e8601794f4cf45f29342b6716ab2c3dd6244e8ad27c8286d54c2a166d7e5c7e1391490e3834cbfa50c2778b45d45df80c2be304c6e1eced6bbdab4ddc1aff7ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL

Filesize
342KB

MD5
b8a7f067de778bec2dc9e3e4a6088d81

SHA1
4e5ba1534f53d818ac71fc62a00574e481439c8b

SHA256
6fa10d8bdc93b0f7a2ce82199a9f0e56a491da195208637cb7283c6d836fa302

SHA512
e8601794f4cf45f29342b6716ab2c3dd6244e8ad27c8286d54c2a166d7e5c7e1391490e3834cbfa50c2778b45d45df80c2be304c6e1eced6bbdab4ddc1aff7ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE

Filesize
1.5MB

MD5
cb8c80df0f410612c7f6d7be612364fa

SHA1
079234a9c582e630b4a72cf0768d7c3e0097ed16

SHA256
a373c45154c49899e757cbe65be4c111aa4b2fa6af4006232ecc83d6afd6266d

SHA512
1bbc66c51bd670818527163d584e0d9e4cdd3335e0566bdfef064ae45e841879866f3c08a0d4f3599e1f3b18f31d9ed6baafdc15967004ae393b60a7bc8272e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL

Filesize
168KB

MD5
d421e10965b3d0b526faa0a0ac4fba95

SHA1
3c6f7288ac3afe52cbcc2acb125e8c121ef42a68

SHA256
d2dfc3e94b8eb2ecdef1952d31820e3857f582437900a2bc03e4aeb81f0d7981

SHA512
18009621f362a8f3466a81b7b8e014a15db78f1e3b30efd93f70cb92cef0316b291d52e3f5853cc9042fcc4153807535269d2c9e509888266e3303d11c328e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL

Filesize
168KB

MD5
d421e10965b3d0b526faa0a0ac4fba95

SHA1
3c6f7288ac3afe52cbcc2acb125e8c121ef42a68

SHA256
d2dfc3e94b8eb2ecdef1952d31820e3857f582437900a2bc03e4aeb81f0d7981

SHA512
18009621f362a8f3466a81b7b8e014a15db78f1e3b30efd93f70cb92cef0316b291d52e3f5853cc9042fcc4153807535269d2c9e509888266e3303d11c328e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL

Filesize
205KB

MD5
1f186b30425445379b7c3b34304584f8

SHA1
4c441880a5f223a5fe726dc1a3c44425e1789e74

SHA256
7ecd883bf7cb8973b7b8f8353efc4ce8bf9377dcd192cb483a2d0275fdb17abc

SHA512
628e2eacc771d183fb550e14ede1f36a6614cbcfada0ceceef190697187cbd484d5e1cda27dbeadde139a74de047e4c9e45f23f4f98ba7c6e8ff4bfe516d979b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL

Filesize
205KB

MD5
1f186b30425445379b7c3b34304584f8

SHA1
4c441880a5f223a5fe726dc1a3c44425e1789e74

SHA256
7ecd883bf7cb8973b7b8f8353efc4ce8bf9377dcd192cb483a2d0275fdb17abc

SHA512
628e2eacc771d183fb550e14ede1f36a6614cbcfada0ceceef190697187cbd484d5e1cda27dbeadde139a74de047e4c9e45f23f4f98ba7c6e8ff4bfe516d979b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\DRYIOC.DLL

Filesize
439KB

MD5
9c3e44f1c05ff49c180ba62ec357155e

SHA1
41a8e67e3de7a30593f9cf75e9a86a338cf55113

SHA256
60e3d6c4a0f5adfdfd69f74434d42288d13cb835960a2c17f47a64eb1eb4fa9d

SHA512
68d6674656df384fb0e539f3b902ac69f6e0bb266e3b1749171aa0c49c0000c82e6125a56a6872c7daf4b05c54adf8cae7471fccca2d2c29551c864ed009645a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\DRYIOC.DLL

Filesize
439KB

MD5
9c3e44f1c05ff49c180ba62ec357155e

SHA1
41a8e67e3de7a30593f9cf75e9a86a338cf55113

SHA256
60e3d6c4a0f5adfdfd69f74434d42288d13cb835960a2c17f47a64eb1eb4fa9d

SHA512
68d6674656df384fb0e539f3b902ac69f6e0bb266e3b1749171aa0c49c0000c82e6125a56a6872c7daf4b05c54adf8cae7471fccca2d2c29551c864ed009645a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\DRYIOC.MEFATTRIBUTEDMODEL.DLL

