Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
11/03/2024, 11:43
General
-
Target
setup.msi
-
Size
2.6MB
-
MD5
959a8c7e22f65f450f54d1b4f81ec7f8
-
SHA1
01b0d9739bdda255096c1e12d52fa0f8bc0ca8cf
-
SHA256
435e9543dd0cbcac3848ecdc102ccf54f393faed95f7374ff4591e5427ca00b8
-
SHA512
1bfc3bb943a9af604d46023e6a392928d079557a004e68e74f0b5815952d8ecae8bbe63312955ae70d01cdf6a5d35a9f440f0bfaf919b1aea7d45a71dfb63978
-
SSDEEP
49152:L51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:LPCMr2NMRmk/XeM9TEeRvx+ch/TlAr
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
-
Stops running service(s) 3 TTPs
-
UPX packed file 12 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Blocklisted process makes network request 3 IoCs
-
Downloads MZ/PE file
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 53 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 52 IoCs
-
Executes dropped EXE 64 IoCs
-
Launches sc.exe 5 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Loads dropped DLL 64 IoCs
-
Registers COM server for autorun 1 TTPs 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 4 IoCs
-
Checks SCSI registry key(s) 3 TTPs 11 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Kills process with taskkill 11 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 5 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\setup.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0D28ACA26F99002C73F96C74407B40AF2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSI85BA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240617125 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation3⤵
- Drops file in Windows directory
- Loads dropped DLL
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 13D11C6961755CB81475DD8CD1E74E1F E Global\MSI00002⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\NET.exe"NET" STOP AteraAgent3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 STOP AteraAgent4⤵
-
-
-
C:\Windows\SysWOW64\TaskKill.exe"TaskKill.exe" /f /im AteraAgent.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000007gaJEIAY"2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 24A8BE7E3B96151D90E8A4A630EC5768 E Global\MSI00002⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSI5719.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240670531 25 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation3⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\NET.exe"NET" STOP AteraAgent3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 STOP AteraAgent4⤵
-
-
-
C:\Windows\SysWOW64\TaskKill.exe"TaskKill.exe" /f /im AteraAgent.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\syswow64\NET.exe"NET" STOP AteraAgent3⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 STOP AteraAgent4⤵
-
-
-
C:\Windows\syswow64\TaskKill.exe"TaskKill.exe" /f /im AteraAgent.exe3⤵
- Kills process with taskkill
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId=""2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 148C10A0CEB02C9A162E807078345110 E Global\MSI00002⤵
- Blocklisted process makes network request
- Drops file in System32 directory
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Modifies registry class
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{78271AD1-953C-4772-B93F-5AB403A7692F}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B410D2C0-3E75-485B-B595-FE6A9A5BAC44}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E04E67C3-B49C-4E80-A29E-667A330EC173}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFA44FC5-AF06-4303-A1DB-1488560FDBF8}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{817B94DA-5249-4B83-82D1-03DD45FC02D5}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1628EA76-959B-495B-990E-75CADAA57FCF}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6C87F469-B0F5-4B56-B8B8-D59918E47ED9}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{628499EF-5E15-4953-91E7-62F74238325F}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0C9B0DBC-CA6D-4F3D-9A13-D6D98A59EB26}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exeC:\Windows\TEMP\{9C57A21E-20F1-4EAE-AFFC-C9EF60C6183D}\_is2224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7655AB39-A88A-4CBB-AAF5-6ABC688F4A11}3⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRServer.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRApp.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRAppPB.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRFeature.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRFeatMini.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRManager.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRAgent.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /F /IM SRChat.exe /T4⤵
