811f17cb1e3e1bf202c254d755f3b00a3289366db84ca61ebef786f9397755e0

Resubmissions

28/03/2025, 09:45

250328-lq2j9at1bz 8

28/03/2025, 09:41

250328-lnyetawnt5 3

Analysis

max time kernel
89s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Avira Phantom VPN 2.44.1.19908.exe
Size

6.2MB
MD5

f0ff203da7a5dbf52f89bf4930dfb005
SHA1

6ecad7e1e9b4d3800db11deb846bc828d613114f
SHA256

377ec7ee0fe6f11f6b06bee64c4db9a86d40c3ca6f376854b07b07c2a5715c4b
SHA512

af644df1f92142611ba00b1df5d6c5220a5adb09f2886e023a7cbad8d563c3cb49ed05643ddd4060827497ed2c71b92dc4d8007dd1c7200433a3887f23f00401
SSDEEP

98304:HdsI+4xafVgFN53emA6EUBM40WzIGJeqVzYMjV+YYUP9NaLyzLHiKsig:yI+4IUy6EEqGD/jdlNaWKKrg

Score

8^/10

defense_evasion discovery execution persistence privilege_escalation spyware stealer

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Modifies Windows Firewall 2 TTPs 3 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2412	netsh.exe
6104	netsh.exe
3552	netsh.exe

Executes dropped EXE 10 IoCs

pid	Process
4220	Avira Phantom VPN 2.44.1.19908.tmp
5708	Avira.VpnService.exe
1548	Avira.WebAppHost.exe
872	Avira.WebAppHost.exe
5240	Avira.NetworkBlocker.exe
4500	Avira.WebAppHost.exe
5128	Avira.WebAppHost.exe
4724	Avira.WebAppHost.exe
3080	Avira.WebAppHost.exe
3224	Avira.WebAppHost.exe

Loads dropped DLL 4 IoCs

pid	Process
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Security\Benchmark	Avira.VpnService.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Avira\VPN\OpenVpn\libcrypto-1_1.dll	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-G38FT.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\uninstaller.exe	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\is-4O7JE.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-MBAVH.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-6O02F.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-58N6A.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-V4L05.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-K3UNI.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\Avira.VPN.OeConnector.dll	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-VV549.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-PPPE0.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-2FJCH.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-TLS9U.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-ODABI.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-RAV56.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-267UP.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-SVSMP.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win10\amd64\is-5721G.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\it-IT\is-CP5JV.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-T8FUR.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\is-5MC56.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\fonts\is-4VT9M.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-3SQC7.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\css\is-I4Q40.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\is-RT89J.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-90O44.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-S3R41.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-GGV5Q.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-JR5IJ.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-5428S.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-PK2OG.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\is-881H1.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\Avira.Acp.dll	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\fonts\is-ERQ2A.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\Update	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-MEGNL.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-53G85.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-E4UTA.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-ANBP7.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-UQ636.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\nl-NL\is-LG72D.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\is-OFD6P.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-8FBG7.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-G19E8.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\Templates\images\is-3IN9L.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\is-GDM1S.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\is-6F805.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win7\amd64\tapinstall.exe	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\gif\is-50DUV.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\Templates\is-H3M38.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-JK8C0.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-K09LE.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-G3GNV.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-2PB5H.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File opened for modification	C:\Program Files (x86)\Avira\VPN\Avira.Messaging.dll	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-VHRFO.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-UPHCP.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-M6A89.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-LRL1K.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\OpenVpn\TAP\win7\i386\is-2430P.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\Templates\is-B0P55.tmp	Avira Phantom VPN 2.44.1.19908.tmp
File created	C:\Program Files (x86)\Avira\VPN\is-EJEU6.tmp	Avira Phantom VPN 2.44.1.19908.tmp

Launches sc.exe 3 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4356	sc.exe
2568	sc.exe
3436	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avira Phantom VPN 2.44.1.19908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avira.NetworkBlocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avira Phantom VPN 2.44.1.19908.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Avira.VpnService.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Avira.VpnService.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Avira.VpnService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Avira.VpnService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Avira.VpnService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Avira.VpnService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Avira.VpnService.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	Avira.VpnService.exe

Modifies registry class 17 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "c5f632c7c479465d984383c210cd21668574f16f"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\machine = "b155e2126f514ed8ac791bd19df987d9863832bb"	Avira.VpnService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "ae06da62004141359187bf858cf9815019232098"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "94843411be3941ef8058746842c19a3eaac03e76"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "2a5e42acdc974f91ab2ba7f5e8a1e29eeda7b1b0"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "9a401401c22e4f4493897b557b193aa515ae51b4"	Avira.VpnService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "843ca0267aaf4a5e97b647ce861f5bbae917c046"	Avira.VpnService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "3be21946a03c42188aa327b7e8eed2ceef6f7765"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "648499b4cd1c47b9854e522d4cc621f13ea99761"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "6d6eecec5862461587506468792597c80cbe698b"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "684682330434484eb8a12fd0c1bb44b2dd8d3277"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "ffa313552db647c5874e20d759dbe4ab5306bf74"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "2cb430b434d4444f80279e4d34b5c48ab2249d9b"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "180f55364d4e4bf78f6b854d9d11cfae717bce3b"	Avira.WebAppHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\telemetry = "51003fc719cd4b049a12deff76eb2dc1e832610e"	Avira.WebAppHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}	Avira.VpnService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}\vpnclient = "cd832c73ae4446f795cb433456d4cfab47c0e1cb"	Avira.WebAppHost.exe