Filesize
69KB

MD5
6f97f648452c03fecc388783e029026f

SHA1
4833f0f57e67940fb32bc4f319e3d1df3302baf4

SHA256
24b66db252ac5a8ce1c5d21042303a09918b972d682bf0b230bb874601628459

SHA512
09c6b1820bbd57acd6602e625b9276debf2f9640c8fe92dafabd3fb156bba0d7838f9a28c693bab15543eaaed1d19340ca6663f3b59feb03ab7817c7533c3723

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\DRYIOC.MEFATTRIBUTEDMODEL.DLL

Filesize
69KB

MD5
6f97f648452c03fecc388783e029026f

SHA1
4833f0f57e67940fb32bc4f319e3d1df3302baf4

SHA256
24b66db252ac5a8ce1c5d21042303a09918b972d682bf0b230bb874601628459

SHA512
09c6b1820bbd57acd6602e625b9276debf2f9640c8fe92dafabd3fb156bba0d7838f9a28c693bab15543eaaed1d19340ca6663f3b59feb03ab7817c7533c3723

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\DRYIOCATTRIBUTES.DLL

Filesize
33KB

MD5
2f21f975faf09b536bd3a68edaf5159c

SHA1
f776707cfccbf83a6a7cebd4d49dc803bd8bb52d

SHA256
44084ec2455d6b6c0e00d8fcc562530e59f19a8924dfec38351b8f26f75be777

SHA512
69937553aa153466fe574d61a99da91c79d175c8816f87a328df82ff917fea6679ebe0c236d8d8bfe61dfc3970dc17fa20445dd4da6044c36294648990e71825

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\DRYIOCATTRIBUTES.DLL

Filesize
33KB

MD5
2f21f975faf09b536bd3a68edaf5159c

SHA1
f776707cfccbf83a6a7cebd4d49dc803bd8bb52d

SHA256
44084ec2455d6b6c0e00d8fcc562530e59f19a8924dfec38351b8f26f75be777

SHA512
69937553aa153466fe574d61a99da91c79d175c8816f87a328df82ff917fea6679ebe0c236d8d8bfe61dfc3970dc17fa20445dd4da6044c36294648990e71825

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\EN-US\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Filesize
33KB

MD5
05321c44387786b213584378b2208290

SHA1
34565fc81aa8ff1c1a85f7abc348dd9de68525ae

SHA256
fbcebae0d9dcd4229afb79dfe4d3e3b23b7539ef8fce936890df79d69e8bb3dd

SHA512
047f39ed81e6bfae71695cd9027db5d6a473ef160f9a1e56346e2b60ee81c4c0884f6b8661e7302471087e801f6ad0cb5968310922203ea63ca05b9f307ae66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\EN-US\AVIRA.SPOTLIGHT.BOOTSTRAPPER.RESOURCES.DLL

Filesize
33KB

MD5
05321c44387786b213584378b2208290

SHA1
34565fc81aa8ff1c1a85f7abc348dd9de68525ae

SHA256
fbcebae0d9dcd4229afb79dfe4d3e3b23b7539ef8fce936890df79d69e8bb3dd

SHA512
047f39ed81e6bfae71695cd9027db5d6a473ef160f9a1e56346e2b60ee81c4c0884f6b8661e7302471087e801f6ad0cb5968310922203ea63ca05b9f307ae66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\MICROSOFT.WINDOWS.SHELL.DLL

Filesize
160KB

MD5
277735b1c0968409dd4601662e3bc9dd

SHA1
7a8d8f964a4582a340262ec3975e4badda9fd022

SHA256
0b67a859ac20ca9c2f2abfc7a334bbb155421e3b6f01c21c821e149e149dc5eb

SHA512
d0271d97843dac34bf88421acda9ebc7c59716a8a154459abd961c2e6a0ead66623baca3a1ccd6c7b73ef6090e421201c6d2917fe3d7f6095e5f23af586e0982

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\MICROSOFT.WINDOWS.SHELL.DLL

