Overview

overview

10

Static

static

Bitdefende...88.exe

windows10_x64

10

Bitdefende...88.exe

windows10_x64

10

Resubmissions

31-12-2021 07:48

211231-jndpasfbgk 10

Analysis

  • max time kernel
    174s
  • max time network
    177s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    31-12-2021 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bitdefender.Antivirus.v25.0.26.88.exe

  • Size

    12.9MB

  • MD5

    2ed1a518f5711a6d76fd5e038be96f9e

  • SHA1

    c66900065762296fae037716e283f5cab5e1db9a

  • SHA256

    590d385c35a94e2292fdf6d5c805874b3bdd9f1ae0ca4883ef036b3a8d23d72d

  • SHA512

    44b81e24bca1fb6d9fcfad8ca69ec5a5867c60ce95b04b367c0bb7a8e56b706f1b85b4c82b83c124d62d80734d47af62f0e34aaae73ebb293446a34a4d7becf2

Score
10/10
discoverypersistenceransomware

Malware Config

Extracted

Path

C:\Program Files\Bitdefender Antivirus Free\lang\en-us\eula.html

Ransom Note
 <h3 style="background-image: url();"><!--BEGIN_TRANSLATABLE_TEXT-->LICENSE AGREEMENT<!--END_TRANSLATABLE_TEXT--></h3><hr> <div> <p><!--BEGIN_TRANSLATABLE_TEXT-->NOTICE TO ALL USERS: PLEASE READ THIS AGREEMENT CAREFULLY.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->BY OPENING THIS PACKAGE, BREAKING THE SEAL, BY SELECTING "I ACCEPT", "OK", "CONTINUE", "YES" OR BY INSTALLING OR USING THE SOFTWARE IN ANY WAY, YOU ARE INDICATING YOUR COMPLETE UNDERSTANDING AND ACCEPTANCE OF THE TERMS OF THIS AGREEMENT. If the Software is downloaded from the websites (for paid or trial use purposes), this Agreement will be accepted and a contract formed when you selects an "I Accept", "OK" or "Yes" button or box below prior to download or installation.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS DO NOT INSTALL OR ACCESS THE SOFTWARE OR OTHERWISE INDICATE REFUSAL, MAKE NO FURTHER USE OF THE SOFTWARE, AND CONTACT YOUR VENDOR OR CUSTOMER SERVICE, FOR INFORMATION ON HOW TO OBTAIN A REFUND OF THE MONEY YOU PAID FOR THE SOFTWARE AT ANY TIME DURING THE THIRTY (30) DAYS PERIOD FOLLOWING THE DATE OF PURCHASE.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->PRODUCT REGISTRATION. By accepting this Agreement, You agree to register Your Software. Registration requires a valid product serial number and a valid email address for renewal and other notices.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->The Bitdefender Account is necessary for the activation of the online features, as stated in the Product Documentation.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->You warrant that you are the legal owner of the device and you have all the legal rights to create your account. Please acknowledge that installing on your device Software, and taking in consideration the security policies and rules selected by you, you may experience access restrictions to device and data loss due to remote device lock or wipe commands applied by the administrator of the account manually through security policies. You as administrator( have the right to monitor your device, locate it on map, enforce screen lock and authentication, lock and wipe device, encrypt media storage, scan applications and file on your device. Bitdefender shall not be held responsible for any damages resulting from privacy, data loss caused to you.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->This License Agreement covers Bitdefender Products for home-users licensed to you, including related documentation and any update and upgrade of the applications delivered to you under the purchased license or any related service agreement as defined in the documentation and any copy of these items.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->The Bitdefender Product offers an Internet control software which shall be software installed on your device ( computer, mobile, mobile computer device) that intercepts Internet-bound traffic, to monitor traffic and permits You to limit access to certain content. The software on Your personal device connects to a server network infrastructure and then send it to Bitdefender servers for categorization.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->The Bitdefender Product may allow you to track the device location, disable access to the device, transmit images that have been capture with the camera of your device or voice records that have been recorded by the recorder of your device (if available). You may not use the services to gain unauthorized access, to upload, transmit, transfer data or information to Bitdefender or third parties by any means. You agree that your use of these services will be in compliance with any laws which are applicable to you.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->This License Agreement is a legal agreement between you (either an individual or a legal person) and BITDEFENDER for use of BITDEFENDER's software product identified above, which includes software and services for your device, and may include associated media, printed materials, and "online" or electronic documentation (hereafter designated as "Bitdefender Product"), all of which are protected by international copyright laws and international treaties. By installing, copying or using Bitdefender Product, you agree to be bound by the terms of this Agreement.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->GRANT OF LICENSE. Bitdefender Product is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. Bitdefender Product is licensed, not sold. This agreement only gives You some rights to use Bitdefender Product. Bitdefender reserves all other rights. Unless applicable law gives you more rights despite this limitation, You may use Bitdefender Product only as expressly permitted in this Agreement.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->Bitdefender hereby grants you and only you the following non-exclusive, limited, non assignable, non-transferable, non-sublicensable and royalty-bearing license to use Bitdefender Product.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->You will have certain rights to use the Bitdefender Product during the License Period, which shall begin on the date of Your initial installation of the Bitdefender Product regardless of the number of copies that You are permitted to use, and shall last for the period of time set forth in the Documentation or the applicable transaction documentation from the Bitdefender distributor or reseller from which You obtained the Bitdefender Product. The Bitdefender Product may automatically be deactivated at the end of the License Period, and You will not be entitled to receive any feature or content updates to the Bitdefender Product.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->You can use one copy of the Bitdefender Product on a single device. If a greater number of copies and/or number of devices is specified within the sale transaction documentation from the authorized distributor or reseller from which You obtained the Bitdefender Product (Permitted Number), You shall have the right to copy the Bitdefender Product in accordance with such specifications;<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->You can make one copy of the Bitdefender Product for back-up or archival purposes; If the Bitdefender Product supports multiple platforms or languages, if you receive the Bitdefender Product on multiple media, if you otherwise receive multiple copies of the Bitdefender Product, or if you receive the Bitdefender Product bundled with other software, the total number of your Devices on which all versions of the Bitdefender Product are installed may not exceed the Permitted Number.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->During the installation process, the Bitdefender Product may uninstall or disable other security products if such products or features are incompatible with Bitdefender Product.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->TRIAL LICENSE. If You are a trial user, You may use Bitdefender Product for evaluation or testing purposes in a non-production environment for thirty (30) days from the date You download Bitdefender Product (the "Trial Period"). During the Trial Period, You are entitled to web or email based technical support in the country where You are located and to Updates, if applicable. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, BITDEFENDER PRODUCT AND ANY SERVICES AND RELATED DOCUMENTATION USED FOR EVALUATION PURPOSES ARE PROVIDED TO YOU "AS IS" WITHOUT WARRANTIES OF ANY KIND. Your right to use Bitdefender Product ends when the Trial Period ends or if You violate any term of this Agreement. Upon termination of the Evaluation Period, You must delete or destroy all copies of Bitdefender Product and documentation and stop using the Service. Your obligations and rights under this Agreement will continue to apply after the end of the Trial Period.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->TERMS OF LICENSE. You will have certain rights to use the Bitdefender Product during the License Period, which shall begin on the date of Your initial installation of the Bitdefender Product regardless of the number of copies that You are permitted to use, and shall last for the period of time set forth in the Documentation or the applicable transaction documentation from the Bitdefender distributor or reseller from which You obtained the Bitdefender Product. The Bitdefender Product may automatically be deactivated at the end of the License Period, and You will not be entitled to receive any feature or content updates to the Bitdefender Product.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->If you have agreed to permit Bitdefender to automatically renew your subscription to Bitdefender Product by charging a valid credit card number which you have provided to Bitdefender, your subscription will be automatically renewed thirty (30) days prior to the expiration of the term and each anniversary thereafter for a fee no greater than Bitdefender's then-current price, excluding promotional and discount pricing. You must provide current, complete and accurate information for your billing account. You must promptly update all information to keep your billing account current, complete, and accurate (such as, but not limited to a change in billing address, credit card number, or credit card expiration date), and you must promptly notify Bitdefender if your credit card is canceled (such as, but not limited to for loss or theft). If you fail to provide Bitdefender any of the foregoing information, you agree that Bitdefender may continue charging you for any subscription automatically renewed unless you inform Bitdefender's Customer Care department at http://www.Bitdefender.com/site/Main/contactForm/ (or any other local number provided by the respective Bitdefender entity in your region) not to renew your subscription to Bitdefender Product at least thirty (30) days prior to the expiration of your subscription to Bitdefender Product and informing them of your desire not to have such subscription automatically renewed. This Agreement will terminate automatically if you fail to comply with any of the limitations or other requirements described herein. Upon any termination or expiration of this Agreement, you must cease use of Bitdefender Product and destroy all copies of Bitdefender and the Documentation.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->UPGRADES. If Bitdefender is labeled as an upgrade, you must be properly licensed to use a product identified by BITDEFENDER as being eligible for the upgrade in order to use Bitdefender Product. A Bitdefender Product labeled as an upgrade replaces and/or supplements the product that formed the basis for your eligibility for the upgrade. You may use the resulting upgraded product only in accordance with the terms of this License Agreement. If Bitdefender Product is an upgrade of a component of a package of software programs that you licensed as a single Bitdefender Product may be used and transferred only as part of that single product package and may not be separated for use by more than the total number of licensed users. The terms and conditions of this license replace and supersede any previous agreements that may have existed between you and BITDEFENDER regarding the original product or the resulting upgraded product.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->COPYRIGHT. All rights, titles and interest in and to Bitdefender and all copyright rights in and to Bitdefender (including but not limited to any code, images, photographs, logos, animations, video, audio, music, text, and "applets" incorporated into Bitdefender), the accompanying printed materials, and any copies of Bitdefender are owned by BITDEFENDER, with the understanding that rights, titles and interest in and to certain third party software identified in the accompanying Third Party License Terms are owned by their respective owners. Bitdefender is protected by copyright laws and international treaty provisions. Therefore, you must treat Bitdefender like any other copyrighted material. You may not copy the printed materials accompanying Bitdefender. You must produce and include all copyright notices in their original form for all copies created irrespective of the media or form in which Bitdefender exists. You may not sub-license, rent, sell, lease or share the Bitdefender license. You may not reverse engineer, recompile, disassemble, create derivative works, modify, translate, or make any attempt to discover the source code for Bitdefender, except as and only to the extent explicitly permitted by the licensing terms, identified in the accompanying Third Party License Terms, governing use of the third party software.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->TECHNICAL SUPPORT. Certain technical support features may be offered by Bitdefender for the license term of the Bitdefender Product and may include live chat with a technical support consultant and/or assistance from a technical support consultant via remote access. If such features are offered and You choose to access such Technical Support it shall be governed by the following conditions: Any such Technical Support shall be provided in Bitdefender's sole discretion without any guarantee or warranty of any kind. It is solely Your responsibility to complete a backup of all Your existing data, software and programs before receiving any Technical Support. In the course of providing the Technical Support, Bitdefender may determine that the technical issue is beyond the scope of the Technical Support. Bitdefender reserves the right to refuse, suspend or terminate any of the Technical Support in its sole discretion.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->LIMITED WARRANTY. BITDEFENDER warrants that the media on which Bitdefender is distributed is free from defects for a period of thirty days from the date of delivery of Bitdefender to you. Your sole remedy for a breach of this warranty will be that BITDEFENDER , at its option, may replace the defective media upon receipt of the damaged media, or refund the money you paid for Bitdefender. BITDEFENDER does not warrant that Bitdefender will be uninterrupted or error free or that the errors will be corrected. BITDEFENDER does not warrant that Bitdefender will meet your requirements.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, BITDEFENDER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE BITDEFENDER PRODUCTS, ENHANCEMENTS, MAINTENANCE OR SUPPORT RELATED THERETO, OR ANY OTHER MATERIALS (TANGIBLE OR INTANGIBLE) OR SERVICES SUPPLIED BY HIM. BITDEFENDER HEREBY EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES AND CONDITIONS, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOSS OF DATA, DEVICE FAILURE OR MALFUNCTION FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON INTERFERENCE, ACCURACY OF DATA, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION, AND NON INFRINGEMENT OF THIRD PARTY RIGHTS BY FILTERING, DISABLING, OR REMOVING SUCH THIRD PARTY'S SOFTWARE, SPYWARE, ADWARE, COOKIES, EMAILS, DOCUMENTS, ADVERTISEMENTS OR THE LIKE, WHETHER ARISING BY STATUTE, LAW, COURSE OF DEALING, CUSTOM AND PRACTICE, OR TRADE USAGE. Bitdefender is acting on behalf of its suppliers and marketing partners for the purpose of disclaiming, excluding and/or limiting obligations, warranties and liability as provided in this Agreement, but in no other respects and for no other purpose. The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.<!--END_TRANSLATABLE_TEXT--></p> <p><!--BEGIN_TRANSLATABLE_TEXT-->The Bitdefender Product, as provided under this Agreement, can contain features and functionalities that allows You t
Emails

