download:

/download/spotlight-windows-bootstrapper/avira.exe

Full analysis: https://app.any.run/tasks/c927d2cf-b3a0-4b13-9ba0-147b3857ad80
Verdict: Malicious activity
Analysis date: March 26, 2025, 23:49:54
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

649799A52C3C50DEB20BFB9672892F2B

SHA1:

E38249AD36CDB3BD13F34221030A14EEA3885360

SHA256:

072D2D633DB3682F64A4D3F6CE048781C11A4238E98683EDEF321D6F85DCBC34

SSDEEP:

98304:2JEWOATmyqtAs+7Vsp168Ivhki/NWmU8MkbwvMV5gnnb0yr2yyig5FIEz4IEoqpb:vUiKXF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • avira.exe (PID: 2284)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • avira.exe (PID: 2284)

    • Executable content was dropped or overwritten

      • avira.exe (PID: 2284)
      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Reads security settings of Internet Explorer

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Adds/modifies Windows certificates

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • The process verifies whether the antivirus software is installed

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • There is functionality for taking screenshot (YARA)

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 7892)

    • Searches for installed software

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

  • INFO

    • Reads the computer name

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Create files in a temporary directory

      • avira.exe (PID: 2284)
      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Checks supported languages

      • avira.exe (PID: 2284)
      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)
      • ACSSIGNEDIC.EXE (PID: 6988)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 7892)

    • Reads the machine GUID from the registry

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Disables trace logs

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Checks proxy server information

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)

    • Creates files in the program directory

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 7892)

    • Reads the software policy settings

      • AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE (PID: 6480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:19 09:54:06+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 335360
InitializedDataSize: 6500352
UninitializedDataSize: -
EntryPoint: 0x2ab00
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.51.762
ProductVersionNumber: 1.0.51.762
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Avira Operations GmbH
FileDescription: Avira Security
FileVersion: 1.0.51.762
InternalName: avira.exe
LegalCopyright: Copyright © 2025 Avira Operations GmbH and its Licensors
OriginalFileName: avira.exe
ProductName: Avira Security
ProductVersion: 1.0.51.762
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
9
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start avira.exe avira.spotlight.bootstrapper.exe schtasks.exe no specs conhost.exe no specs sppextcomobj.exe no specs slui.exe no specs acssignedic.exe no specs microsoftedgewebview2runtimeinstallerx64.exe no specs avira.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2284"C:\Users\admin\AppData\Local\Temp\avira.exe" C:\Users\admin\AppData\Local\Temp\avira.exe
explorer.exe
User:
admin
Company:
Avira Operations GmbH
Integrity Level:
HIGH
Description:
Avira Security
Version:
1.0.51.762
Modules
Images
c:\users\admin\appdata\local\temp\avira.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3176"C:\Users\admin\AppData\Local\Temp\avira.exe" C:\Users\admin\AppData\Local\Temp\avira.exeexplorer.exe
User:
admin
Company:
Avira Operations GmbH
Integrity Level:
MEDIUM
Description:
Avira Security
Exit code:
3221226540
Version:
1.0.51.762
Modules
Images
c:\users\admin\appdata\local\temp\avira.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4408"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5380C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
6480"C:\Users\admin\AppData\Local\Temp\.CR.21206\Avira.Spotlight.Bootstrapper.exe" "C:\Users\admin\AppData\Local\Temp\.CR.21206\Avira.Spotlight.Bootstrapper.exe" OriginalFileName=avira.exeC:\Users\admin\AppData\Local\Temp\.CR.21206\AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
avira.exe
User:
admin
Company:
Avira Operations GmbH
Integrity Level:
HIGH
Description:
Avira Security
Version:
1.0.51.762
Modules
Images
c:\users\admin\appdata\local\temp\.cr.21206\avira.spotlight.bootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6944"C:\WINDOWS\system32\schtasks.exe" /Create /Xml "C:\Users\admin\AppData\Local\Temp\.CR.21356\Avira_Security_Installation.xml" /F /TN "Avira_Security_Installation"C:\Windows\SysWOW64\schtasks.exeavira.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6988"C:\Users\admin\AppData\Local\Temp\.CR.21206\ACSSignedIC.exe"C:\Users\admin\AppData\Local\Temp\.CR.21206\ACSSIGNEDIC.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
User:
admin
Company:
Avira Operations GmbH
Integrity Level:
HIGH
Description:
ASCSigned
Exit code:
0
Version:
255.255.255.255
Modules
Images
c:\users\admin\appdata\local\temp\.cr.21206\acssignedic.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\kernel.appcore.dll
7892"C:\Users\admin\AppData\Local\Temp\.CR.21206\93370ea4-d6cb-4b34-bbf9-cae882190248\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /installC:\Users\admin\AppData\Local\Temp\.CR.21206\93370ea4-d6cb-4b34-bbf9-cae882190248\MicrosoftEdgeWebView2RuntimeInstallerX64.exeAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\temp\.cr.21206\93370ea4-d6cb-4b34-bbf9-cae882190248\microsoftedgewebview2runtimeinstallerx64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
60 781
Read events
60 511
Write events
254
Delete events
16