Filesize
160KB

MD5
277735b1c0968409dd4601662e3bc9dd

SHA1
7a8d8f964a4582a340262ec3975e4badda9fd022

SHA256
0b67a859ac20ca9c2f2abfc7a334bbb155421e3b6f01c21c821e149e149dc5eb

SHA512
d0271d97843dac34bf88421acda9ebc7c59716a8a154459abd961c2e6a0ead66623baca3a1ccd6c7b73ef6090e421201c6d2917fe3d7f6095e5f23af586e0982

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.COMMON.DLL

Filesize
182KB

MD5
0b49eb7801840d69e1b4f55f676769e8

SHA1
4e4d3a019775bdcb39210b0719cae6d3d01ba855

SHA256
6ea9c2f479c9cb8784745acaf7742e05448a548beaf77cb77aef9ef878b26603

SHA512
2f04ea66b505c1908dfe66576197c142c2b737c83221e1562e7df7bbea87f452cda80a2cc71fa82017f63b130f9a1ff464b0f3c4e6b54745bf099c42b16da45a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.COMMON.DLL

Filesize
182KB

MD5
0b49eb7801840d69e1b4f55f676769e8

SHA1
4e4d3a019775bdcb39210b0719cae6d3d01ba855

SHA256
6ea9c2f479c9cb8784745acaf7742e05448a548beaf77cb77aef9ef878b26603

SHA512
2f04ea66b505c1908dfe66576197c142c2b737c83221e1562e7df7bbea87f452cda80a2cc71fa82017f63b130f9a1ff464b0f3c4e6b54745bf099c42b16da45a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.COMMON.DLL

Filesize
182KB

MD5
0b49eb7801840d69e1b4f55f676769e8

SHA1
4e4d3a019775bdcb39210b0719cae6d3d01ba855

SHA256
6ea9c2f479c9cb8784745acaf7742e05448a548beaf77cb77aef9ef878b26603

SHA512
2f04ea66b505c1908dfe66576197c142c2b737c83221e1562e7df7bbea87f452cda80a2cc71fa82017f63b130f9a1ff464b0f3c4e6b54745bf099c42b16da45a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.COMMON.DLL

Filesize
182KB

MD5
0b49eb7801840d69e1b4f55f676769e8

SHA1
4e4d3a019775bdcb39210b0719cae6d3d01ba855

SHA256
6ea9c2f479c9cb8784745acaf7742e05448a548beaf77cb77aef9ef878b26603

SHA512
2f04ea66b505c1908dfe66576197c142c2b737c83221e1562e7df7bbea87f452cda80a2cc71fa82017f63b130f9a1ff464b0f3c4e6b54745bf099c42b16da45a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.DLL

Filesize
248KB

MD5
c25deccb6f63a3c5676c3bf7092801ab

SHA1
8c24cf66c2e37c4f80228aa92e27f833115c27d1

SHA256
18939c51f062af12d6d027571a88ff0bb5cce44c35e758de851408f30229ae8c

SHA512
dc1262e79b6b9eb6c6722880c830d5f0584db7ac5ab3a319accf07e5c6be2b95309768ac2d9fe96dd78f5d51c147ad13c8d23f0fa6051d52ef521264b7734496

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.DLL

Filesize
248KB

MD5
c25deccb6f63a3c5676c3bf7092801ab

SHA1
8c24cf66c2e37c4f80228aa92e27f833115c27d1

SHA256
18939c51f062af12d6d027571a88ff0bb5cce44c35e758de851408f30229ae8c

SHA512
dc1262e79b6b9eb6c6722880c830d5f0584db7ac5ab3a319accf07e5c6be2b95309768ac2d9fe96dd78f5d51c147ad13c8d23f0fa6051d52ef521264b7734496

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.DLL

Filesize
248KB

MD5
c25deccb6f63a3c5676c3bf7092801ab

SHA1
8c24cf66c2e37c4f80228aa92e27f833115c27d1

SHA256
18939c51f062af12d6d027571a88ff0bb5cce44c35e758de851408f30229ae8c

SHA512
dc1262e79b6b9eb6c6722880c830d5f0584db7ac5ab3a319accf07e5c6be2b95309768ac2d9fe96dd78f5d51c147ad13c8d23f0fa6051d52ef521264b7734496