[email protected].<!--END_TRANSLATABLE_TEXT--></p>

[email protected]<!--END_TRANSLATABLE_TEXT--></p>
URLs

http://www.Bitdefender.com/site/Main/contactForm/

Signatures

  • Downloads MZ/PE file
  • Drops file in Drivers directory 23 IoCs
  • Executes dropped EXE 32 IoCs
  • Sets file execution options in registry 2 TTPs
    persistence
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 10 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 28 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 44 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 33 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bitdefender.Antivirus.v25.0.26.88.exe
    "C:\Users\Admin\AppData\Local\Temp\Bitdefender.Antivirus.v25.0.26.88.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3468
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1300
        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
          "C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"
          4⤵
          • Executes dropped EXE
          PID:808
        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
          "C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Modifies system certificate store
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:648
          • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
            "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" protect
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4080
          • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
            "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" install
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1256
          • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
            "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enable
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1216
          • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
            "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" start "C:\Users\Admin\AppData\Local\Temp\Bitdefender.Antivirus.v25.0.26.88.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1396
  • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    "C:\Program Files\Bitdefender Agent\ProductAgentService.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Checks processor information in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:504
    • C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
      "C:\Program Files\Bitdefender Agent\DiscoverySrv.exe" install
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "C:\Program Files\Bitdefender Agent\DiscoveryComp.dll"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:3104
    • C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
      "C:\Program Files\Bitdefender Agent\DiscoverySrv.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      PID:3504
    • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
      "ProductAgentService.exe" login_silent
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1224
    • C:\Program Files\Bitdefender Agent\ProductAgentUI.exe
      ProductAgentUI.exe show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      PID:748
    • C:\Windows\TEMP\bd_49A7.tmp\hga49A8.tmp
      "C:\Windows\TEMP\bd_49A7.tmp\hga49A8.tmp" /source:web
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\BPInstaller.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BPInstaller.exe" -install -kitpath="C:\Windows\TEMP\bd_49A7.tmp\hga49A8.tmp" /source:web
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Program Files\Bitdefender Antivirus Free\kitinstaller\BPInstaller.exe
          "C:\Program Files\Bitdefender Antivirus Free\kitinstaller\BPInstaller.exe" -install -kitpath="C:\Windows\TEMP\bd_49A7.tmp\hga49A8.tmp" /source:web
          4⤵
          • Drops file in Drivers directory
          • Executes dropped EXE
          • Checks BIOS information in registry
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: LoadsDriver
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3012
          • \??\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe
            "\\?\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe" avf_get_agent_field --key="globalex" --field_name="lang"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:2156
          • C:\Program Files\Bitdefender Antivirus Free\kitinstaller\agentctrl.exe
            "C:\Program Files\Bitdefender Antivirus Free\kitinstaller\agentctrl.exe" avf_get_agent_field --key="globalex" --field_name="lang"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:3176
          • C:\Program Files\Bitdefender Antivirus Free\kitinstaller\agentctrl.exe
            "C:\Program Files\Bitdefender Antivirus Free\kitinstaller\agentctrl.exe" avf_get_agent_field --key="globalex" --field_name="lang"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1676
          • \??\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe
            "\\?\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe" avf_get_agent_field --key="globalex" --field_name="anon_id"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:3948
          • \??\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe
            "\\?\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe" avf_add_app --appid="com.bitdefender.avfree" --name="Bitdefender Antivirus Free" --status="disabled" --version="1.0.0.3"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:940
          • C:\Windows\SYSTEM32\InfDefaultInstall.exe
            InfDefaultInstall.exe .\gemma.inf
            5⤵
            • Drops file in Drivers directory
            • Adds Run key to start application
            PID:996
            • C:\Windows\system32\runonce.exe
              "C:\Windows\system32\runonce.exe" -r
              6⤵
              • Checks processor information in registry
              PID:532
              • C:\Windows\System32\grpconv.exe
                "C:\Windows\System32\grpconv.exe" -o
                7⤵
                  PID:3488
            • C:\Windows\SYSTEM32\rundll32.exe
              rundll32.exe syssetup,SetupInfObjectInstallAction BootInstall.Prevention 128 .\bddci.inf
              5⤵
              • Drops file in Drivers directory
              • Adds Run key to start application
              PID:1188
              • C:\Windows\system32\runonce.exe
                "C:\Windows\system32\runonce.exe" -r
                6⤵
                • Checks processor information in registry
                PID:2556
                • C:\Windows\System32\grpconv.exe
                  "C:\Windows\System32\grpconv.exe" -o
                  7⤵
                    PID:2264
              • C:\Windows\SYSTEM32\InfDefaultInstall.exe
                InfDefaultInstall.exe .\atc.inf
                5⤵
                • Drops file in Drivers directory
                • Adds Run key to start application
                PID:3168
                • C:\Windows\system32\runonce.exe
                  "C:\Windows\system32\runonce.exe" -r
                  6⤵
                  • Checks processor information in registry
                  PID:1280
                  • C:\Windows\System32\grpconv.exe
                    "C:\Windows\System32\grpconv.exe" -o
                    7⤵
                      PID:424
                • C:\Windows\SYSTEM32\rundll32.exe
                  rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 .\bduefiscan.inf
                  5⤵
                  • Drops file in Drivers directory
                  • Adds Run key to start application
                  PID:3752
                  • C:\Windows\system32\runonce.exe
                    "C:\Windows\system32\runonce.exe" -r
                    6⤵
                    • Checks processor information in registry
                    PID:2128
                    • C:\Windows\System32\grpconv.exe
                      "C:\Windows\System32\grpconv.exe" -o
                      7⤵
                        PID:3928
                  • C:\Windows\SYSTEM32\InfDefaultInstall.exe
                    InfDefaultInstall.exe .\vlflt.inf
                    5⤵
                    • Drops file in Drivers directory
                    • Adds Run key to start application
                    PID:652
                    • C:\Windows\system32\runonce.exe
                      "C:\Windows\system32\runonce.exe" -r
                      6⤵
                      • Checks processor information in registry
                      PID:1944
                      • C:\Windows\System32\grpconv.exe
                        "C:\Windows\System32\grpconv.exe" -o
                        7⤵
                          PID:1192
                    • C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
                      "C:\Program Files\Bitdefender Antivirus Free\vsserv.exe" install
                      5⤵
                      • Executes dropped EXE
                      • Drops file in Program Files directory
                      • Suspicious use of SetWindowsHookEx
                      PID:1348
                      • C:\Program Files\Bitdefender Antivirus Free\agentctrl.exe
                        "C:\Program Files\Bitdefender Antivirus Free\agentctrl.exe" avf_get_agent_field --key="globalex" --field_name="lang"
                        6⤵
                        • Executes dropped EXE
                        • Suspicious use of SetWindowsHookEx
                        PID:2428
                    • \??\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe
                      "\\?\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe" avf_get_agent_field --key="globalex" --field_name="anon_id"
                      5⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      PID:1716
                    • \??\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe
                      "\\?\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe" avf_add_app --appid="com.bitdefender.avfree" --name="Bitdefender Antivirus Free" --status="disabled" --version="1.0.0.3"
                      5⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      PID:3896
                    • \??\c:\program files\bitdefender antivirus free\bdagent.exe
                      "c:\program files\bitdefender antivirus free\bdagent.exe" /stop
                      5⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      PID:2096
                    • C:\Windows\SYSTEM32\regsvr32.exe
                      regsvr32.exe /s /u contextualmenu.dll
                      5⤵
                        PID:3952
                      • C:\Program Files\Bitdefender Antivirus Free\mitm_install_tool_dci.exe
                        "C:\Program Files\Bitdefender Antivirus Free\mitm_install_tool_dci.exe" /uninstall
                        5⤵
                        • Executes dropped EXE
                        • Suspicious use of SetWindowsHookEx
                        PID:2940
                      • C:\Windows\SYSTEM32\fltmc.exe
                        fltmc unload trufos
                        5⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1904
                      • C:\Windows\SYSTEM32\fltmc.exe
                        fltmc unload vlflt
                        5⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2636
                      • C:\Windows\SYSTEM32\rundll32.exe
                        rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 132 .\vlflt.inf
                        5⤵
                        • Drops file in Drivers directory
                        • Adds Run key to start application
                        • Drops file in Windows directory
                        PID:2156
                        • C:\Windows\system32\runonce.exe
                          "C:\Windows\system32\runonce.exe" -r
                          6⤵
                          • Checks processor information in registry
                          PID:3988
                          • C:\Windows\System32\grpconv.exe
                            "C:\Windows\System32\grpconv.exe" -o
                            7⤵
                              PID:1668
                        • C:\Windows\SYSTEM32\rundll32.exe
                          rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 132 .\bduefiscan.inf
                          5⤵
                          • Drops file in Drivers directory
                          • Adds Run key to start application
                          • Drops file in Windows directory
                          PID:3544
                          • C:\Windows\system32\runonce.exe
                            "C:\Windows\system32\runonce.exe" -r
                            6⤵
                            • Checks processor information in registry
                            PID:1300
                            • C:\Windows\System32\grpconv.exe
                              "C:\Windows\System32\grpconv.exe" -o
                              7⤵
                                PID:688
                          • C:\Windows\SYSTEM32\fltmc.exe
                            fltmc unload atc
                            5⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:208
                          • C:\Windows\SYSTEM32\rundll32.exe
                            rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 132 .\atc.inf
                            5⤵
                            • Drops file in Drivers directory
                            • Adds Run key to start application
                            • Drops file in Windows directory
                            PID:676
                            • C:\Windows\system32\runonce.exe
                              "C:\Windows\system32\runonce.exe" -r
                              6⤵
                              • Checks processor information in registry
                              PID:2232
                              • C:\Windows\System32\grpconv.exe
                                "C:\Windows\System32\grpconv.exe" -o
                                7⤵
                                  PID:1848
                            • C:\Windows\SYSTEM32\rundll32.exe
                              rundll32.exe syssetup,SetupInfObjectInstallAction DefaultUninstall 128 .\bddci.inf
                              5⤵
                              • Drops file in Drivers directory
                              • Adds Run key to start application
                              • Drops file in Windows directory
                              PID:3468
                              • C:\Windows\system32\runonce.exe
                                "C:\Windows\system32\runonce.exe" -r
                                6⤵
                                • Checks processor information in registry
                                PID:1184
                                • C:\Windows\System32\grpconv.exe
                                  "C:\Windows\System32\grpconv.exe" -o
                                  7⤵
                                    PID:1104
                              • C:\Windows\SYSTEM32\fltmc.exe
                                fltmc unload gemma
                                5⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:3900
                              • C:\Windows\SYSTEM32\rundll32.exe
                                rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 132 .\gemma.inf
                                5⤵
                                • Drops file in Drivers directory
                                • Adds Run key to start application
                                • Drops file in Windows directory
                                PID:3824
                                • C:\Windows\system32\runonce.exe
                                  "C:\Windows\system32\runonce.exe" -r
                                  6⤵
                                  • Checks processor information in registry
                                  PID:1452
                                  • C:\Windows\System32\grpconv.exe
                                    "C:\Windows\System32\grpconv.exe" -o
                                    7⤵
                                      PID:660
                                • \??\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe
                                  "\\?\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe" avf_get_user
                                  5⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:908
                                • \??\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe
                                  "\\?\c:\program files\bitdefender antivirus free\kitinstaller\agentctrl.exe" avf_rem_app --appid="com.bitdefender.avfree"
                                  5⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2824
                                • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
                                  "C:\Program Files/Bitdefender Agent/ProductAgentService.exe" module_uninstalled=com.bitdefender.avfree
                                  5⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:1268
                          • C:\Program Files\Bitdefender Agent\WatchDog.exe
                            "C:\Program Files\Bitdefender Agent\WatchDog.exe" install
                            2⤵
                            • Executes dropped EXE
                            • Modifies data under HKEY_USERS
                            PID:776
                          • C:\Windows\TEMP\bd_A453.tmp\xxxA454.tmp
                            "C:\Windows\TEMP\bd_A453.tmp\xxxA454.tmp" /source:connect_upgrade /silent
                            2⤵
                            • Executes dropped EXE
                            PID:368
                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
                              "C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"
                              3⤵
                                PID:3752
                          • \??\c:\windows\system32\svchost.exe
                            c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost
                            1⤵
                            • Drops file in Windows directory
                            PID:2072
                          • C:\Windows\system32\compattelrunner.exe
                            C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW
                            1⤵
                              PID:3988