- Kills process with taskkill
-
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7BDF8EF0-1C66-437B-A0F1-D0EE7DFB92B8}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E4E16D40-B8B7-4963-ABD4-D1F3DCCDDEE8}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{301614F3-A2C5-4368-BA28-19CBDF6C85C0}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A1798D16-18E5-45EB-9E86-936EA6EB2A9D}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B3DD75BF-684E-477B-93F5-0A662F0AA416}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{06AA72F6-8D8D-4715-92E0-BA8448C1541A}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0C236EC7-FAD9-4A72-9CAC-9C1B5F9BB2EA}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{24FABA84-7931-4785-8FF1-41A0BE1B88EF}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2B9CC60F-CE15-4732-B414-7434B124B986}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exeC:\Windows\TEMP\{5ADB3997-1072-4D7D-B0B3-3B33EE65ABAF}\_is2E5A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{91AA21E8-AE81-4598-8642-83ECD625BA9B}3⤵
- Executes dropped EXE
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A89A711D-203D-48B0-9BCB-A27A813AD489}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A30BA51B-7AF3-48A3-8779-887942B8D511}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C2B830B4-BBF6-4D7E-BDB8-EE4EE99E5C5C}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{061AAD0D-22D8-4C5A-A930-7A9FC9248F98}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4EFE14C9-EC55-44FE-B13F-A66C4EF5224A}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EB9FA5A8-74E2-45C6-A956-A070B0F0D15C}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{62C1A806-5869-4005-9158-6E1AB967D9A7}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4B4D2E86-094F-45EB-9106-3531F014AB0C}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{18A1A2A0-E49C-4546-A465-D27009FA52ED}3⤵
-
-
C:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exeC:\Windows\TEMP\{4A710DAF-1890-4AF8-AB73-83B7FB284DAF}\_is39F4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{384ED687-2CC9-4442-9B91-1E4F59FD478B}3⤵
-
-
C:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\SetupUtil.exeC:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\SetupUtil.exe /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"3⤵
-
-
C:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\SetupUtil.exeC:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\SetupUtil.exe /P USERSESSIONID3⤵
-
-
C:\Windows\SysWOW64\reg.exereg.exe import "C:\Windows\TEMP\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\CredProvider_Inst.reg" /reg:643⤵
- Registers COM server for autorun
- Modifies registry class
-
-
C:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\SetupUtil.exeC:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\SetupUtil.exe /P ST_EVENT3⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"4⤵
-
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"4⤵
-
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g3⤵
- Drops file in Program Files directory
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{988F8ACF-18C8-4762-ADA1-1DAED40B8650}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{52CCFD02-49C8-48FD-A32A-F69F30518A88}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{890CA543-FA78-4C78-AD43-5A22A8777B1D}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{38A7114B-3358-4E2E-A00C-2376B5C6BB9C}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{910D5CF5-C8DF-4679-AC19-FF554F85FABC}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B2AC2BC7-3762-4D8A-963E-8B992CA432EE}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{39C2ED08-8455-4FFA-88C7-99E49AA5887F}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A8E64A7B-B759-40D9-BA42-1C36CA7B00AC}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AE4AEBB5-71BC-4B2C-923B-D7628C700725}3⤵
-
-
C:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exeC:\Windows\TEMP\{46C08344-DDC4-451D-9992-1C1021768AEB}\_is4DEB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A31A9C5C-5938-438D-BA2B-59D420A1D2C2}3⤵