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.17498\PRODUCTLABEL.DLL

Filesize
248KB

MD5
c25deccb6f63a3c5676c3bf7092801ab

SHA1
8c24cf66c2e37c4f80228aa92e27f833115c27d1

SHA256
18939c51f062af12d6d027571a88ff0bb5cce44c35e758de851408f30229ae8c

SHA512
dc1262e79b6b9eb6c6722880c830d5f0584db7ac5ab3a319accf07e5c6be2b95309768ac2d9fe96dd78f5d51c147ad13c8d23f0fa6051d52ef521264b7734496

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.COMMON.MIXPANEL.DLL

Filesize
64KB

MD5
49e0e8f437c146e630e8d7c878f874a7

SHA1
736cf402467778122c51d63103f913ea511f1927

SHA256
9ef6813ded99f6d6f264bac6131de6a84d641ecd5bd6741c875754169cff3e96

SHA512
ccc9e64760f69f8648d080a9ed3f34dcb1b76846825f2b85f56bb308d120125ec4b2af50c8835a071fa26c1eff6b7d1f65d0005433079e4172eb398eae0c5f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.COMMON.MIXPANEL.DLL

Filesize
64KB

MD5
49e0e8f437c146e630e8d7c878f874a7

SHA1
736cf402467778122c51d63103f913ea511f1927

SHA256
9ef6813ded99f6d6f264bac6131de6a84d641ecd5bd6741c875754169cff3e96

SHA512
ccc9e64760f69f8648d080a9ed3f34dcb1b76846825f2b85f56bb308d120125ec4b2af50c8835a071fa26c1eff6b7d1f65d0005433079e4172eb398eae0c5f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL

Filesize
362KB

MD5
77059ad7cd80d2f5126ae7190752acac

SHA1
0b8124ada148c3473c1e7bd86d82d7fa7cb7809e

SHA256
229aa8d3833d5d44392f774e4d00b399d3b88a6e165913cda0784d06a82fdcd5

SHA512
1414fc9878c94c6b986f4cce249833133420832e9c62c066fb56de45b76c20968c40f287720a2df83eb6d19116ee9bd997de92588902d5e87024f1d870922a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.CORE.DLL

Filesize
362KB

MD5
77059ad7cd80d2f5126ae7190752acac

SHA1
0b8124ada148c3473c1e7bd86d82d7fa7cb7809e

SHA256
229aa8d3833d5d44392f774e4d00b399d3b88a6e165913cda0784d06a82fdcd5

SHA512
1414fc9878c94c6b986f4cce249833133420832e9c62c066fb56de45b76c20968c40f287720a2df83eb6d19116ee9bd997de92588902d5e87024f1d870922a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL

Filesize
345KB

MD5
3b2a564303c77fd8b4a6ee1e99d2d540

SHA1
f8311b77e7ce5385b69e2e4841b130ab8b65fdcf

SHA256
571f6098818e39b9276474549e3b8d91e0a4b70a21d7fca1fc1007f76f855401

SHA512
6062f9433273000b3186c90873d4f8c5b8cf7b9e883d29e359a957cef1aaa3d41814ad4002f3091f33f2408edebf71f895c858400391518ed341e0c35b2d7c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.ENGINE.DLL

Filesize
345KB

MD5
3b2a564303c77fd8b4a6ee1e99d2d540

SHA1
f8311b77e7ce5385b69e2e4841b130ab8b65fdcf

SHA256
571f6098818e39b9276474549e3b8d91e0a4b70a21d7fca1fc1007f76f855401

SHA512
6062f9433273000b3186c90873d4f8c5b8cf7b9e883d29e359a957cef1aaa3d41814ad4002f3091f33f2408edebf71f895c858400391518ed341e0c35b2d7c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE

Filesize
1.5MB

MD5
ca52e4a0309eb40c2dcd4244a9b2aeaa

SHA1
b859913460456af225e02aeb062d07c90e0f1708

SHA256
e19bf508ad716254f506fa6a65256bcea1312174de344a5d5be5434fe6d2afa7

SHA512
c5185d2b78ca54ce1aa0b69c9095d2b0990edf48cf3f5cd8e785a26e0fade1974df992d7969e23596158dcb44f3ddbbf6b6153169f0c71d47ee0b29991d2be71