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
                              MD5

                              5a9220526894c7cdef5a8d6a9b9b0bba

                              SHA1

                              8e125ecdcf1e4f788f53765951197c0d971f08dd

                              SHA256

                              49af181fb49277d1db6c76e30614b776ef182e353e856ec6562f71ad6da224ef

                              SHA512

                              4800fd6e1172de6561c49e2fe36a2600a9c85bbf45151a12d0e017e5e540529894abe01fa965c27f57e28f6d490b12346044182ff7f41f0f781f7a4e6d39a098

                              Download Submit

                            • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
                              MD5

                              5a9220526894c7cdef5a8d6a9b9b0bba

                              SHA1

                              8e125ecdcf1e4f788f53765951197c0d971f08dd

                              SHA256

                              49af181fb49277d1db6c76e30614b776ef182e353e856ec6562f71ad6da224ef

                              SHA512

                              4800fd6e1172de6561c49e2fe36a2600a9c85bbf45151a12d0e017e5e540529894abe01fa965c27f57e28f6d490b12346044182ff7f41f0f781f7a4e6d39a098

                              Download Submit

                            • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
                              MD5

                              5a9220526894c7cdef5a8d6a9b9b0bba

                              SHA1

                              8e125ecdcf1e4f788f53765951197c0d971f08dd

                              SHA256

                              49af181fb49277d1db6c76e30614b776ef182e353e856ec6562f71ad6da224ef

                              SHA512

                              4800fd6e1172de6561c49e2fe36a2600a9c85bbf45151a12d0e017e5e540529894abe01fa965c27f57e28f6d490b12346044182ff7f41f0f781f7a4e6d39a098

                              Download Submit

                            • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
                              MD5

                              5a9220526894c7cdef5a8d6a9b9b0bba

                              SHA1

                              8e125ecdcf1e4f788f53765951197c0d971f08dd

                              SHA256

                              49af181fb49277d1db6c76e30614b776ef182e353e856ec6562f71ad6da224ef

                              SHA512

                              4800fd6e1172de6561c49e2fe36a2600a9c85bbf45151a12d0e017e5e540529894abe01fa965c27f57e28f6d490b12346044182ff7f41f0f781f7a4e6d39a098

                              Download Submit

                            • C:\Program Files\Bitdefender Agent\ProductAgentService.exe
                              MD5

                              5a9220526894c7cdef5a8d6a9b9b0bba

                              SHA1

                              8e125ecdcf1e4f788f53765951197c0d971f08dd

                              SHA256

                              49af181fb49277d1db6c76e30614b776ef182e353e856ec6562f71ad6da224ef

                              SHA512

                              4800fd6e1172de6561c49e2fe36a2600a9c85bbf45151a12d0e017e5e540529894abe01fa965c27f57e28f6d490b12346044182ff7f41f0f781f7a4e6d39a098

                              Download Submit

                            • C:\Program Files\Bitdefender Agent\log.dll
                              MD5

                              7010cccbbb1377ee32b978da143914c9

                              SHA1

                              1a96b533de59b49903a408273afad40b315e04e7

                              SHA256

                              0016743863fa01f760f57f19dc57b0fc037df0a64f33b6c04e5a404186403b8d

                              SHA512

                              a67f08aee46395246f6c6b1939fcdda05cd42f1f817629c10428373b17964127a14197837e06e9c2b5b62adeacb69efe457c86f8382db9e3b271441a3818c08a

                              Download Submit

                            • C:\Program Files\Bitdefender Agent\settings\ProductAgent.json
                              MD5

                              ec6988c6ef6e12084dcfef510b478a06

                              SHA1

                              88b55420a9ec8c4a6d3e48634e2899776fd0aaa2

                              SHA256

                              e1b7760e0875b4d74d98c21afa70494798ffaad796c3f0bb2b1592cadd559508

                              SHA512

                              862018320a2e0ef702f276c82cb4cd19f4c18af092a381ba41251291bd0f6ce9c2646732007593531d846978c08ef43a466b0f08a03bd0cc728fce8aa4de5003

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA4458E7366E94A3C3A9C1FE548B6D21_2D95862FBF9F4D39565F4C6134C2CFB4
                              MD5

                              1af5f828c323d0d6a618984a3e878493

                              SHA1

                              1b73a657109f00125405313e3eac5736e284ff80

                              SHA256

                              774fe63b24dc075a5181faeaa797fb605c890783cbefbe7ee28708b42b8b3b00

                              SHA512

                              b8492f002cbc3feab3bf90ce646cb2e6e96135b2d5315715f44c2cd18dc42fa1c8f4b3187bc8fd7e462e66c9852191807e1f4550d6f0fdb24a5ebe6159de69eb

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9
                              MD5

                              464e1d56fb87ba173247b0194b5b61a6

                              SHA1

                              78395ea897917657b4026689725b2987d1afea84

                              SHA256

                              0943cb04c7d61831a667f5c090f7c4f497b7771fb74ebf15523cf5e51bad6186

                              SHA512

                              b4b5296d99e25b1b3c9376688240140c799d09b743e7ad647e3531c7919e6df293d3b41ce4ff094f2856171179c6559f3a084766330219966693c9f2ce5cec38

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA4458E7366E94A3C3A9C1FE548B6D21_2D95862FBF9F4D39565F4C6134C2CFB4
                              MD5

                              674111598a84238e01992c2d5933da3b

                              SHA1

                              3118c91294cf11dcb2d1bfbfe5e03c5e1cecdfdf

                              SHA256

                              78521803690495aaceeadb5290364d16b273f59ec5ae873f5fd0489b5ad7b9ac

                              SHA512

                              b994e1285acc5950c9910ec8db2bd70ba6b99ef67b75ff291abd87d8edb80405a16ec2a1d377cb3bf329954d43cddee663d9b286d33492cef3cecefbe2c64fd2

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9
                              MD5

                              a7cc697cc91ae62d2defaa4b7a66b351

                              SHA1

                              194b1f644a0a60cebfe61a47bd5ce09c78471887

                              SHA256

                              11f1893b036d8661e2ddfbbc8874861bd36476a13da106a23297f9b4d6e32231

                              SHA512

                              854c3c0b0ede780b5fc0f05ec61cebce7ad5bcff19cf5804b9f5649d3744eeff2d29704d400f8c98e3d6844b0b6e7862f685c69ccd61179c74aa6754854add2a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
                              MD5

                              83e5e7729d84dba2334c136a661b8aea

                              SHA1

                              1fc0d21ca5eb2af17127cc5ee21c716eaeef3d0d

                              SHA256

                              9dca3a6cac000a6f9754a8663a2c4396d771e938191852f01a2f21f81c5a5544

                              SHA512

                              c0a1d47bbd226c8d1f8e66becdeb30ef60798e5b0399baa0f692e65918ba8b72324b8f4e0a1e216e23fc0f00d0c9f5a474e73e419167ed858622270ecc0bd0fa