-
-
C:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\Splashtop_Software_Updater.exeC:\Windows\Temp\{D9DF021F-C8EC-4644-BE85-A2A78F3CFF52}\Splashtop_Software_Updater.exe /S /Caller=SVR3⤵
- Loads dropped DLL
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B392A1CA-B38C-4C58-996B-1854868B7952}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{73DAF5AF-E852-43DD-84FC-F15EF5F30873}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DC74CCE5-992A-4661-AF1B-D8D99CBA3C2A}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75066F69-4356-4FFA-BD3B-F1ACB4858CEA}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{984DFDD8-DA60-406E-B74D-9F39A3FBADAC}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DD1E45BC-6214-4FDD-9CFD-E9C8351C80C4}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D26564C7-6195-4DC9-8BBF-D3B99F90D98F}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A648316B-3C17-4918-8AF8-80520FD7E8A6}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8D7C674-CDFA-4AA8-8486-A54F1439B6FE}3⤵
-
-
C:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exeC:\Windows\TEMP\{D9CECD5B-68DE-4737-9BA0-7403A90AA20A}\_is586C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9A10B02D-CC01-459F-93E0-60282537D8E5}3⤵
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i3⤵
- Registers COM server for autorun
- Modifies registry class
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{544F2FBF-5121-4425-ABF2-116B2585093B}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4571A43C-65B9-4AE8-BFA4-E2FBB12A9C66}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2BF07633-C319-4715-8C2A-A3CD797BDBC8}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5BE90BFA-E801-4C74-993A-93EBEAC9D01B}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5F114918-4386-426D-BAB9-ED9DAE51F4ED}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EDCDDBD0-A806-404B-8FBA-2C5DC754B791}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AFB02AF7-7DB9-44A5-B663-1B78B3638A3B}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{96EBBF5E-5204-4286-9BB5-DEBD0D3FF0C6}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82221D92-57F9-48C5-8279-B66F100BB61F}3⤵
-
-
C:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exeC:\Windows\TEMP\{5E283147-28B0-4F16-897C-1E5A27FFA1C1}\_is5ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA6EE053-3E10-4BD4-8DD3-171AC81463EB}3⤵
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9082D60E-78A7-4F61-8BEE-96CA6776A92F}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F530DA3D-0BE3-42ED-AD5D-578E3C068969}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37F06D11-BEE0-42E0-9836-C868C46E8A71}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{73456B50-DDE9-4771-BD56-3E70E8A6EA12}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{95BBC7A6-1E6F-4EF6-9273-6EB46E503B92}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5AE5315F-CF0A-47BE-A109-EF9AEB0EF3F3}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F91FEA13-2E8F-4EE6-B286-1D61668BBFA8}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D7355C0E-2069-4CF0-B0BE-99AEA2EB8E49}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AA85E92F-B283-497B-89EE-7068E713A249}3⤵
-
-
C:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exeC:\Windows\TEMP\{1CAB4A70-813B-415D-91A0-2DF613A11301}\_is5DBD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{39AE7746-77E0-4F4D-93E4-548CBC5BF911}3⤵
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"1⤵
- Drops file in System32 directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\sc.exe"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/250002⤵
- Launches sc.exe
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "0d832da8-5663-44cb-a140-208444acc2ce" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "3844f6b9-b23d-4ba9-89a9-94eb62870445" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "d79939e4-c095-469d-88f8-15c7c82b6256" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "1e3990e5-e5db-4f6d-9735-675b6ab30159" agent-api.atera.com/Production 443 or8ixLi90Mf "identified"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "7e754dcc-63e8-4f68-9bc9-8faed77ee03f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cscript.execscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus4⤵