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL

Filesize
166KB

MD5
51de5cd119bc830206de93ee96444a88

SHA1
0b590ade2e7cda07140f2b0f6aa05a9627922b31

SHA256
4f4b0f11acf7edb61f6f8ed26d03a9691e2e51c9aa3b53438ef30689abc2c1be

SHA512
3bc36446e1bd8e337dd65d73167079d9d8931fcc86337c67af0cfbdd061884219a9a13e719a4cec1684321080081b76ccb64c55a676192ebbe66d11b93c22cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.LOGGING.DLL

Filesize
166KB

MD5
51de5cd119bc830206de93ee96444a88

SHA1
0b590ade2e7cda07140f2b0f6aa05a9627922b31

SHA256
4f4b0f11acf7edb61f6f8ed26d03a9691e2e51c9aa3b53438ef30689abc2c1be

SHA512
3bc36446e1bd8e337dd65d73167079d9d8931fcc86337c67af0cfbdd061884219a9a13e719a4cec1684321080081b76ccb64c55a676192ebbe66d11b93c22cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL

Filesize
205KB

MD5
225311ccba1fa5842ce1353875ccc572

SHA1
989723cc8e2b0317fbff4401f877320790513df2

SHA256
7a5470a20a27d9df5589d24c30eb41621dd2ff96bf13bba67d64be6514f3f1ac

SHA512
8613f6e725fc6b425fa2cd3dbcb0699e13ba2ebabab91d8d4df40235819fa0fd3c93ca81c267c62c3595b85b7e7b780aee1aec761a44561cf081a1ee9736126c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\AVIRA.SPOTLIGHT.BOOTSTRAPPER.REACTIVE.DLL

Filesize
205KB

MD5
225311ccba1fa5842ce1353875ccc572

SHA1
989723cc8e2b0317fbff4401f877320790513df2

SHA256
7a5470a20a27d9df5589d24c30eb41621dd2ff96bf13bba67d64be6514f3f1ac

SHA512
8613f6e725fc6b425fa2cd3dbcb0699e13ba2ebabab91d8d4df40235819fa0fd3c93ca81c267c62c3595b85b7e7b780aee1aec761a44561cf081a1ee9736126c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\DRYIOC.DLL

Filesize
438KB

MD5
2178d7eca6ab43ced708ca20a6722a68

SHA1
937536b753b5a4404ed312d0e9a778c67433e771

SHA256
78939516bcac09c1f71e7e33d9a5df07ca6ec4fdd390bc164d20edf01371d5af

SHA512
8f19cac88cb3b1e34cc4b2d5a1429caaf1a9538a23f368cc718d2ef7762bcda3abfbfe4c012c659525fab2fdbb09cb0757ea7557bf3e36fb6bd8f8ec4923bf98

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\DRYIOC.DLL

Filesize
438KB

MD5
2178d7eca6ab43ced708ca20a6722a68

SHA1
937536b753b5a4404ed312d0e9a778c67433e771

SHA256
78939516bcac09c1f71e7e33d9a5df07ca6ec4fdd390bc164d20edf01371d5af

SHA512
8f19cac88cb3b1e34cc4b2d5a1429caaf1a9538a23f368cc718d2ef7762bcda3abfbfe4c012c659525fab2fdbb09cb0757ea7557bf3e36fb6bd8f8ec4923bf98

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\DRYIOC.MEFATTRIBUTEDMODEL.DLL

Filesize
69KB

MD5
3aa463876fbdc1d6eea8a195c33ca8d4

SHA1
041df6a3d73ed18c7357e6e6087de0f6b08e7d3d

SHA256
52c2b170499fc6264c4757f3fe8c8ab056aa64caca818fd6b0ec7f55aa611e1b

SHA512
66897b16866b3ba8cb3fcfd5c2f3f41b88b6cddc21ed44ba0a1cb8ee928ccb3e84d14cec868ba683a3295d8fb41668bb6cd1d3e2d3d86cc7d3f83c0c552c5721

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\DRYIOC.MEFATTRIBUTEDMODEL.DLL

Filesize
69KB

MD5
3aa463876fbdc1d6eea8a195c33ca8d4

SHA1
041df6a3d73ed18c7357e6e6087de0f6b08e7d3d

SHA256
52c2b170499fc6264c4757f3fe8c8ab056aa64caca818fd6b0ec7f55aa611e1b

SHA512
66897b16866b3ba8cb3fcfd5c2f3f41b88b6cddc21ed44ba0a1cb8ee928ccb3e84d14cec868ba683a3295d8fb41668bb6cd1d3e2d3d86cc7d3f83c0c552c5721