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
                              MD5

                              83e5e7729d84dba2334c136a661b8aea

                              SHA1

                              1fc0d21ca5eb2af17127cc5ee21c716eaeef3d0d

                              SHA256

                              9dca3a6cac000a6f9754a8663a2c4396d771e938191852f01a2f21f81c5a5544

                              SHA512

                              c0a1d47bbd226c8d1f8e66becdeb30ef60798e5b0399baa0f692e65918ba8b72324b8f4e0a1e216e23fc0f00d0c9f5a474e73e419167ed858622270ecc0bd0fa

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
                              MD5

                              3a6b22d6b024c34d6c67cbe5e0227c01

                              SHA1

                              e8b6a14853dcfc94e58a5c84e6811b7d68f440aa

                              SHA256

                              a5420672893b78be7e1bbc304611647bca8d72b9f7107fb0ad5b143ca46ae351

                              SHA512

                              1799743763c87d8df964b435bb62eb8edee167b529d0181c614bca3ca4ffbea4cb79453590382c00caadc75303ebe194ab126ad6e1695686808bae12e9752020

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
                              MD5

                              3a6b22d6b024c34d6c67cbe5e0227c01

                              SHA1

                              e8b6a14853dcfc94e58a5c84e6811b7d68f440aa

                              SHA256

                              a5420672893b78be7e1bbc304611647bca8d72b9f7107fb0ad5b143ca46ae351

                              SHA512

                              1799743763c87d8df964b435bb62eb8edee167b529d0181c614bca3ca4ffbea4cb79453590382c00caadc75303ebe194ab126ad6e1695686808bae12e9752020

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\deploy.dll
                              MD5

                              c6bb119f9e0bee672fcecc1f8c20ee12

                              SHA1

                              8585a98ab579e643e7c8ce06eec8cde8923ab880

                              SHA256

                              ac92d5893312504a6c7d9bf7c9ed6e2ae8f66050813f44211e6ee7dc5d7d6240

                              SHA512

                              490e63c95fe7082e4a54e1bfc0ae6f1ad7b3b66b73219c5cdc56ff2e3ed0f057224e934abe3b7ff0fd34f1551b7e3d3f04c0e1b3fab903b5b4ad984cf3838b1b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\additional.dll
                              MD5

                              025f39dfb155d7e1a284fba5afb0433d

                              SHA1

                              d1f7c8daf18aa98384db663836d6ca8e97a0c9cb

                              SHA256

                              cc42be297f211d386815b43fd9cbaf1224b2bcd991922704709d1607e9ad1231

                              SHA512

                              1d359081899cb529458013dd4d866c098721bed9c6b35ea99a3b925142df44b2c0e656277d7567a82ab6fc2e9d64ce87924dfa08d0072f1dbfd98adb499ef7c5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exe
                              MD5

                              9df339b85c3b946d83478316f0498f0c

                              SHA1

                              a98b48fc668c1848f20772079ea3b581761a5000

                              SHA256

                              a53fd61ef314400f2c42accd09536712278a19e9e4e06872d7b8a5f52e5197bb

                              SHA512

                              bbe86d0db42dcfd296aa7a142350882c0ef4366116027567e62484c2062cdb075dbf5599c68cb641ad26c7727ec57064d7a902e62c4c83f454f3282611d28a07

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exe.md5
                              MD5

                              4a98144e1d8ef3216752dad96163e291

                              SHA1

                              8bbee3cb7a5e485b053a6b353539eef8a6df5499

                              SHA256

                              d2eb0168f319a63f16063f3c3d5eed25aaa909af972d80916bd9498920738b3d

                              SHA512

                              2151bf4778b8340dac6c7ec10e406a310ecca064130f6ab3c6878250268f0af03dfdc2aba609995c6bc598243cc19c9bfc7ad72ec3cb50fed42c182da9088dbf

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\bdec.dll
                              MD5

                              7a8afacf6cc99e0759b3f8c6a5ac4260

                              SHA1

                              bf860e35136aac48aa69f45f0f7f6ff1efac4f8f

                              SHA256

                              ea1c19bee7e5736e2d1b28253be1f386e14047bea30a88b9995f71b22143e107

                              SHA512

                              9bd37b31d0c086349b236d3aea9c64b6564af363426a89e25f720200106afae3b40fd12142efe0e1bd165aadf283e82cd59269abd132722394294c0d093f1898

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\bdnc.client_id
                              MD5

                              d9ece779fd3a8647e1556499676f7c23

                              SHA1

                              4831f5e80dd5ba10c6dba085a3b7b1eefa4b7487

                              SHA256

                              59d0581145893b38a7725886f659f2de0936af9cb4bde0ff535499b1fed2a0b6

                              SHA512

                              d06303625f8b500e72e520b93d109658c61c4ee7221a95fae01ce72c6ec299b8946fb75712d13317024efe149cd8940930293b372b1278ef8140ae7d38315380

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\bdnc.dll
                              MD5

                              5c78f5ff3da68d2e183ab0a70732a603

                              SHA1

                              d8b5b929a91f08e7370351f4953d0a79b981d298

                              SHA256

                              3d5bd5b7bbe3acb9fe4864879f91de4dcc44be69bfdaea7d9535940d365c91b2

                              SHA512

                              19edf3e927efbf7be5866622bce182e6c8ca020977938aa3fd2fe209e40dd12ad2932ef2564aa6b3d65720105c173481c2827114bf73a32786b2a3978800bfb1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\bdnc.ini
                              MD5

                              96b5e37e6494da2a8f09e98df5c58004

                              SHA1

                              dbbdd9d6dd0a685e6841efea364b547ac2172443

                              SHA256

                              dd5c7a764b9fea6f8c458d9b669b5764c46284dea68ce52b43136c4812d27fd7

                              SHA512

                              c35518b34e91dba5424e790398d9d1970bfa8baa99b164fad41b0f52b14b633e5846730a320d31f8b95d5fba9519e6a256915a71db412cc07411f6337f50610c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\bdnc.ini.md5
                              MD5

                              b0305e5ee72ba268d281996038a6ee57

                              SHA1

                              80b974606576ac0c79cc5ba4364ca883e3644728

                              SHA256

                              5ace615a54dc4c1b094e7678b4793f15ca7f413b05985c433135e132e0137e96

                              SHA512

                              a09c61e5df2b9df0512dcc1227e3d9bd5b28e029eff6fe9da5029ffbff39548e3e5df67ca2a6b9aee05d4d073ecacadee3f6bf8b6488c72f44f66322610d83e9

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\data\params.json
                              MD5

                              0ea43d5f01d5312e31eda1130edf01de

                              SHA1

                              15071c48eeb1031ae5380f076fd33488920bf66e

                              SHA256

                              93aa4de5176d51e9618c44991677765203c7326679e2deeaefe19129a9d60c86

                              SHA512

                              cf14d54c2fc9d5e4015ae979abfbc3201b2b7c5b4eef29f58a3cd534328d4226cc0024aea6c580e85cf266a1760f11384fb5eecfde8c3d8359b2fdbf077dcc77

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
                              MD5

                              c6bae9e792730109af8d49151a95993d

                              SHA1

                              3616cca9230ac0374c32bc093d4de0b15104e052

                              SHA256

                              1534eb7212c7287c12706be08a9f6b85c8ebe87502ea086fcee0f86223d3be1c

                              SHA512

                              45c6d71baa4349a4c36231dfd32421d8e3013d9a5b4bb21c403e0641a34a9b7f0ec8b429c3964535fbc1714eea164fb962727e7528f824934db940742470b46c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
                              MD5

                              c6bae9e792730109af8d49151a95993d

                              SHA1

                              3616cca9230ac0374c32bc093d4de0b15104e052

                              SHA256

                              1534eb7212c7287c12706be08a9f6b85c8ebe87502ea086fcee0f86223d3be1c

                              SHA512

                              45c6d71baa4349a4c36231dfd32421d8e3013d9a5b4bb21c403e0641a34a9b7f0ec8b429c3964535fbc1714eea164fb962727e7528f824934db940742470b46c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\ar-SA.dll
                              MD5