- Modifies data under HKEY_USERS
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cscript.execscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus4⤵
- Modifies data under HKEY_USERS
-
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "bd527817-6d39-4001-95f9-0bf142fdafd5" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile"2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\sc.exe"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/250002⤵
- Launches sc.exe
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "e2aebfac-da9c-410e-bee1-965062a0ea0a" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cscript.execscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus4⤵
- Modifies data under HKEY_USERS
-
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "73cd74ec-2ecf-4d92-a5fc-4c5e2be9796f" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded"2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\TEMP\SplashtopStreamer.exe"C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=13⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Temp\unpack\PreVerCheck.exe"C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msiexec.exemsiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"5⤵
-
-
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "b99f5a50-6c04-42e9-a424-d5bcfe1cbee2" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates"2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SYSTEM32\msiexec.exe"msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_6_7.msi /lv* AteraSetupLog.txt /qn /norestart3⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "bc6ccb5e-5297-4fa3-83f3-1e613fc896c6" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain"2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "a402e704-3e54-4f15-8398-e4b75cb5ae46" agent-api.atera.com/Production 443 or8ixLi90Mf "probe"2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "544a051f-c598-4b83-84b3-aae75ec9ecd0" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjpudWxsfQ=="2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "71460193-56af-436e-9d7a-86a9519c51ea" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor"2⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "1d55c9b7-185b-4c33-be6e-871392abf447" agent-api.atera.com/Production 443 or8ixLi90Mf "connect"2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\TEMP\Agent.Package.Availability\Agent.Package.Availability.exe"C:\Windows\TEMP\Agent.Package.Availability\Agent.Package.Availability.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 1d55c9b7-185b-4c33-be6e-871392abf447 agent-api.atera.com/Production 443 or8ixLi90Mf connect3⤵
- Executes dropped EXE
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "d0d9be60-95ab-45b8-a357-fd1ffa51dd41" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll"2⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "805e6c83-9558-41b6-8972-2fe298badfe5" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat"2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "b0990dfb-7df7-4207-8d56-88a2d1e3bc58" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates"2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "e579cca8-e215-4c84-81ad-1408aec24516" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision"2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "6199bce7-9daa-4e3b-82b1-3ced225fd690" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjI2IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzM1OWI2M2ZiLWNjYzQtNDI0ZS04YjY2LWM1NWEzOGIyNjI4Mi9mNWU2NTZmNTdmYmZkYzVkZDNlYmEwN2NmY2MzMTg0YS9kb3RuZXQtcnVudGltZS02LjAuMjYtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNzAyZWRhNi00NTJmLTQ3YTYtYmY3OC0xODk0YzBhZjM0ZGQvNmYzNTg1Y2U1MGI5MmU4MTJhZWQ2NmYyN2M5NWYzMTAvZG90bmV0LXJ1bnRpbWUtNi4wLjI2LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MTlkMjkwLWQ3YjktNDk1YS04Yjg5LTk4MjY3MzVlZDJjMy80N2Y0NjdmYzRlNDYyMDA1NTMzOTI1MzJjZDg2OWFjYy9kb3RuZXQtcnVudGltZS02LjAuMjYtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci83ZDNjZGQwNC05ZGI4LTQxZGItYmM4Ni00YWY2M2Y5ZWRkNGEvODg5OWZmNzc2ZWVkNDFiM2Y1Mzc2YmZjMDk5MTNjMzYvZG90bmV0LXJ1bnRpbWUtNi4wLjI2LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2I5ZTQzNzE5LWYzY2UtNGIwNC05MDEyLWRiMjc2MWQ4NjQwNy9hNzI2YzFlYWMzYjhjMjA4NmEwNjc0MDZkYWU5MWJmYS9kb3RuZXQtcnVudGltZS02LjAuMjYtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