Modification events

(PID) Process:(2284) avira.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.Bootstrapper.exe
Operation:writeName:NoStartPage
Value:
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
Operation:writeName:telemetry
Value:
ffd8583be8104973b303e14e61c2fccd23a25368
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6480) AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
Executable files
4
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
6480AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEC:\Users\admin\AppData\Local\Temp\.CR.21206\93370ea4-d6cb-4b34-bbf9-cae882190248\83f0709a-16bc-4c6e-8fdb-f7d06682896d.tmp
MD5:
SHA256:
6480AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEC:\Users\admin\AppData\Local\Temp\.CR.21206\93370ea4-d6cb-4b34-bbf9-cae882190248\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
MD5:
SHA256:
6480AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEC:\Users\admin\AppData\Local\Temp\.CR.21206\c6e51369-dcec-41e2-8d2b-0bc3ea4743f1\95ba6df5-5c23-456c-b6d4-fb3c935e4269.tmp
MD5:
SHA256:
6480AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEC:\Users\admin\AppData\Local\Temp\.CR.21206\c6e51369-dcec-41e2-8d2b-0bc3ea4743f1\avira_spotlight_setup.exe
MD5:
SHA256:
6480AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEC:\Users\admin\AppData\Local\Temp\.CR.21206\72d71a9b-50e0-4a15-89e7-84e3bbe999d1\avira.exeexecutable
MD5:649799A52C3C50DEB20BFB9672892F2B
SHA256:072D2D633DB3682F64A4D3F6CE048781C11A4238E98683EDEF321D6F85DCBC34
2284avira.exeC:\Users\admin\AppData\Local\Temp\.CR.28870\avira.exeexecutable
MD5:649799A52C3C50DEB20BFB9672892F2B
SHA256:072D2D633DB3682F64A4D3F6CE048781C11A4238E98683EDEF321D6F85DCBC34
6480AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEC:\Users\admin\AppData\Local\Temp\.CR.21206\72d71a9b-50e0-4a15-89e7-84e3bbe999d1\7b4d149a-401d-46c9-aaae-54329e292236.tmpexecutable
MD5:649799A52C3C50DEB20BFB9672892F2B
SHA256:072D2D633DB3682F64A4D3F6CE048781C11A4238E98683EDEF321D6F85DCBC34
2284avira.exeC:\Users\admin\AppData\Local\Temp\.CR.21356\Avira_Security_Installation.xmlxml
MD5:81386D97947AE75AA53C57626D6E3896
SHA256:5199D71390C8638D58D00E46BA7125EBEFB7466DEA64C463A7953F9D6F5C779A
2284avira.exeC:\Users\admin\AppData\Local\Temp\.CR.28870\Avira.Spotlight.Bootstrapper.Runner.exe.configxml
MD5:58410F4F50391A09970644AC99DC692C
SHA256:CDDC4ED76E18D72D144809A86CADE27F7B5AA1833B7900E40739B59852999245
2284avira.exeC:\Users\admin\AppData\Local\Temp\.CR.28870\Avira.Spotlight.Bootstrapper.Runner.exeexecutable
MD5:407F41B6A9EB7A24901FA21FAC8F702D
SHA256:1365F3E0584E86E68E434BD7815172DFD9631010F831106A6BB955BD2BCAA720
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
28
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6456
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
7604
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7604
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.172.255.218:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
20.190.160.66:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
6480
AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
3.124.99.209:443
dispatch.avira-update.com
AMAZON-02
DE
suspicious
6480
AVIRA.SPOTLIGHT.BOOTSTRAPPER.EXE
3.120.69.136:443
api.my.avira.com
AMAZON-02
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
google.com
  • 216.58.206.78
whitelisted
client.wns.windows.com
  • 172.172.255.218
whitelisted
login.live.com
  • 20.190.160.66
  • 40.126.32.136
  • 40.126.32.140
  • 40.126.32.76
  • 20.190.160.2
  • 20.190.160.14
  • 20.190.160.130
  • 40.126.32.133
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 2.17.190.73
whitelisted
dispatch.avira-update.com
  • 3.124.99.209
  • 18.157.246.64
unknown
api.my.avira.com
  • 3.120.69.136
  • 3.127.193.239
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.16.168.116
  • 2.16.168.117
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
/download/spotlight-windows-bootstrapper/avira.exe