                              b0b5b4962437b7c92e40a1586b7b9b26

                              SHA1

                              085d7932ee5ec28ee8b372ba8a66d6943db1b64b

                              SHA256

                              65f84eb201b4131cfae29c1fe6ae4da6bcac1aea92b5549b4778921ff536e3b3

                              SHA512

                              a8be78f4c3fa6df39bd62dd3f44699494562f01bc5252bf3a408421f4e100f6558f75cf90dc0445d6cc526063676c814183d9f8ae35c0662f48b1406af068e12

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\cs-CZ.dll
                              MD5

                              dd77c5ead52525733decdb387c1452c4

                              SHA1

                              806cd132ca23a308ab01be444154f928b104c324

                              SHA256

                              e48eb527ee2a32f8a249edceb1a66f055bbf573e5520e3959ea6e1ca5d48c4e5

                              SHA512

                              6d3687da957873f820c447d4f2b9dc54a865f7be7a34fc651eeb2d59b9d99ceb3ea9a4f0ba4eeda96dd7f046edc3e05add711a5d61fa5a4169eff84239935d2d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\de-DE.dll
                              MD5

                              54f4801c9d3680c87efc7dedc117f5ff

                              SHA1

                              ccfdd29830f81938289403f2fd969043f3da0dad

                              SHA256

                              cf4f1c1be9452bcd8ca744dad36f3950b48d3bedbdfc6c5415ef867a954890c2

                              SHA512

                              fa4f9e3233323a42d8942d12337297f1b407850884e9e0b94a78d6e91e942bbf4bf549542404523f00e10defcfe37c2cd6ee3ae48db4c1367b9ffbf66d6c2a20

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\el-GR.dll
                              MD5

                              49bd8765f02c8f3f0c8e7652c18c647a

                              SHA1

                              23a4785f31697bee56dfe8aca113641262075756

                              SHA256

                              5e812b1522d9e7674b5d6e41f383d842c2460f9839e3d76231795146e62ec9c6

                              SHA512

                              a95671db151e9c67fd032d559135f73ee89fb81b10fc1a2d63b2f197a385faca78f99b696da12addfe75b5a5357c8adc4c0c2c0d49a22602122340c4cd1de40f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\en-us.dll
                              MD5

                              b12cc9fdccd76f28de9baf993d97dfc0

                              SHA1

                              44615f21aa5fde260b4446a04fa020fb76454f27

                              SHA256

                              d5d2f7820aac93cb02579b500fd1fe256e163e5f6aba63f604717f6055a5dd51

                              SHA512

                              134953296fca2c76ffbaaa11b16afb719d8c613f780d1367fba7ac4da46fdefcaab8620c0ecf1c2b73c7c843060b87f48dbabaf9814d81866aada4cfeddaa1d5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\es-ES.dll
                              MD5

                              544c2ef53c8829b6bb7bf85b8e0b95a9

                              SHA1

                              6addbd783b37b3f45666426a6afd5e166606a420

                              SHA256

                              e4bd63456b152d1879762514807b2a5e9b47a8be23a9aa23d18fdc680824f63b

                              SHA512

                              9f621059dc9e6a1990062027703c194843a8d91f1d85c37daa8d792a8def1d6f14d2c95382b0fa118d7e58775f4fddaade88afdcee3c5a468f5bf2625847be54

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\fr-FR.dll
                              MD5

                              7d2fd8aaebccd28a242120fc54ee5aec

                              SHA1

                              d060f15468611dfebcd1d4665099f2f419b53924

                              SHA256

                              b8b36c05b245323a447aea030979c441b22c3f3274a265e79c69661800257d1e

                              SHA512

                              00058627b6f3516a0e49645ca0f571aaa96ebed7ad01406a28c8ec343994034663ea16b3b9bbbe4134b0b4a5762d0c43e863fb5632659bebe7fef290f0eda5c2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\hu-HU.dll
                              MD5

                              e332695c7bd1629dd8ed11ec65d2e6ab

                              SHA1

                              f42b1277a196eeac7e9a03be00aaba30428f9b31

                              SHA256

                              d9a0faad9032b8fc40777ff032f4af71afe264d4ccf581a4a8990e38fd516a95

                              SHA512

                              989bb3d8b677564fa70a249fa2c6f63836d4cad1fd3755366c886061077b661b1efc2c31f53b3c26018efca8b0914d6eb3f6e2ad602caa26cb55ab2f741ee2ae

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\it-IT.dll
                              MD5

                              ae26b3a6db8de0310557fb6cbfd5845c

                              SHA1

                              5b6c0a2bbb1feebe5ca053830233df4158960d39

                              SHA256

                              11f1e8d37c8da5b717dcd4a4aefc0bb26a874b1478404c3f0aaf0d8f57d68100

                              SHA512

                              5281870a37759777a8f182fc828a9acc08ebe53bb2c607f4f69b1dc5d06e774db93204001ac50765acfa70b77b8847cb9a9f56d2ff1d93ff86a525d85efa9501

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\ja-JP.dll
                              MD5

                              a404969e2138bd0549f733a7ec88533e

                              SHA1

                              5c78f9c5f560af47127c516e349d23c36b09ddc9

                              SHA256

                              5ade8211fe7ad65e96e706c420f3a7c866e6429ad3e1d6e70b827d349feb460a

                              SHA512

                              813c0289ba5198044626e173ebcd787ff7ab56d95a889f69c67049918d83dfcf7572a2d35e89bcf279b56e696a69d401dd63dc13e883b00ba527e6426b4486a9

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\ko-KR.dll
                              MD5

                              4b04a0844541fde5983a746eaf83e5f4

                              SHA1

                              093b840007f6ccdf26b8c38dcb84effff88a3331

                              SHA256

                              91b112bfad92e037b336df927c8ec3ad20fb3ad1112d2e22aae190fa57034750

                              SHA512

                              e0b5b72010e23f58a4a69f298963be785fe1f487cc98d67485372d8abfcc9d678a48a504f5412997e1b0c6d17afc79b374a6eec412054e047f4f0373cfe25405

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\ltr\resources.dll
                              MD5

                              7ad4aad18ec0256c4433175574a52e99

                              SHA1

                              3e81d026748e380a6f0abd5ae16c8611a48b264f

                              SHA256

                              09bd66be6b0102a045941204411d5fda2d840f2f0fafb9991a5b5425babf6f7f

                              SHA512

                              287fb50360f89bcd18f3d7cf44d39281c23fa55ac3e0dcc645b44b478789c07d9b7592eed17408028fe8ff4e06929ed8bbb09c5e556570de6a36b78799027465

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\nl-NL.dll
                              MD5

                              c7d5e436c8b90d233a15badeabcda8f9

                              SHA1

                              6478d008378e8cf46c779fcbc8a643eefd08d3a7

                              SHA256

                              3f4b8a77f529483265199d1804eb0ae770ee18bcf3dd2d176ce405cd77f3749c

                              SHA512

                              18c91b2c0ed4f7838d5e18bd4c710b2f269eddac0ee42f41143dcf1186aa736b35592605be7cdb6df6a2d9fd7bbdf8f069af9b3d938d09c93fc70ddac0f57599

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\productagentdp.dll
                              MD5

                              15bf97f8068d55cf2e10d3ad4249acaf

                              SHA1

                              bc728ed18612228f5615b31b70c2aee1c998f4a6

                              SHA256

                              91c30106ba4dcbe94b157b230942adaf5e9c41963aa40af61b599a8d08d79287

                              SHA512

                              6548f7be052e9ffdbbe3d3cbed64a2ce047b9de36f9d4ba3354ca9a159a2d896d778b92ea5d32cf8d4353da9eafaa7fd09c6d2c12bdefcd0067b89c899cf7683

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\sciter.dll
                              MD5