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\DRYIOCATTRIBUTES.DLL

Filesize
32KB

MD5
76629f898346e0e1462655bfe6a28821

SHA1
a5591a4fb8d153256ce0ef02e0225df04c7b289a

SHA256
125f3cb6d9cd6c0fa087d6a8343e983d340d5dada2dbfe05e6bf2288f12a8f12

SHA512
238577f9560018eafb2735e51120d4ac04ddd4e51b9e64471af9da563e58cc3c012ea72f57f0f1fd5bbc668cfb2b256b171c7a965a7968da5603def94d2a3998

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\DRYIOCATTRIBUTES.DLL

Filesize
32KB

MD5
76629f898346e0e1462655bfe6a28821

SHA1
a5591a4fb8d153256ce0ef02e0225df04c7b289a

SHA256
125f3cb6d9cd6c0fa087d6a8343e983d340d5dada2dbfe05e6bf2288f12a8f12

SHA512
238577f9560018eafb2735e51120d4ac04ddd4e51b9e64471af9da563e58cc3c012ea72f57f0f1fd5bbc668cfb2b256b171c7a965a7968da5603def94d2a3998

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\MICROSOFT.WINDOWS.SHELL.DLL

Filesize
160KB

MD5
e30f3664d10ed36454e2e60b9a7b7517

SHA1
a9887ab8ed02bfa3540354004dd859ff35d71a0f

SHA256
32217df3aebb45f4db96b5c50b4005c6498670b0d1267161c748ab5d69f355e9

SHA512
b76a049e544eaf974dc20f6a69e3e6c6c0c57a6da50b86ce24899459fd5768ecc41dbf866a34fa190e5608bef85edf29c3334e44cdbedd79c3c719631ea55bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\MICROSOFT.WINDOWS.SHELL.DLL

Filesize
160KB

MD5
e30f3664d10ed36454e2e60b9a7b7517

SHA1
a9887ab8ed02bfa3540354004dd859ff35d71a0f

SHA256
32217df3aebb45f4db96b5c50b4005c6498670b0d1267161c748ab5d69f355e9

SHA512
b76a049e544eaf974dc20f6a69e3e6c6c0c57a6da50b86ce24899459fd5768ecc41dbf866a34fa190e5608bef85edf29c3334e44cdbedd79c3c719631ea55bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.COMMON.DLL

Filesize
181KB

MD5
b28dd515c279756dafa231c563f4b2fb

SHA1
59529e1afafb0edac6c75e99b050c249ea8e6c3e

SHA256
72b0d3316204164ea6ee60e0af5a9ae4c6f0522df8647bcd0067dc82c60fed45

SHA512
09f77e931d7eb2c883efc4a4b5352d7dd1d6e3b95363c05049fe07c4e3153b01b64d3ff4893545b5897f1a337431350501cfea990362c1d88657cfbbfe710b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.COMMON.DLL

Filesize
181KB

MD5
b28dd515c279756dafa231c563f4b2fb

SHA1
59529e1afafb0edac6c75e99b050c249ea8e6c3e

SHA256
72b0d3316204164ea6ee60e0af5a9ae4c6f0522df8647bcd0067dc82c60fed45

SHA512
09f77e931d7eb2c883efc4a4b5352d7dd1d6e3b95363c05049fe07c4e3153b01b64d3ff4893545b5897f1a337431350501cfea990362c1d88657cfbbfe710b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.COMMON.DLL

Filesize
181KB

MD5
b28dd515c279756dafa231c563f4b2fb

SHA1
59529e1afafb0edac6c75e99b050c249ea8e6c3e

SHA256
72b0d3316204164ea6ee60e0af5a9ae4c6f0522df8647bcd0067dc82c60fed45

SHA512
09f77e931d7eb2c883efc4a4b5352d7dd1d6e3b95363c05049fe07c4e3153b01b64d3ff4893545b5897f1a337431350501cfea990362c1d88657cfbbfe710b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.COMMON.DLL

Filesize
181KB

MD5
b28dd515c279756dafa231c563f4b2fb

SHA1
59529e1afafb0edac6c75e99b050c249ea8e6c3e

SHA256
72b0d3316204164ea6ee60e0af5a9ae4c6f0522df8647bcd0067dc82c60fed45

SHA512
09f77e931d7eb2c883efc4a4b5352d7dd1d6e3b95363c05049fe07c4e3153b01b64d3ff4893545b5897f1a337431350501cfea990362c1d88657cfbbfe710b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.DLL