Modifies system certificate store 2 TTPs 2 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\Software\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD	Avira.WebAppHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000\Software\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd140000000100000014000000b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4040000000100000010000000e67b586f7046bfe0aa51f6660b119dd90f00000001000000200000003689022b62bd20e807ccc1f32720ab2a9eeb0712e84cc373464b29cc436def971900000001000000100000003b878212830eb36469856f1c683b836c5c0000000100000004000000000800001800000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4	Avira.WebAppHost.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
5708	Avira.VpnService.exe
1548	Avira.WebAppHost.exe
1548	Avira.WebAppHost.exe
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	5708	Avira.VpnService.exe
Token: SeDebugPrivilege	1548	Avira.WebAppHost.exe
Token: SeDebugPrivilege	872	Avira.WebAppHost.exe
Token: SeDebugPrivilege	4500	Avira.WebAppHost.exe
Token: SeDebugPrivilege	5128	Avira.WebAppHost.exe
Token: SeDebugPrivilege	4724	Avira.WebAppHost.exe
Token: SeDebugPrivilege	3080	Avira.WebAppHost.exe
Token: SeDebugPrivilege	3224	Avira.WebAppHost.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
4220	Avira Phantom VPN 2.44.1.19908.tmp
1548	Avira.WebAppHost.exe
1548	Avira.WebAppHost.exe
4500	Avira.WebAppHost.exe
4500	Avira.WebAppHost.exe
5128	Avira.WebAppHost.exe
5128	Avira.WebAppHost.exe
4724	Avira.WebAppHost.exe
4724	Avira.WebAppHost.exe
3080	Avira.WebAppHost.exe
3080	Avira.WebAppHost.exe
3224	Avira.WebAppHost.exe
3224	Avira.WebAppHost.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1548	Avira.WebAppHost.exe
1548	Avira.WebAppHost.exe
4500	Avira.WebAppHost.exe
4500	Avira.WebAppHost.exe
5128	Avira.WebAppHost.exe
5128	Avira.WebAppHost.exe
4724	Avira.WebAppHost.exe
4724	Avira.WebAppHost.exe
3080	Avira.WebAppHost.exe
3080	Avira.WebAppHost.exe
3224	Avira.WebAppHost.exe
3224	Avira.WebAppHost.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
4220	Avira Phantom VPN 2.44.1.19908.tmp
1548	Avira.WebAppHost.exe
1548	Avira.WebAppHost.exe
4500	Avira.WebAppHost.exe
4500	Avira.WebAppHost.exe
5128	Avira.WebAppHost.exe
5128	Avira.WebAppHost.exe
4724	Avira.WebAppHost.exe
4724	Avira.WebAppHost.exe
3080	Avira.WebAppHost.exe
3080	Avira.WebAppHost.exe
3224	Avira.WebAppHost.exe
3224	Avira.WebAppHost.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 4220	2400	Avira Phantom VPN 2.44.1.19908.exe	82
PID 2400 wrote to memory of 4220	2400	Avira Phantom VPN 2.44.1.19908.exe	82
PID 2400 wrote to memory of 4220	2400	Avira Phantom VPN 2.44.1.19908.exe	82
PID 4220 wrote to memory of 4828	4220	Avira Phantom VPN 2.44.1.19908.tmp	83
PID 4220 wrote to memory of 4828	4220	Avira Phantom VPN 2.44.1.19908.tmp	83
PID 4220 wrote to memory of 4828	4220	Avira Phantom VPN 2.44.1.19908.tmp	83
PID 4828 wrote to memory of 5864	4828	net.exe	85
PID 4828 wrote to memory of 5864	4828	net.exe	85
PID 4828 wrote to memory of 5864	4828	net.exe	85
PID 4220 wrote to memory of 4356	4220	Avira Phantom VPN 2.44.1.19908.tmp	87
PID 4220 wrote to memory of 4356	4220	Avira Phantom VPN 2.44.1.19908.tmp	87
PID 4220 wrote to memory of 4356	4220	Avira Phantom VPN 2.44.1.19908.tmp	87
PID 4220 wrote to memory of 2568	4220	Avira Phantom VPN 2.44.1.19908.tmp	89
PID 4220 wrote to memory of 2568	4220	Avira Phantom VPN 2.44.1.19908.tmp	89
PID 4220 wrote to memory of 2568	4220	Avira Phantom VPN 2.44.1.19908.tmp	89
PID 4220 wrote to memory of 3436	4220	Avira Phantom VPN 2.44.1.19908.tmp	91
PID 4220 wrote to memory of 3436	4220	Avira Phantom VPN 2.44.1.19908.tmp	91
PID 4220 wrote to memory of 3436	4220	Avira Phantom VPN 2.44.1.19908.tmp	91
PID 4220 wrote to memory of 3552	4220	Avira Phantom VPN 2.44.1.19908.tmp	95
PID 4220 wrote to memory of 3552	4220	Avira Phantom VPN 2.44.1.19908.tmp	95
PID 4220 wrote to memory of 3552	4220	Avira Phantom VPN 2.44.1.19908.tmp	95
PID 4220 wrote to memory of 6104	4220	Avira Phantom VPN 2.44.1.19908.tmp	96
PID 4220 wrote to memory of 6104	4220	Avira Phantom VPN 2.44.1.19908.tmp	96
PID 4220 wrote to memory of 6104	4220	Avira Phantom VPN 2.44.1.19908.tmp	96
PID 4220 wrote to memory of 2412	4220	Avira Phantom VPN 2.44.1.19908.tmp	97
PID 4220 wrote to memory of 2412	4220	Avira Phantom VPN 2.44.1.19908.tmp	97
PID 4220 wrote to memory of 2412	4220	Avira Phantom VPN 2.44.1.19908.tmp	97
PID 4220 wrote to memory of 1548	4220	Avira Phantom VPN 2.44.1.19908.tmp	98
PID 4220 wrote to memory of 1548	4220	Avira Phantom VPN 2.44.1.19908.tmp	98
PID 5708 wrote to memory of 5240	5708	Avira.VpnService.exe	105
PID 5708 wrote to memory of 5240	5708	Avira.VpnService.exe	105
PID 5708 wrote to memory of 5240	5708	Avira.VpnService.exe	105

C:\Users\Admin\AppData\Local\Temp\Avira Phantom VPN 2.44.1.19908.exe
"C:\Users\Admin\AppData\Local\Temp\Avira Phantom VPN 2.44.1.19908.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\is-DD1VB.tmp\Avira Phantom VPN 2.44.1.19908.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DD1VB.tmp\Avira Phantom VPN 2.44.1.19908.tmp" /SL5="$40178,6139874,64512,C:\Users\Admin\AppData\Local\Temp\Avira Phantom VPN 2.44.1.19908.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4220
- - C:\Windows\SysWOW64\net.exe
    "net" stop "AviraPhantomVPN"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "AviraPhantomVPN"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5864
- - C:\Windows\SysWOW64\sc.exe
    "C:\Windows\system32\sc.exe" create "AviraPhantomVPN" binPath= "C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe" start= auto error= ignore DisplayName= "Avira Phantom VPN"
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:4356
- - C:\Windows\SysWOW64\sc.exe
    "C:\Windows\system32\sc.exe" description "AviraPhantomVPN" "AviraPhantomVPN"
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:2568
- - C:\Windows\SysWOW64\sc.exe
    "C:\Windows\system32\sc.exe" start "AviraPhantomVPN"
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:3436
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="Avira Phantom VPN"
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:3552
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Avira Phantom VPN" program="C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe" dir=in enable=yes profile=any action=allow
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:6104
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Avira Phantom VPN" program="C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe" dir=out enable=yes profile=any action=allow
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:2412
- - C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
    "C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1548