Ilx1MDAyQm9nZGNpdTkzcWpNOVFZL3hoaGZPWXJ2R09ybDdcdTAwMkJHanMwUmVxdTZXeFpFcVJPY2h5ODlFVmFxbk5PL0hnaDlQNDdHVWZqOXMvWkV3b0ZCXHUwMDJCQjJoTG1nPT0iLCJNYWNYNjRDaGVja3N1bSI6IkRLL2lyTlB6NndnQTY1c0pDem5GRDhsdW51VE9ENHhQeThSd1dcdTAwMkI4N3oxN2VTT0JJLzJLcWo5UXVFRkJVTzdNYkVoc3JQWEpRMnJpUjhoXHUwMDJCL29paXlpUT09IiwiV2luQVJNQ2hlY2tzdW0iOiJsSXU0NVc0ekI3ZHV3MjhBYVRWY0p4OGtBYlx1MDAyQnE2UGc1L25WenJFeWdpMUJIQVhXbHdhblNuV01VdDJRR3dCSk5hRzZNYURLVktTY0x1VUh4dkQ4eE9BPT0iLCJXaW5YNjRDaGVja3N1bSI6IlBLWElYYlJNR2VpNWJMZlI1QXpHellNRHlCUlFcdTAwMkJzZmhBMmdqdlNNaDI2RGx5eGhHUXJPV3JwMUJxOUVMVEFTTnIybkZ1V011T2NqcE4yaTdaZGw3OXc9PSIsIldpblg4NkNoZWNrc3VtIjoiTGNJUzl0c3F4RDhiMXByYnJVangwNDFYRkxrcm9lR3BxbHV6dDI3NlNqV1lVZi9hei9kTldcdTAwMkJJbGpxSmpLbGJBdmRaTlk5Uk1iM3BvVkVpUHYwdXFLQT09IiwiV29ya3NwYWNlSWQiOiJiZjBjZTQ5ZC03N2NmLTQ3MjEtYmY3MC01NzY4NjM4M2M5YWIiLCJMb2dOYW1lIjoiRG90TmV0UnVudGltZUluc3RhbGxhdGlvblJlcG9ydCIsIlNoYXJlZEtleSI6ImpVSVMvVDlDUlZEZUt4WWc0VXIzYUNoaFdRdWNZN1BWdndnMHpIdXFKc2NyVGpqUTJMd0s2VWpmdTdjQTJOcHJBUjByL1NSQVhKWVlsZFBLS0Z5S0tRPT0ifQ=="2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /3⤵
-
C:\Program Files\dotnet\dotnet.exedotnet --list-runtimes4⤵
-
-
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "773569b9-84d1-4181-847d-174e9cd075ee" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps"2⤵
- Drops file in System32 directory
- Executes dropped EXE
-
-
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "d12171b9-cf60-40f6-be1d-2a9ba0a82709" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ=="2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
C:\Windows\System32\sc.exe"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/250002⤵
- Launches sc.exe
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "2f522e33-8b8e-4d18-9dea-3c6940166851" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjpudWxsfQ=="2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "7817d0e8-dca1-438a-b437-a592b898e396" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat"2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "479700fc-da32-462d-a66f-8e0cdd9a1d71" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo"2⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus3⤵
-
C:\Windows\system32\cscript.execscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus4⤵
- Modifies data under HKEY_USERS
-
-
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "ccf2e34b-c7e4-4efa-896d-6803ac356bca" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ=="2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "01d5e223-e483-455c-a4c3-6105b93a5e66" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll"2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "108cf61d-1a14-499c-8a07-ae81cf30590e" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision"2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "78ef63d6-eaa3-4f0a-97ba-7b526648d4bd" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjI2IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzM1OWI2M2ZiLWNjYzQtNDI0ZS04YjY2LWM1NWEzOGIyNjI4Mi9mNWU2NTZmNTdmYmZkYzVkZDNlYmEwN2NmY2MzMTg0YS9kb3RuZXQtcnVudGltZS02LjAuMjYtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNzAyZWRhNi00NTJmLTQ3YTYtYmY3OC0xODk0YzBhZjM0ZGQvNmYzNTg1Y2U1MGI5MmU4MTJhZWQ2NmYyN2M5NWYzMTAvZG90bmV0LXJ1bnRpbWUtNi4wLjI2LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MTlkMjkwLWQ3YjktNDk1YS04Yjg5LTk4MjY3MzVlZDJjMy80N2Y0NjdmYzRlNDYyMDA1NTMzOTI1MzJjZDg2OWFjYy9kb3RuZXQtcnVudGltZS02LjAuMjYtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci83ZDNjZGQwNC05ZGI4LTQxZGItYmM4Ni00YWY2M2Y5ZWRkNGEvODg5OWZmNzc2ZWVkNDFiM2Y1Mzc2YmZjMDk5MTNjMzYvZG90bmV0LXJ1bnRpbWUtNi4wLjI2LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2I5ZTQzNzE5LWYzY2UtNGIwNC05MDEyLWRiMjc2MWQ4NjQwNy9hNzI2YzFlYWMzYjhjMjA4NmEwNjc0MDZkYWU5MWJmYS9kb3RuZXQtcnVudGltZS02LjAuMjYtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Ilx1MDAyQm9nZGNpdTkzcWpNOVFZL3hoaGZPWXJ2R09ybDdcdTAwMkJHanMwUmVxdTZXeFpFcVJPY2h5ODlFVmFxbk5PL0hnaDlQNDdHVWZqOXMvWkV3b0ZCXHUwMDJCQjJoTG1nPT0iLCJNYWNYNjRDaGVja3N1bSI6IkRLL2lyTlB6NndnQTY1c0pDem5GRDhsdW51VE9ENHhQeThSd1dcdTAwMkI4N3oxN2VTT0JJLzJLcWo5UXVFRkJVTzdNYkVoc3JQWEpRMnJpUjhoXHUwMDJCL29paXlpUT09IiwiV2luQVJNQ2hlY2tzdW0iOiJsSXU0NVc0ekI3ZHV3MjhBYVRWY0p4OGtBYlx1MDAyQnE2UGc1L25WenJFeWdpMUJIQVhXbHdhblNuV01VdDJRR3dCSk5hRzZNYURLVktTY0x1VUh4dkQ4eE9BPT0iLCJXaW5YNjRDaGVja3N1bSI6IlBLWElYYlJNR2VpNWJMZlI1QXpHellNRHlCUlFcdTAwMkJzZmhBMmdqdlNNaDI2RGx5eGhHUXJPV3JwMUJxOUVMVEFTTnIybkZ1V011T2NqcE4yaTdaZGw3OXc9PSIsIldpblg4NkNoZWNrc3VtIjoiTGNJUzl0c3F4RDhiMXByYnJVangwNDFYRkxrcm9lR3BxbHV6dDI3NlNqV1lVZi9hei9kTldcdTAwMkJJbGpxSmpLbGJBdmRaTlk5Uk1iM3BvVkVpUHYwdXFLQT09IiwiV29ya3NwYWNlSWQiOiJiZjBjZTQ5ZC03N2NmLTQ3MjEtYmY3MC01NzY4NjM4M2M5YWIiLCJMb2dOYW1lIjoiRG90TmV0UnVudGltZUluc3RhbGxhdGlvblJlcG9ydCIsIlNoYXJlZEtleSI6ImpVSVMvVDlDUlZEZUt4WWc0VXIzYUNoaFdRdWNZN1BWdndnMHpIdXFKc2NyVGpqUTJMd0s2VWpmdTdjQTJOcHJBUjByL1NSQVhKWVlsZFBLS0Z5S0tRPT0ifQ=="2⤵