Filesize
247KB

MD5
03686671b9a9c4a1e36e2a4bef4f0bc4

SHA1
65985b29c6ce04ca1684a2758f9d19eb7a40b48c

SHA256
73c49d192c1b64f6aa80bb65403227dfc69d02d6f8d542998892370d0307e9d7

SHA512
7b0cb6482ccf9dafdb1d849d91ee6d37bcae9661146030ee8a862018ea24e22955dafefdd22b06aa7d13009ead94100e6b32c7bfc3df383c6e8e148ed064f7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.DLL

Filesize
247KB

MD5
03686671b9a9c4a1e36e2a4bef4f0bc4

SHA1
65985b29c6ce04ca1684a2758f9d19eb7a40b48c

SHA256
73c49d192c1b64f6aa80bb65403227dfc69d02d6f8d542998892370d0307e9d7

SHA512
7b0cb6482ccf9dafdb1d849d91ee6d37bcae9661146030ee8a862018ea24e22955dafefdd22b06aa7d13009ead94100e6b32c7bfc3df383c6e8e148ed064f7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.DLL

Filesize
247KB

MD5
03686671b9a9c4a1e36e2a4bef4f0bc4

SHA1
65985b29c6ce04ca1684a2758f9d19eb7a40b48c

SHA256
73c49d192c1b64f6aa80bb65403227dfc69d02d6f8d542998892370d0307e9d7

SHA512
7b0cb6482ccf9dafdb1d849d91ee6d37bcae9661146030ee8a862018ea24e22955dafefdd22b06aa7d13009ead94100e6b32c7bfc3df383c6e8e148ed064f7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.20240\PRODUCTLABEL.DLL

Filesize
247KB

MD5
03686671b9a9c4a1e36e2a4bef4f0bc4

SHA1
65985b29c6ce04ca1684a2758f9d19eb7a40b48c

SHA256
73c49d192c1b64f6aa80bb65403227dfc69d02d6f8d542998892370d0307e9d7

SHA512
7b0cb6482ccf9dafdb1d849d91ee6d37bcae9661146030ee8a862018ea24e22955dafefdd22b06aa7d13009ead94100e6b32c7bfc3df383c6e8e148ed064f7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.CR.7663\Avira_Security_Installation.xml

Filesize
1KB

MD5
05296b985111f48168c052d36694dbf5

SHA1
9c2328e06de5b8fefe053948ff85111d7a051e0b

SHA256
af60472c62e110039195774de67fe28cd18ff6c167acf2c3e75f774ef22b359f

SHA512
1883508c619d07838af91035aa74ea1e576f0490767e930a2774a55f4ef5344af9672ef8dc26274cfdad362c316d59adf45478f87c1dee4c1f0bd7f153c64d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\f926075d-340f-4720-907b-1be6d0870c27\_.exe

Filesize
5.7MB

MD5
85ddb6b0301a2bca0eba9d647d5521b3

SHA1
9dcd4ad1617387f20784775b0884da78a0e370f8

SHA256
c11bfd3d7eaf905c5b40e3328149a142b6cfb7d44a93159c3c96ff39d3bdbb34

SHA512
a103a641fdf91a0d84568714ba2ec10508d5dbcd247b6ec9a37122889b471df91cd436bc20b061d52cedac5cf58eb75c3c635626273af77e4a920b970d03cbf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\f926075d-340f-4720-907b-1be6d0870c27\_.exe

Filesize
5.7MB

MD5
85ddb6b0301a2bca0eba9d647d5521b3

SHA1
9dcd4ad1617387f20784775b0884da78a0e370f8

SHA256
c11bfd3d7eaf905c5b40e3328149a142b6cfb7d44a93159c3c96ff39d3bdbb34

SHA512
a103a641fdf91a0d84568714ba2ec10508d5dbcd247b6ec9a37122889b471df91cd436bc20b061d52cedac5cf58eb75c3c635626273af77e4a920b970d03cbf3