                              3f0d0f2e9fbe0e7ce13c32ba5ab2d97f

                              SHA1

                              fbc93adf50682e997c90828f1a74390867942a18

                              SHA256

                              34ad9b28ec210b66a2459faa0f75436a152ef1011fe52a3321cf3d8b1c8ba80b

                              SHA512

                              67cbf9873104072b432dec68742b572818eaff8e9fb9921d3c2d9587b765cbaa0deab139e97fa8a9308b79a0c944ce66858d6175bb40c66491f6a09131a916c1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
                              MD5

                              9897e1c9764cdf61e47cf6be86ac7553

                              SHA1

                              65dc4367143ef1cfe4743fc0375408f5c3aedab6

                              SHA256

                              3812b6e6804aa33959a8e4249f9a43549affbb0ba31dd6781f32eecca290dc50

                              SHA512

                              b05c58b04d466a3575b46967c244fa90220cdfd713d8e5cb2f07cd1af1e1212645b8ee901ff350c109d93da88f272f2b85b3e999cae82e4dc9ed705893279ffe

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
                              MD5

                              9897e1c9764cdf61e47cf6be86ac7553

                              SHA1

                              65dc4367143ef1cfe4743fc0375408f5c3aedab6

                              SHA256

                              3812b6e6804aa33959a8e4249f9a43549affbb0ba31dd6781f32eecca290dc50

                              SHA512

                              b05c58b04d466a3575b46967c244fa90220cdfd713d8e5cb2f07cd1af1e1212645b8ee901ff350c109d93da88f272f2b85b3e999cae82e4dc9ed705893279ffe

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe.md5
                              MD5

                              532fb2cc2e2cedee12a4b7f8f8beea34

                              SHA1

                              7d31c5c7d4469c6877d4fa309211380b15ac98c5

                              SHA256

                              ca68a86c3ca580dadb174e58185a67d929d7dc3744961070ddd9e1dc6cd03cfe

                              SHA512

                              559511f291a2e9134a62b26048667985ea0cea9710ea02de7e2770ee996ff461aad3c0dbca08a8ef7d439b6fe5eafe774c3f6c457b049e5ef71256f811ead52d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\unrar.dll
                              MD5

                              ae9c5338d8495eea829e79799cea0357

                              SHA1

                              3491d6c2ce04f49b92b3eb424148432fb179bcdb

                              SHA256

                              799232852e8813bcbf846e3d78abfbddf62eb59a639f0a74350a738204e5ab91

                              SHA512

                              452c39a89023e840a095d2ef754712d61e1c02e5f7f1ab52958e2ee4359f06f9f3055901ddf9318c0fe771e31a62c354f6bbcd8065c61ff4563f71afc3660d46

                              Download Submit

                            • \Program Files\Bitdefender Agent\log.dll
                              MD5

                              7010cccbbb1377ee32b978da143914c9

                              SHA1

                              1a96b533de59b49903a408273afad40b315e04e7

                              SHA256

                              0016743863fa01f760f57f19dc57b0fc037df0a64f33b6c04e5a404186403b8d

                              SHA512

                              a67f08aee46395246f6c6b1939fcdda05cd42f1f817629c10428373b17964127a14197837e06e9c2b5b62adeacb69efe457c86f8382db9e3b271441a3818c08a

                              Download Submit

                            • \Program Files\Bitdefender Agent\log.dll
                              MD5

                              7010cccbbb1377ee32b978da143914c9

                              SHA1

                              1a96b533de59b49903a408273afad40b315e04e7

                              SHA256

                              0016743863fa01f760f57f19dc57b0fc037df0a64f33b6c04e5a404186403b8d

                              SHA512

                              a67f08aee46395246f6c6b1939fcdda05cd42f1f817629c10428373b17964127a14197837e06e9c2b5b62adeacb69efe457c86f8382db9e3b271441a3818c08a

                              Download Submit

                            • \Program Files\Bitdefender Agent\log.dll
                              MD5

                              7010cccbbb1377ee32b978da143914c9

                              SHA1

                              1a96b533de59b49903a408273afad40b315e04e7

                              SHA256

                              0016743863fa01f760f57f19dc57b0fc037df0a64f33b6c04e5a404186403b8d

                              SHA512

                              a67f08aee46395246f6c6b1939fcdda05cd42f1f817629c10428373b17964127a14197837e06e9c2b5b62adeacb69efe457c86f8382db9e3b271441a3818c08a

                              Download Submit

                            • \Program Files\Bitdefender Agent\log.dll
                              MD5

                              7010cccbbb1377ee32b978da143914c9

                              SHA1

                              1a96b533de59b49903a408273afad40b315e04e7

                              SHA256

                              0016743863fa01f760f57f19dc57b0fc037df0a64f33b6c04e5a404186403b8d

                              SHA512

                              a67f08aee46395246f6c6b1939fcdda05cd42f1f817629c10428373b17964127a14197837e06e9c2b5b62adeacb69efe457c86f8382db9e3b271441a3818c08a

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\ProductAgentDP.dll
                              MD5

                              15bf97f8068d55cf2e10d3ad4249acaf

                              SHA1

                              bc728ed18612228f5615b31b70c2aee1c998f4a6

                              SHA256

                              91c30106ba4dcbe94b157b230942adaf5e9c41963aa40af61b599a8d08d79287

                              SHA512

                              6548f7be052e9ffdbbe3d3cbed64a2ce047b9de36f9d4ba3354ca9a159a2d896d778b92ea5d32cf8d4353da9eafaa7fd09c6d2c12bdefcd0067b89c899cf7683

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\additional.dll
                              MD5

                              025f39dfb155d7e1a284fba5afb0433d

                              SHA1

                              d1f7c8daf18aa98384db663836d6ca8e97a0c9cb

                              SHA256

                              cc42be297f211d386815b43fd9cbaf1224b2bcd991922704709d1607e9ad1231

                              SHA512

                              1d359081899cb529458013dd4d866c098721bed9c6b35ea99a3b925142df44b2c0e656277d7567a82ab6fc2e9d64ce87924dfa08d0072f1dbfd98adb499ef7c5

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\additional.dll
                              MD5

                              025f39dfb155d7e1a284fba5afb0433d

                              SHA1

                              d1f7c8daf18aa98384db663836d6ca8e97a0c9cb

                              SHA256

                              cc42be297f211d386815b43fd9cbaf1224b2bcd991922704709d1607e9ad1231

                              SHA512

                              1d359081899cb529458013dd4d866c098721bed9c6b35ea99a3b925142df44b2c0e656277d7567a82ab6fc2e9d64ce87924dfa08d0072f1dbfd98adb499ef7c5

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\additional.dll
                              MD5

                              025f39dfb155d7e1a284fba5afb0433d

                              SHA1

                              d1f7c8daf18aa98384db663836d6ca8e97a0c9cb

                              SHA256

                              cc42be297f211d386815b43fd9cbaf1224b2bcd991922704709d1607e9ad1231

                              SHA512

                              1d359081899cb529458013dd4d866c098721bed9c6b35ea99a3b925142df44b2c0e656277d7567a82ab6fc2e9d64ce87924dfa08d0072f1dbfd98adb499ef7c5

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\en-US.dll
                              MD5

                              b12cc9fdccd76f28de9baf993d97dfc0

                              SHA1

                              44615f21aa5fde260b4446a04fa020fb76454f27

                              SHA256

                              d5d2f7820aac93cb02579b500fd1fe256e163e5f6aba63f604717f6055a5dd51

                              SHA512

                              134953296fca2c76ffbaaa11b16afb719d8c613f780d1367fba7ac4da46fdefcaab8620c0ecf1c2b73c7c843060b87f48dbabaf9814d81866aada4cfeddaa1d5

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\en-US.dll
                              MD5

                              b12cc9fdccd76f28de9baf993d97dfc0

                              SHA1

                              44615f21aa5fde260b4446a04fa020fb76454f27

                              SHA256

                              d5d2f7820aac93cb02579b500fd1fe256e163e5f6aba63f604717f6055a5dd51

                              SHA512

                              134953296fca2c76ffbaaa11b16afb719d8c613f780d1367fba7ac4da46fdefcaab8620c0ecf1c2b73c7c843060b87f48dbabaf9814d81866aada4cfeddaa1d5