C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
"C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe"
1⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5708
- C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe
  "C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe" delete
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5240

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe" /migrateSettings
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:872

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4500

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5128

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4724

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3080

C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Avira\VPN\App\css\vpn-1.0.0.min.css

Filesize
61KB

MD5
ce81ba3abcd5c48c382d5865c6d74357

SHA1
f20c01e18d208d1c23c3a46dfd4d2c3dbed23664

SHA256
2d59cde155d35fdcac02506b31f5c636c24d3994f2e5f00e59374145ee54d4ff

SHA512
da936bf3ebf9290a5e3cfb3c9811b122d1738bafd473309f9f1821852e9644705e8f4e9e4948c3531c16b84703fc766447c25786ac93d98cdeb9cc8f93c60f36

Download Submit
C:\Program Files (x86)\Avira\VPN\App\css\vpn-vendor-1.0.0.min.css

Filesize
50KB

MD5
3e010afca2c5420d1793cd51ede3ea14

SHA1
190f42c1d34aa8de83939619df0440401b01f869

SHA256
7146bb2cd47b3bf090b202cd88c53467318f534c5f4e079c1ac3bf7be56f485f

SHA512
01b6062081c22503c24ef8cc55f5ecbd089ff36f102d35a9a1b919a4ab7851f69d59929e69579fc9d647a98d22b44720d758f0d838b8b8eed6e650322c21c475

Download Submit
C:\Program Files (x86)\Avira\VPN\App\fonts\KievitWeb-Light.woff

Filesize
54KB

MD5
a8a9d6aaf9f3940badc66e2a2aa21047

SHA1
8d2cd2f4fd9fd36f19033c01272dc3fe43bccdb7

SHA256
a791aba3842d3766494ad0aa2a1b9cdbd2bb8aa8b2235aedea82e993c851a1ab

SHA512
46561f0b8f178e4e4cc836a4561d12f6a0670543ac5567bcede9cb193bfdb4bf654e3f01372210f158ae3de58643e4c963c1e1cb788f497ee817877a019fcfd4

Download Submit
C:\Program Files (x86)\Avira\VPN\App\images\gif\loading.gif

Filesize
8KB

MD5
8a7630caadfb15dbd13cb469853ab004

SHA1
8947a7e8900a4e4359ded13199f4f05ee0e55e84

SHA256
c9c616de646e94b9adea60ef1e8ffe5246f82b82baa1e039b1b6007067791773

SHA512
5c229f934e5c764247f990e2b813ad8ad055c81df1739b0a773aafe1e7f1285c098ac8db24bd4a074eb8981a933955fa9ed69c0da1503259d30d397bdb5809df

Download Submit
C:\Program Files (x86)\Avira\VPN\App\images\png\regions\is-UQ636.tmp

Filesize
743B

MD5
d3b58f803a9a01a59210dd673998a229

SHA1
6caddb6c8e749e9c5b786a3984bb7bdbba2bafc5

SHA256
3cf52e677d7f7be201cbf6e3ec56ed1f48b95c47e5969ef2c2510e270133c4f0

SHA512
88aade4affd629926e473df3d26ecca5ba49c4b77da9343e58729cf3a2b1cd0b9d27d9e019018455bffd18b7a7570a5c14d918eff46deecc5821903f76094988

Download Submit
C:\Program Files (x86)\Avira\VPN\App\index.html

Filesize
3KB

MD5
1432a946255142ddb2b4a0755cc151a2

SHA1
4640485ca29a0356cf17e363c88f5880779036fd

SHA256
996d6d6631d56c80b8a000d98d485476e5d8beb0aa37bdc6fabc5a76dde9ee9f

SHA512
5a215a068994d31d3bbce71641f090d15fca0e85b0c4f4964d280165732bc774608cdd1fe033aac02f8b1946c26f862a4814fce171db451fe4e267af3d35854d

Download Submit
C:\Program Files (x86)\Avira\VPN\App\js\vpn-1.0.0.min.js

Filesize
314KB

MD5
e337f5790d7d1892802c27220d53f247

SHA1
70d31ff02bbc55f91941c7588bd4f893e9f3cc8b

SHA256
b12538b1053afefca545732f429d944ceb6d84a786e6fcf68c20bbfff51de846

SHA512
bfb4584ad5e29eb705829b6312d93ebb5ed633273e109bcb0b7c929814b59b63612c096cd1d3987f6979eabfea4356d4bc8947db8004a98934faf69256521e1d

Download Submit
C:\Program Files (x86)\Avira\VPN\App\js\vpn-vendor-1.0.0.min.js

Filesize
317KB

MD5
fd6679775b921878549ef80e6d9d59d3

SHA1
fb89bc2eb33f47cc56b00630ea79818d61fd678d

SHA256
696393aa261c0980dac558ce58fc30e9806d8b64f65c28c572b282ebf2a04f56

SHA512
66976a9b0002f1d32b6c7618a7a7c6ccbbc373ffc565415448428eb75fb60251b3b1934571b6bc725ec5ce456f5adaddfc994595cc3b1d87ef02ba3478ed7e34

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Acp.Common.dll

Filesize
14KB

MD5
271d473a99869a462e0200e1776b093c

SHA1
050bd3a95fc3c1a66a9fa11a7649afe95b48e5ca

SHA256
793dc8d33fd8190c6d87c39a860ae4d67c6f02a19b573087831b18202f8e413e

SHA512
8df6120445f10fd3a62b72a33f86b1969a42eae85d97154d5f030bebf68d579263be50ba4e0a9758bd9a8698e9680277d1491bebc1b2c91722d0ebab04275510

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Acp.Resources.dll

Filesize
54KB

MD5
318f261f2875d1b6ad27afd9aebce1da

SHA1
6230901e4b145e7ea66160e9726951931a00b7de

SHA256
839942ba4c0e36ad27355f65acf6520bbd6fa0967bfd3d9d6ddec520ca4fc3c9

SHA512
379c89f2d165a1551c459984f3aeec556499c2cc7346f4a346d5b651f5a729c44b0f84c68b48f120f8c5ddaba0bfa2895421acb7261f266dd5743ce8fa6a6c80