Download Submit
memory/3028-221-0x0000000005AF0000-0x0000000005B32000-memory.dmp

Filesize
264KB

Download
memory/3028-232-0x0000000005C70000-0x0000000005CA6000-memory.dmp

Filesize
216KB

Download
memory/3028-197-0x0000000000BC0000-0x0000000000D46000-memory.dmp

Filesize
1.5MB

Download
memory/3028-207-0x00000000059E0000-0x0000000005A3E000-memory.dmp

Filesize
376KB

Download
memory/3028-216-0x0000000005A70000-0x0000000005AA0000-memory.dmp

Filesize
192KB

Download
memory/3028-238-0x0000000008FD0000-0x0000000009062000-memory.dmp

Filesize
584KB

Download
memory/3028-203-0x0000000005950000-0x000000000597C000-memory.dmp

Filesize
176KB

Download
memory/3028-237-0x0000000005FF0000-0x0000000005FF8000-memory.dmp

Filesize
32KB

Download
memory/3028-236-0x0000000005CD0000-0x0000000005CDA000-memory.dmp

Filesize
40KB

Download
memory/3028-210-0x00000000059C0000-0x00000000059D6000-memory.dmp

Filesize
88KB

Download
memory/3028-235-0x0000000005BE0000-0x0000000005BF4000-memory.dmp

Filesize
80KB

Download
memory/3028-226-0x0000000005B80000-0x0000000005BAC000-memory.dmp

Filesize
176KB

Download
memory/3028-200-0x0000000005570000-0x00000000055E0000-memory.dmp

Filesize
448KB

Download
memory/3028-213-0x00000000059A0000-0x00000000059AC000-memory.dmp

Filesize
48KB

Download
memory/3028-229-0x0000000005C10000-0x0000000005C6A000-memory.dmp

Filesize
360KB

Download
memory/4872-168-0x0000000005460000-0x00000000054B8000-memory.dmp

Filesize
352KB

Download
memory/4872-151-0x00000000051E0000-0x00000000051EC000-memory.dmp

Filesize
48KB

Download
memory/4872-142-0x0000000005190000-0x00000000051BC000-memory.dmp

Filesize
176KB

Download
memory/4872-181-0x00000000057F0000-0x00000000057F8000-memory.dmp

Filesize
32KB

Download
memory/4872-182-0x00000000058E0000-0x0000000005930000-memory.dmp

Filesize
320KB

Download
memory/4872-183-0x0000000005F00000-0x0000000005F3C000-memory.dmp

Filesize
240KB

Download
memory/4872-145-0x0000000005220000-0x000000000527A000-memory.dmp

Filesize
360KB

Download
memory/4872-184-0x0000000000980000-0x00000000009A2000-memory.dmp

Filesize
136KB

Download
memory/4872-148-0x00000000051C0000-0x00000000051D6000-memory.dmp

Filesize
88KB

Download
memory/4872-178-0x0000000005450000-0x000000000545A000-memory.dmp

Filesize
40KB

Download
memory/4872-175-0x0000000005500000-0x0000000005512000-memory.dmp

Filesize
72KB

Download
memory/4872-185-0x0000000006800000-0x0000000006808000-memory.dmp

Filesize
32KB

Download
memory/4872-174-0x0000000005420000-0x0000000005434000-memory.dmp

Filesize
80KB

Download
memory/4872-139-0x0000000004DB0000-0x0000000004E20000-memory.dmp

Filesize
448KB

Download
memory/4872-154-0x00000000052B0000-0x00000000052E0000-memory.dmp

Filesize
192KB

Download
memory/4872-159-0x0000000005350000-0x0000000005392000-memory.dmp

Filesize
264KB

Download
memory/4872-171-0x00000000054C0000-0x00000000054F6000-memory.dmp

Filesize
216KB

Download
memory/4872-190-0x0000000009F50000-0x0000000009F5E000-memory.dmp

Filesize
56KB

Download
memory/4872-136-0x00000000002B0000-0x0000000000436000-memory.dmp

Filesize
1.5MB

Download
memory/4872-165-0x00000000053D0000-0x00000000053FC000-memory.dmp

Filesize
176KB

Download
memory/4872-162-0x0000000005950000-0x0000000005EF4000-memory.dmp

Filesize
5.6MB

Download
memory/4872-188-0x0000000009240000-0x0000000009250000-memory.dmp

Filesize
64KB

Download
memory/4872-189-0x0000000009E00000-0x0000000009E38000-memory.dmp

Filesize
224KB

Download