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\en-US.dll
                              MD5

                              b12cc9fdccd76f28de9baf993d97dfc0

                              SHA1

                              44615f21aa5fde260b4446a04fa020fb76454f27

                              SHA256

                              d5d2f7820aac93cb02579b500fd1fe256e163e5f6aba63f604717f6055a5dd51

                              SHA512

                              134953296fca2c76ffbaaa11b16afb719d8c613f780d1367fba7ac4da46fdefcaab8620c0ecf1c2b73c7c843060b87f48dbabaf9814d81866aada4cfeddaa1d5

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\en-US.dll
                              MD5

                              b12cc9fdccd76f28de9baf993d97dfc0

                              SHA1

                              44615f21aa5fde260b4446a04fa020fb76454f27

                              SHA256

                              d5d2f7820aac93cb02579b500fd1fe256e163e5f6aba63f604717f6055a5dd51

                              SHA512

                              134953296fca2c76ffbaaa11b16afb719d8c613f780d1367fba7ac4da46fdefcaab8620c0ecf1c2b73c7c843060b87f48dbabaf9814d81866aada4cfeddaa1d5

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\ltr\resources.dll
                              MD5

                              7ad4aad18ec0256c4433175574a52e99

                              SHA1

                              3e81d026748e380a6f0abd5ae16c8611a48b264f

                              SHA256

                              09bd66be6b0102a045941204411d5fda2d840f2f0fafb9991a5b5425babf6f7f

                              SHA512

                              287fb50360f89bcd18f3d7cf44d39281c23fa55ac3e0dcc645b44b478789c07d9b7592eed17408028fe8ff4e06929ed8bbb09c5e556570de6a36b78799027465

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\ltr\resources.dll
                              MD5

                              7ad4aad18ec0256c4433175574a52e99

                              SHA1

                              3e81d026748e380a6f0abd5ae16c8611a48b264f

                              SHA256

                              09bd66be6b0102a045941204411d5fda2d840f2f0fafb9991a5b5425babf6f7f

                              SHA512

                              287fb50360f89bcd18f3d7cf44d39281c23fa55ac3e0dcc645b44b478789c07d9b7592eed17408028fe8ff4e06929ed8bbb09c5e556570de6a36b78799027465

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\sciter.dll
                              MD5

                              3f0d0f2e9fbe0e7ce13c32ba5ab2d97f

                              SHA1

                              fbc93adf50682e997c90828f1a74390867942a18

                              SHA256

                              34ad9b28ec210b66a2459faa0f75436a152ef1011fe52a3321cf3d8b1c8ba80b

                              SHA512

                              67cbf9873104072b432dec68742b572818eaff8e9fb9921d3c2d9587b765cbaa0deab139e97fa8a9308b79a0c944ce66858d6175bb40c66491f6a09131a916c1

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\unrar.dll
                              MD5

                              ae9c5338d8495eea829e79799cea0357

                              SHA1

                              3491d6c2ce04f49b92b3eb424148432fb179bcdb

                              SHA256

                              799232852e8813bcbf846e3d78abfbddf62eb59a639f0a74350a738204e5ab91

                              SHA512

                              452c39a89023e840a095d2ef754712d61e1c02e5f7f1ab52958e2ee4359f06f9f3055901ddf9318c0fe771e31a62c354f6bbcd8065c61ff4563f71afc3660d46

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\unrar.dll
                              MD5

                              ae9c5338d8495eea829e79799cea0357

                              SHA1

                              3491d6c2ce04f49b92b3eb424148432fb179bcdb

                              SHA256

                              799232852e8813bcbf846e3d78abfbddf62eb59a639f0a74350a738204e5ab91

                              SHA512

                              452c39a89023e840a095d2ef754712d61e1c02e5f7f1ab52958e2ee4359f06f9f3055901ddf9318c0fe771e31a62c354f6bbcd8065c61ff4563f71afc3660d46

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\RarSFX0\packages\unrar.dll
                              MD5

                              ae9c5338d8495eea829e79799cea0357

                              SHA1

                              3491d6c2ce04f49b92b3eb424148432fb179bcdb

                              SHA256

                              799232852e8813bcbf846e3d78abfbddf62eb59a639f0a74350a738204e5ab91

                              SHA512

                              452c39a89023e840a095d2ef754712d61e1c02e5f7f1ab52958e2ee4359f06f9f3055901ddf9318c0fe771e31a62c354f6bbcd8065c61ff4563f71afc3660d46

                              Download Submit

                            • memory/208-258-0x0000000000000000-mapping.dmp

                              Download

                            • memory/424-228-0x0000000000000000-mapping.dmp

                              Download

                            • memory/504-194-0x0000000074D70000-0x0000000074E40000-memory.dmp

                              Filesize

                              832KB

                              Download

                            • memory/532-221-0x0000000000000000-mapping.dmp

                              Download

                            • memory/648-139-0x000000006CD70000-0x000000006CD80000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/648-136-0x0000000000000000-mapping.dmp

                              Download

                            • memory/652-232-0x0000000000000000-mapping.dmp

                              Download

                            • memory/660-268-0x0000000000000000-mapping.dmp

                              Download

                            • memory/676-259-0x0000000000000000-mapping.dmp

                              Download

                            • memory/688-257-0x0000000000000000-mapping.dmp

                              Download

                            • memory/748-201-0x000000006CD70000-0x000000006CD80000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/748-203-0x0000000074D70000-0x0000000074E40000-memory.dmp

                              Filesize

                              832KB

                              Download

                            • memory/748-200-0x0000000000000000-mapping.dmp

                              Download

                            • memory/748-205-0x0000000074D70000-0x0000000074E40000-memory.dmp

                              Filesize

                              832KB

                              Download

                            • memory/776-219-0x000000006CD70000-0x000000006CD80000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/776-218-0x0000000000000000-mapping.dmp

                              Download

                            • memory/808-134-0x0000000000000000-mapping.dmp

                              Download

                            • memory/908-269-0x0000000000000000-mapping.dmp

                              Download

                            • memory/940-217-0x0000000000000000-mapping.dmp

                              Download

                            • memory/996-220-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1104-264-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1184-263-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1188-223-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1192-234-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1216-170-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1224-199-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1256-167-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1280-227-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1300-123-0x00000000029F0000-0x00000000029F1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1300-256-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1300-124-0x00000000029F0000-0x00000000029F1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1300-121-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1348-235-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1348-236-0x00007FFE1F440000-0x00007FFE1F450000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/1348-238-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/1348-239-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/1396-173-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1452-267-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1668-254-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1676-215-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1716-240-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1752-206-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1848-261-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1904-250-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1944-233-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2096-245-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/2096-244-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/2096-243-0x00007FFE1F440000-0x00007FFE1F450000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2096-242-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2128-230-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2156-213-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2156-252-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2212-193-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2212-195-0x000000006CD70000-0x000000006CD80000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2232-260-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2248-115-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2248-118-0x0000000002F70000-0x0000000002F71000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2248-117-0x0000000002F70000-0x0000000002F71000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2264-225-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2296-207-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2296-209-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/2296-271-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/2296-208-0x00007FFE1F440000-0x00007FFE1F450000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2428-237-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2556-224-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2636-251-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2940-247-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2940-248-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/2940-249-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/3012-212-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/3012-270-0x00007FFE5F440000-0x00007FFE5F4EE000-memory.dmp

                              Filesize

                              696KB

                              Download

                            • memory/3012-210-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3012-211-0x00007FFE1F440000-0x00007FFE1F450000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3104-196-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3168-226-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3176-214-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3468-262-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3488-222-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3504-197-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3544-255-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3752-229-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3752-272-0x00000000022E0000-0x00000000022E1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3752-273-0x00000000022E0000-0x00000000022E1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3824-266-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3896-241-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3900-265-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3928-231-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3948-216-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3952-246-0x0000000000000000-mapping.dmp

                              Download

                            • memory/3988-253-0x0000000000000000-mapping.dmp

                              Download

                            • memory/4080-157-0x0000000000000000-mapping.dmp

                              Download