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Acp.dll

Filesize
151KB

MD5
93b9f3f908fd317f6400044ace1426b8

SHA1
28a81a9e705837007143c1933a436941bc0e3e73

SHA256
4c20af4eb824f54308a3d0fcb1e0c02705e36f4066a96d3187ff61cbd324bfbf

SHA512
6b32af4a9e63320ca20daea161c655ad58a4bcaffa8c0ecbe40cf2f41599a09bdc3306916e87777259ade6b120e2eb193e79ca4345268a49786159779d2aead1

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Common.Acp.AppClient.dll

Filesize
43KB

MD5
223b514db361069dbe4e56983113092a

SHA1
13a71fb55e6cda7db64df764b4073fd59ea6dce7

SHA256
c09d32229c51eb1f4bfb7132002e68acc61883fda68365fcd274439eda332af7

SHA512
2010806d2a3f60e9714e98e856fab7d651e0cd7f93bdf146ab2870c4a5581dc3809483fd045c40bbeaf1652e0bbb1d06539876d7173a03ee4a71024a2f29e7ee

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Common.Core.dll

Filesize
67KB

MD5
12cc33847b511eaab85d42a62bd7770e

SHA1
240a3ec390e8271d24687de2d24e221483d7d4dd

SHA256
48d0e13ee24af3fe5bd666b410b59f6a12dceca0fabb3038cf29779cbede835a

SHA512
94b22e8e0dcac61480213e1292a2e0d93b58d19e5ab7168ed6954a21a67cdd2c33521164d351cdb45d9621a7b21ad979c1f4f013b4f09d53fb98d338838f0e73

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.Messaging.dll

Filesize
46KB

MD5
f59d38fa0dc7bafff65f9ea5bb88490b

SHA1
a0b3da5df01e851f5880934183bf6fd0b3882657

SHA256
58d3cc5b59d8f9eb3a187de1377cd40ebf38852944b6d7d59abae64be5416cb0

SHA512
b22ec4b48f052bb049cc2c5e285efbbd2dbad1adf77f3c18b832a7bf60872984464ab2fcded4f4e7734d91fd0e671f6d2b56660d277c64b18594c6f21e6f6f81

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.NetworkBlocker.exe

Filesize
236KB

MD5
01fbb420b06ddc49ed8194292b387425

SHA1
203404e993901ba47a166938ea62ea52fabdd2b4

SHA256
f9e95d2d3760b2b56f70daad4db65781b090ff014029c6b4e2b7897d0e685cf8

SHA512
b488e8d2348e7efa39cf052007421e90fa83724b40f3599444c8dc57cdfa36e2a765d3c377cfcbc45262662844792ebc49f0f4bcf2fa6cdcaa3f3337daef6912

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.Acp.dll

Filesize
31KB

MD5
e8cdcbb79fc2efa8b55a79ae427482d3

SHA1
a25f319970661010d9e50948786832f89f493e01

SHA256
4f1da0dff5d32ef6150a6de7e37907d810f55f4f5e2aa870c4225488af2a3c3d

SHA512
df51a2d0d360618517bb8a4deaaa967d78b3c8417a5c78058516db26031bb450e626ef7c0748baa6d7cefa4fa8f9c74c32b17a761bc5b79f331c517131aa9f63

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.Core.dll

Filesize
142KB

MD5
7d002e4289804dfef8a96e31e78a3615

SHA1
6a52c77d2eead1cabc7b5d34915f389f64307dda

SHA256
04e62763024f65be2b7856d66e66974597a3073de2d532db58795b7bf375770b

SHA512
cf167bd6834ba06240c1ba5c9a85086e1fe09d20cc8590cbb44cd51044a2dfd04cc36ddcc35687973a67ccb9ddb1e504f87d5513f300ca0a30a09009e34793e8

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.NotifierClient.dll

Filesize
27KB

MD5
191011e0325600c321c13a5d642dce8c

SHA1
630384ab0c3dcff33964ca8869dd31510ecb8d8d

SHA256
b267d1b02da761ff4b2ab2cc72904eab942692929155da7c09e7368492646b89

SHA512
8d015e9c706386b47f46f51959ed28169c05b6215442eb3dab2987fd1547dbbc68903ad6667f96c37088eb933dd17bf6ed16d8da678fd44ec3ccb43d5a2be651

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VPN.OeConnector.dll

Filesize
40KB

MD5
a382bb982dac18b9b2bee6ab353827be

SHA1
5a88ae7ff1d42ce4979e2ac6f6f4d82ea12ec6fd

SHA256
b818007801ca7f12c18695aafb18475898f692c0c76a352b49167c57095999b4

SHA512
c5eb76520798a284988e084171d5c996e6cf52b94fdb8b3620aeecce5a20111b4020eb2a9f1f8fb59ecaeede97564b853088ca04237ba0fc3be32d76a5e3fd60

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

Filesize
345KB

MD5
9438d0f210f07aba8155cc7a7674a10d

SHA1
524c7c89e6f4348d8ff4769d0390abc340e89d4e

SHA256
2b2f702a8ea0ef59c8e51d81f53d895235783906d22c16b71860771547794c18

SHA512
78633755988fc840874c4cb3e9a9350f04f2b5faac38eaf5d230d90dc69b87e7c4b32d1a2f4ddf01174ef469ab2e8e794c5ad4455c20abd1600661575a3ecda1

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe.config

Filesize
8KB

MD5
caeeb2f73c7c7357eb534d18034e0165

SHA1
7c7932f023b314e4716bac8fbc1884e59f8b6313

SHA256
2eaab47d45fb6d699d45f4954437f90f8f8f723f8b0e5c727fcc5a760408ef5b

SHA512
8fdb3df3f0e8f5f7e5cf6aa0e0392e238ccff66fa5fe5de33dbfbe1498cd03cf53277e222a6c7df6dc44aec73b657d460d765e7399d32d6318d7c78ae3e32049

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe

Filesize
815KB

MD5
ea069f7019a7b305cff275aed802a2ca

SHA1
d2b955656a234b507e8fe9d41395fbb97701ba43

SHA256
0a2d4aaab11291d99542e74689bc6265bb2a7922d8870167bdcc3210f0627273

SHA512
3980747d2acad456b3c5fb6ad3550c9f1520bc54c5ff68d0137d8e2682632e85f26ccd3703aab6c394bfd43f05e5699bc07240ab23e2492358363487bb68cfa5

Download Submit
C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe.config

Filesize
3KB

MD5
02a0ea3d50162a1acd4b064d186e953d

SHA1
b7c5580871b73c40283a96caef6d65b65b7bdd0b

SHA256
b160fc20f23f46a9b1a878dc40b3588ba75ea936e918e036c8012d1ef43c8274

SHA512
c7d533b1a921e5b54c250a05234fba7da5ef265afb180642e2a561c5ac24e27f19d3f7312bf29f4e2239f602a9d3440738988a823e377ba482737c824430064a

Download Submit
C:\Program Files (x86)\Avira\VPN\Defaults\ProductSettings.json

Filesize
1KB

MD5
f9eb282786f0c1d27f9f6ae8b448d4d1

SHA1
df4f115df8a7dc8ffc2d7dbdd9953170cb0f8b32

SHA256
7e84e38c4b147fa13e871249a9986c4621176ed0afc88c999901e354f603d096

SHA512
db8a15d8b7b830dd63819eea73aa160accee27dca61a4b9b76d30f9b4161d28307c47d1f412faad9f92d2b77c17832226c16e8db0bb1d413444de1e918692753

Download Submit
C:\Program Files (x86)\Avira\VPN\Messaging.dll

Filesize
36KB

MD5
198703a2aa65565b3c6232add7d9d22d

SHA1
b161ab7056be4892ca92bea1d3ce21d228c4641f

SHA256
304c76f16380cdfbe2a1adbbd36f3a9e3a9bcd8c6901a400f0add66027f885b7

SHA512
603594e89f1e23d5f649a65d8cb8fbf25bdbc7be4213b436c9bc14518fe81d2eed9393c051f1b97ccb6725ed62bee811b88f9c70262d03f5015b3aebc951f591

Download Submit
C:\Program Files (x86)\Avira\VPN\Newtonsoft.Json.dll

Filesize
693KB

MD5
a358964e94bf3cb71172d6776f28fc3d

SHA1
9f16e876559759cdb52a0cb05db6528dd8f1951c

SHA256
cdf68de50fc05055120968d89dfa40f0dcd0a052fe381de1daa312e84b6e41f4

SHA512
5de2c65e1e14443ebcff3f09bc7639c7bf9f1033b11533229df610480c9149292cc3336902102c9983368914e92a49a76edfae493b0378e7212e69e3e808c6ca

Download Submit
C:\Program Files (x86)\Avira\VPN\Serilog.Sinks.File.dll

Filesize
35KB

MD5
97f20eb6f1c67873802f0851859e2aed

SHA1
45e83bdbc9c6d992df5bb7233e9a0f8f661c38b2

SHA256
d1a929b7aa1b1cfa330a33b3c1f238fb1fcf73c7bd9d43bc3579ad8a9625d824

SHA512
0180e31bf95e1ecc6cffc90cbab5b736c61d86bd5b0ac23ae9f3ac7f7602e2b63a0e6f579ff7105f891547deb9beb8bd86fd16995cea4b62b80439a56f7cb761

Download Submit
C:\Program Files (x86)\Avira\VPN\Serilog.dll

Filesize
150KB

MD5
a4cb9f0cd0a7f720cadb28c07542d3de

SHA1
39d5a8fc0474224211db95fa80c6c7d12864c8a8

SHA256
f14f61e815adbb6403ff70941c7d98f1836792dcd4cdf1fbc77f9164694fc932

SHA512
1044a204a3ba81739cb3d937571d9f70fa92e45c754341b35fbbdd5d604ccf8c005b7c92877437f9a827b8ab478627a08c3dca6bf5fa0bc9df72ce2f02f200ca

Download Submit
C:\Program Files (x86)\Avira\VPN\ServiceStack.Text.dll

Filesize
199KB

MD5
537b82928ce015be0594e07587267e41

SHA1
4203b59a6563832db4c012e62e09a66501f8ee62

SHA256
93003778ab63e158cc18b86066e8fbb2c0104cae570dc3f53aa56b38faf41817

SHA512
a073f4b23a1ade5cd27972996fd1b1feeb50c0a04a1c6640124b62cfc2b8b911e793bdbd673147cd89d8ef67b87eaa51668e540f287bdf4d7bb33092aa9d1fd4

Download Submit
C:\Program Files (x86)\Avira\VPN\SharpRaven.dll

Filesize
100KB

MD5
e66983a1cceb2c7cd3f7e3448957d9f6

SHA1
b97981265121322034e04f567faf39cbdbd19679

SHA256
5521dc13a0264e2f178e205b2fbf76c57ed34ef650bd7508348cba0c9f6b2dd6

SHA512
455fe9b542faca8f4add763de2df1fdb4c8b5371e3cdd8df9fda6d743e9c59c22f45a13097159aa92e6fe4d75c2c62aa1192d029368fd4ae58ce4d3f0a2052f2

Download Submit
C:\Program Files (x86)\Avira\VPN\System.Diagnostics.DiagnosticSource.dll

Filesize
169KB

MD5
8a260507f7fe8815fdfd66b97678ddaf

SHA1
2d0893fd0b2cc6c4e83d90ac8ef114bdf229d3e7

SHA256
30fbf5b1aa8736badeebb85a2e630dc44b65659564d6e8399a71a887e2244b98

SHA512
379adb0692dfa46e399e28fe2ea9a0f0a2106f6b5c6b74456f376726d921f3e44cee3c9489fc774ed4b1dad5cbc24247b5e1c2ad2d6efe9cbff469f9eaa44024

Download Submit
C:\Program Files (x86)\Avira\VPN\VPN.Core.dll

Filesize
189KB

MD5
8f1a73c4442f53bd832f667cbf7362b6

SHA1
982ff05d84a8cdf471b6d19364d7a578b1b114de

SHA256
eb61c5d1dc6c5d3172d6dba527f422b44aada039ff7a8c5abbe9784a251420f9

SHA512
43c3ac23318748d2955e42f998be16dfe4f786932f69743e5fcba48223086c90b7ff1e62d785a102e2fa2eca314e20b921b189e15e9e489e4c55635117116fd3

Download Submit
C:\Program Files (x86)\Avira\VPN\en-US\Avira.VpnService.resources.dll

Filesize
21KB

MD5
05d0d2f37e6b683e59cdfd05bcb3b08a

SHA1
b21b207367d0b5dba10d67e9bcc5c29175aa6ab9

SHA256
57b7256eec2eb64deb1f52ecc3ea529c061b99ae009e4a28f70ad76ce565cbc4

SHA512
4c1fa9a21599cc86d4de858d4adb870135be706394a009241425d166c417b9216393ec721ac9f4e2e6659f1d39036672d582a11265a57c715b592f60f5399070

Download Submit
C:\Program Files (x86)\Avira\VPN\lrepacks.dll

Filesize
3KB

MD5
806d697d22bae29e300ef1c0cf0d4dfa

SHA1
d03676f772dc82e17acf2f1681f847bac015b260

SHA256
2bf947b782b448750b619ef75117efaf252538782f9e67c760b295f11affe1be

SHA512
568d28de46af2475f0b5bd9b0041c45a7f69c823f539d4d0eccf918877a02b7ecac4db1c0467bdb36d4de67fc3e98d36f362647d6ddaaace78f7e8b3b37d5d3e

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.backup

Filesize
415B

MD5
4c80e60049f27cd39c60665a801eb514

SHA1
13232b6c83686c14002afaa1662e1db86481ceb0

SHA256
7ab90de6791fa1e6e6a67f8739dd651ed647f04d8a4e62662ce5b4d29ee7e2ee

SHA512
6f023dfff3610a8190d0165637368cec7cb3053509a57ac404dc37350b2d4c2c83e36e4a289da0b8114fc2120b283fc4bc97a84a69378b619fc9e4f11f91ef49

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

Filesize
520B

MD5
362feebbec545e2024ab2c7293327d54

SHA1
1d86ded75037b8197268a3445c35cb8af8ea9ff2

SHA256
1daf3a07609ad032ac8327748b6429ce9114e0f2d280400f229c55571b931a2b

SHA512
7ffb0abeaa054a2a53d74ffb9d59e91f3a62bb23fafd0738f1592c5f36561f5dccdba84fe4e9b390713d3b5911885ecc9692fbe7bb196579592cebf0f6cb576c

Download Submit
C:\ProgramData\Avira\VPN\VpnPrivateSettings.config

Filesize
5KB

MD5
9f5916b2b08deafeaa6e7f3e1c3025c6

SHA1
096d65bea647e0543b2190ccb06135a3a835879b

SHA256
668e349994789f4c5db8283f56295a0a0972a8e39a39ee2a2daae2decb6436e7

SHA512
e76036378d32d4005d179435508532c709a0f526f9f290c322e487ae453c209b09cb05e70fd49d03af0846c4e5572b2aa62e2094d32bb9c3d90a27dac442ef32

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
233B

MD5
2aeda6002125b02dc2806778f753e8ca

SHA1
03d1154b1b486acfcc920a0fb4573c2d0e981e0e

SHA256
85d21fd5fbd5a5f56168181ce8a148b556f5cb0f39da413a5abe5c87e101fad2

SHA512
f5043c199df5a0031323c4c651c20a83e73bc53b67d413b1e952e0ca6341a0a723d1d4137ed5b61d764648df68105bf3d7222fb785a8b531da6e3aa9a4c029dd

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
275B

MD5
4b3b058d33bb3d7f67aad371a9c5e423

SHA1
581c108be6a2eebb697cddb11557a17e546465b4

SHA256
09ffddf315a77919d2486e12416fb1edc4e943ecfc20b2223f32f7437f3b4c4e

SHA512
071be9daeebaa96f82fdfe20663be4db1af07f6ae2119e0090b7f2457b60d186f8428d4e2277b2cec175faadbd58358eeca855197f976aaf2bb83f95c0a95923

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
305B

MD5
27277725ebfa5249ee7b06c379a05e60

SHA1
176c4896e1b45c5086a77850541afc9bd1620a6a

SHA256
1b2c7d9031e2dcb94675b64726910f69a75c61d68e051a2f48909ee0171988e9

SHA512
0a142eae69b2d14d3546ee1d96221649c58c179bd591788cb1bda3c9e6e761e6002352a871c1e52b95dc7638a9855855128a9b31cfb860b92c494209907e4bed

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
305B

MD5
9db7953ac04ca570fa04cbd0a5d3c76c

SHA1
4b5ceadebcd2839f57274fc8a85e7d71a4533cdd

SHA256
aab3c8d618483454661ce0c21def5fa7fce40c42f2f6c054c2d2f59263207982

SHA512
b464561d62b11b6f6526e51f29a421856a48db5b93bdeebde9cf5ffab1b708b91ce32a4eae75f7160fef06d22e094382c819ca57d76611fa2de26b45348db099

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
381B

MD5
78074ac9e155c7d51b222b612e5b8bdb

SHA1
665229bc5ab5a7492bf572b2703cd8a09eafb1e7

SHA256
c52a5c4785cba7fdd7e82bc460aa01f1b80c8a37fdd68bc04b4f5ff371e9627c

SHA512
220c7b421690bb4a50bd80fee0c1cff45bf778a7c4c8a5fc42c7a7b465e16b4b5b4616f73d90b905c7123ff639a4fae4ee465416c025e6f5f37e7b776207964d

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
381B

MD5
4409749866b53efc7714fbed11e55039

SHA1
ae792ba5e6d96998bf43020f804f3bf644e6e578

SHA256
14a0808154ed64ebf417cec03515f9bd8e192e2c7d5b83e39dd00b57e33ee23b

SHA512
d4784f47e6564de85815d2f8953d8c9d09f95e44d693b3a4194dff7b2b302c6b8a940659c64d08b75c81d3e69b48f9040558b144b3f8358803ed41b52a18d847

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
452B

MD5
6133e2e8ea1a78d40e80d6f7c537d018

SHA1
eedc41b01057f919597e12599640d919bec0106b

SHA256
0858303a9821cb298b678174a54105476067d30f8bcd19daf57dc912db441491

SHA512
381844282b7a1a546c8129441046d076428668da6f3a03e0cbaff87fe5da8639b79c364ede14f9f8f6f2895a693858b6c8d3eb7bc65835895a7ab97fbf3f085d

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
565B

MD5
0378d97dc5566b23bcff769017f3b21a

SHA1
88d59b21b6e70d56437cfda0706f39dfce67f4d3

SHA256
86b52fce3bbe5dfdeecd705bdf0816a9b5e5438b4d3c48bded533e21d891fbc3

SHA512
fe9f748ec0693d9912e246a5f235e13b04c641664ac3178e8a9f04ddde02f0742bb8293325e9a48cec1d4afac3dbed993ec81c8b12ed878fc33dd02d5457b826

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
632B

MD5
305569ab38ed10a20f5ca600ccf2006f

SHA1
4b5f49886a4c0f68d1c36e0c290b3e59134f88eb

SHA256
974bc832f8c43f3eb5572b3b67f9ee313c8bfae4deeb373c7453f310affc8f87

SHA512
20dfea5b6e4337a005b8dd2b772cf94183f97643928fbff7fdde43d9188571fbea0d1a1c3f09c1421008b1cbb8aa285b00a31526f1b20c089b3082127eccb3d1

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
670B

MD5
79f6eb5eb90e2751c4ca408e30649fc0

SHA1
00d51a4803bc4849185030e444670ce4456c9a86

SHA256
43fb8c61561738f86d9383e215d8a58497474ecfb7b15af2bd382b012f09bc6f

SHA512
a8af7543c2358ae367e6707cdfaf12a5560e21211b54b6405ca337dcde1317117601e971f8a43ed2c27b1b7cbcca74ae3666b6c75133d75f5fa3a3deb0bd6d91

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
741B

MD5
b5d1aab3d06c6b8f0033e317fd54c3c6

SHA1
79092c3cbb5d14b42835a5042f150dde638c8293

SHA256
c917903acf461d16160acbfa56242e361ab0dc25d56cc4ff97a04b2b5b9b7988

SHA512
111d9bd56a0150f4072fdac57d2f72b5f26cb8aa4d90c59fc24b9470b858ef36a47ace23775cd05fb79e196b80dfc1b65424a8d38d79044a4765e261d8e9b02f

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
815B

MD5
739285e3b1981ce38b54a1d2341cde6c

SHA1
479a2608b3bac76a761631e0e07fd59a566d4a40

SHA256
39c9e0aaaab2d23a5c8ec5991c1b9e7c3f0c98f63ac46cfebffe1f2d816697e2

SHA512
40a3180fd5137b9f4eecc2a1eb1cdad2e25ab1430ee95f782b50361a7aae2d5f595915d2b00557b880c6f20fc991c2e334e945f821ddf8b4bb4c2acc7509697d

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
815B

MD5
2e7a748a79b959e2a8b1e72d314e658a

SHA1
940a04e97f8e987d11957ad0aae8c48b3ac9a3dd

SHA256
e1be210d524ea98cc45ba15f64d72cd8bccb2fae3c3ca270690a5e33f53d5de6

SHA512
d0c004ad79a404f6fd72d5c525d54faae3be9bd811229bab565da208eaf39e84fac55e965086e336eda1f5c512951d4f8d4c7061e4d3692ba1d798e4379c02ba

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
815B

MD5
12cd4c70efa2f96eb89762c902fd2bb6

SHA1
6738761fa6b919db3926fdc179eca9afa3774887

SHA256
68e721fdd5b2badcdd1cda20588eb3ab22b28775edcaa9f218e548a3fdfad214

SHA512
970d156bddfc1a20b6532a4cd68284784925e903d97207eb8ad6e4a2a78527213ba3bfd44e61c1bf158bbe45c20c0ff0dcd1ad0342e4931678823a21be7f5712

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.backup

Filesize
815B

MD5
2f2a3b65fd0ae454fbcce6a41fc094b2

SHA1
2504c207a02882bfdd4270fdedd0ed08def3465d

SHA256
411aeb2bca7abd668f0818b79bd30839f55bbd43e4f5deddb90bfcd61e5b1b95

SHA512
d074da161077a71d603004ab018ceb35808b669ad651f3273d6e1d3ed55d684c602250712e89c0b2c980ec669593c82fb3cd2a18439ec4f7551159c3125fa6da

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.config

Filesize
305B

MD5
924ec7be7bbaea837f0fd86ef17c8b27

SHA1
eb47f463ba11784efef9fe05a99e5e3f26538dff

SHA256
adbaa006e46cc5fe3963004523e14f1260d0e30dd9efa3006eb800a51678cb43

SHA512
6e71af8246dbf7e0bffddf2e1010da97c3cd7c659c2da197af9269e5a926b8809c71f5f2819d6462fc30866768f4f595e23195568643f004b2c953644ff06129

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.config

Filesize
495B

MD5
51336ff1b3a63b801f26af0e91cda7df

SHA1
b3e1ad58e3cb72d1992ddaef3e5b1b811c089496

SHA256
64333943fb379a67ebe3a783acb8bb4196e271ee0f1f6a6da535dc287d603366

SHA512
5a6a3810933797c8d5318eb301c05bcdc7def5d6247a98a768906f3d6b8544b55bd75e7529f067f559a9c2ad12a8114bc451bc5c40b0ee9a37ae0c5fcff54739

Download Submit
C:\ProgramData\Avira\VPN\VpnSharedSettings.config

Filesize
149B

MD5
4d61c78340457ff55625cd76f0da277f

SHA1
ab134a14eb6d22dfbafd6613c19b3637ccd975e8

SHA256
c92dd499a2daf869df9ff2651a27516d1141745e12c5d70b202d58069cbd72d6

SHA512
a3575e6ad118cb6d01fdc49f1efeaff88de631b3f5bdc95e36a47c3a0735b125ccaac31a997cac2dc1b526bd714e71f3eb2abe8f3f7fb26ffd45de6a267ef890

Download Submit
C:\ProgramData\Avira\VPN\vpndbg.log

Filesize
1KB

MD5
6dc0e038c7ca73cf34ebb5badfe9e83b

SHA1
850ba559ebee54a2df0d14f7ea2ece5385fc20c0

SHA256
0769894f23b4979497d05f5bda90b64306db1156ef95acc03c5af0ab6ed4c727

SHA512
56262e0a72b59c8e99fac97f29ef91acca4b1e68738814ecbd8fe4f4bd8395f3af06c5854a11f98ec9de3b98e4e5bfb981b0b152d17d661432e24b44a6147a65

Download Submit
C:\ProgramData\Avira\VPN\vpndbg.log

Filesize
1KB

MD5
699788f479c86ad3defdb69e21e34d86

SHA1
9529f66893b82e4b558b46d47ca48692c9b4f2e3

SHA256
583732d3d4c6622c23e3312b836a9c0dadbd15e2798b1acf39c3545fda1b2929

SHA512
abb16a4d5593cd02354eae231e278e4023b42d8cd66c73adabede2fdb2f10aff3024da11511d415121132ceb051e26d609738e19a5799bca82149eb9801305fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Avira.WebAppHost.exe.log

Filesize
1KB

MD5
3748103e2925e6312e99ac3bd97c9b19

SHA1
7ba5913e49401aa641d39ae723dba5052a062b01

SHA256
8b762acc09669729fd978c308fd48bfffa345688fa47b75a8182664c6268c904

SHA512
fbf9aa49f64b60e5b39657a443f4b46871a2d4116ec17dea8dd85392d562359bd80aa1b928613ed976f2abed7216bf2c5496de28f37303580ba1058b413a6272

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DD1VB.tmp\Avira Phantom VPN 2.44.1.19908.tmp

Filesize
911KB

MD5
02c5691af81933ce36735946e3ed1ea4

SHA1
2faed8d51a0800f127e424bfba9d44bab6aee1b2

SHA256
e1f5e87796c015e567153db6b994a35a34b0819b1093d1ea12064ee35102c42d

SHA512
ebde4772c94f5199a2936f8fdbcf80e57d11a820276b1e1323fbcde6d192cd89bcc69a441cff17e26d688427fe05e62cc858e896c0647d93c9e2ebe74a6e6749

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q86IJ.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q86IJ.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/1548-1167-0x000002787FB10000-0x000002787FB18000-memory.dmp

Filesize
32KB

Download
memory/1548-1210-0x0000028080650000-0x0000028080DF6000-memory.dmp

Filesize
7.6MB

Download
memory/1548-1046-0x000002787F640000-0x000002787F70E000-memory.dmp

Filesize
824KB

Download
memory/2400-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2400-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4220-64-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/4220-62-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-88-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-89-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-92-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-97-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-98-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-52-0x0000000007290000-0x0000000007291000-memory.dmp

Filesize
4KB

Download
memory/4220-53-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-854-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-55-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/4220-54-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-68-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-9-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-75-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-17-0x0000000006B70000-0x0000000006B86000-memory.dmp

Filesize
88KB

Download
memory/4220-23-0x0000000006DA0000-0x00000000070BA000-memory.dmp

Filesize
3.1MB

Download
memory/4220-76-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/4220-27-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-77-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-30-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-37-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/4220-33-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-38-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-32-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-39-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-40-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/4220-31-0x0000000007220000-0x0000000007221000-memory.dmp

Filesize
4KB

Download
memory/4220-29-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-41-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-42-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-43-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/4220-28-0x0000000007210000-0x0000000007211000-memory.dmp

Filesize
4KB

Download
memory/4220-26-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-44-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-25-0x0000000007200000-0x0000000007201000-memory.dmp

Filesize
4KB

Download
memory/4220-46-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/4220-51-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-47-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-48-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-49-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/4220-45-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-36-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-57-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-58-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/4220-35-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-59-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-34-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/4220-61-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/4220-87-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4220-63-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-65-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-50-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-66-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-60-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-67-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/4220-56-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-69-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-70-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/4220-84-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-71-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-72-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-73-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/4220-74-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-78-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-83-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-79-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/4220-82-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/4220-80-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-81-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/4220-1113-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/5708-1048-0x0000019FF7D00000-0x0000019FF7D1E000-memory.dmp

Filesize
120KB

Download
memory/5708-973-0x0000019FDE6B0000-0x0000019FDE6DA000-memory.dmp

Filesize
168KB

Download
memory/5708-1117-0x0000019FF7D50000-0x0000019FF7D5C000-memory.dmp

Filesize
48KB

Download
memory/5708-1119-0x0000019FF7E60000-0x0000019FF7E8A000-memory.dmp

Filesize
168KB

Download
memory/5708-1121-0x0000019FF7E90000-0x0000019FF7EA2000-memory.dmp

Filesize
72KB

Download
memory/5708-1123-0x0000019FF7E30000-0x0000019FF7E3E000-memory.dmp

Filesize
56KB

Download
memory/5708-1131-0x0000019FF7E50000-0x0000019FF7E5A000-memory.dmp

Filesize
40KB

Download
memory/5708-1192-0x0000019FF8350000-0x0000019FF839A000-memory.dmp

Filesize
296KB

Download
memory/5708-1128-0x0000019FF7FE0000-0x0000019FF808A000-memory.dmp

Filesize
680KB

Download
memory/5708-1125-0x0000019FF7EF0000-0x0000019FF7F26000-memory.dmp

Filesize
216KB

Download
memory/5708-1074-0x0000019FF7D20000-0x0000019FF7D2E000-memory.dmp

Filesize
56KB

Download
memory/5708-1001-0x0000019FF6EF0000-0x0000019FF6EF8000-memory.dmp

Filesize
32KB

Download
memory/5708-1115-0x0000019FF7D30000-0x0000019FF7D3E000-memory.dmp

Filesize
56KB

Download
memory/5708-1127-0x0000019FF7E40000-0x0000019FF7E48000-memory.dmp

Filesize
32KB

Download
memory/5708-1076-0x0000019FF7D40000-0x0000019FF7D4A000-memory.dmp

Filesize
40KB

Download
memory/5708-1000-0x0000019FF7B60000-0x0000019FF7B8E000-memory.dmp

Filesize
184KB

Download
memory/5708-998-0x0000019FDE610000-0x0000019FDE620000-memory.dmp

Filesize
64KB

Download
memory/5708-996-0x0000019FDE650000-0x0000019FDE66C000-memory.dmp

Filesize
112KB

Download
memory/5708-981-0x0000019FDE630000-0x0000019FDE644000-memory.dmp

Filesize
80KB

Download
memory/5708-979-0x0000019FDE060000-0x0000019FDE06C000-memory.dmp

Filesize
48KB

Download
memory/5708-977-0x0000019FF6DB0000-0x0000019FF6DD2000-memory.dmp

Filesize
136KB

Download
memory/5708-975-0x0000019FF79A0000-0x0000019FF7A52000-memory.dmp

Filesize
712KB

Download
memory/5708-967-0x0000019FDE030000-0x0000019FDE05A000-memory.dmp

Filesize
168KB

Download
memory/5708-971-0x0000019FDE020000-0x0000019FDE028000-memory.dmp

Filesize
32KB

Download
memory/5708-1047-0x0000019FF7D60000-0x0000019FF7DD6000-memory.dmp

Filesize
472KB

Download
memory/5708-969-0x0000019FDE670000-0x0000019FDE6A6000-memory.dmp

Filesize
216KB

Download
memory/5708-965-0x0000019FDDB90000-0x0000019FDDBEC000-memory.dmp

Filesize
368KB

Download