- Executes dropped EXE
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /3⤵
-
C:\Program Files\dotnet\dotnet.exedotnet --list-runtimes4⤵
-
-
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "2604e228-afaa-4d06-b9b3-e917d4ea6f5d" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded"2⤵
- Drops file in Program Files directory
- Executes dropped EXE
-
C:\Windows\TEMP\SplashtopStreamer.exe"C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=13⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Temp\unpack\PreVerCheck.exe"C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msiexec.exemsiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"5⤵
-
-
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_session_pwd=ad9d2464b472e4df654929430a73ef7c&rmm_session_pwd_ttl=86400"3⤵
-
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "85b170bf-02f0-4334-b5d7-1da3ef41f775" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates"2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "2f7dfd04-66b3-4063-b0e6-c6b473c30951" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps"2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "9ff4c982-0423-40e2-98f1-f631c05c8d25" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor"2⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "3ef6dc95-6bc4-4f27-a6a4-30e2212636ea" agent-api.atera.com/Production 443 or8ixLi90Mf "probe"2⤵
- Executes dropped EXE
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "d668bb56-b00d-46be-9b3e-d40cd72a815d" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates"2⤵
-
C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe"C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "65407d2b-7c58-4a5c-9395-7b95eb3d0596" "d668bb56-b00d-46be-9b3e-d40cd72a815d" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates"3⤵
-
-
-
C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 65407d2b-7c58-4a5c-9395-7b95eb3d0596 "7817d0e8-dca1-438a-b437-a592b898e396" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat"2⤵
-
-
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe"C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe"1⤵
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"1⤵
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"2⤵
- Sets service image path in registry
- Drops file in System32 directory
- Loads dropped DLL
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe-h3⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c sc stop SSUService4⤵
-
C:\Windows\system32\sc.exesc stop SSUService5⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c sc config SSUService start=demand4⤵
-
C:\Windows\system32\sc.exesc config SSUService start=demand5⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe" /S4⤵
-
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe"C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe" /S5⤵
-
C:\Windows\TEMP\~nsuA.tmp\Au_.exe"C:\Windows\TEMP\~nsuA.tmp\Au_.exe" /S _?=C:\Program Files (x86)\Splashtop\Splashtop Software Updater\6⤵
-
-
-
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"3⤵
- Checks SCSI registry key(s)
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v4⤵
-
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"3⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"3⤵
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exeSRUtility.exe -r4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5aee3d7e821553cf2d56b5aeb9fab0468
SHA1ff4a49c461634481531193cdd7e074adff81d870
SHA2560c8b06c76b74459b7eb8222305eb1b97799570a1e17c80b29e8f677a13e8d2fd
SHA512bbf0939f475d7b8fda96085b2150cae6c5dbe6ff40f62625697db83dd48905b1d0750faa961d18018f39e1aff3b42f6153c82582d519535a8f1319e6a106bee1
-
Filesize
9KB
MD5a97574d92e60767a46e897a17594b1f4
SHA1f19bcb692a4c72f42f8a8c57a6738e0cc46288b9
SHA256424a9bfbab548fbcb9f0c285c3bd1169ced5edc743244c133025351945833203
SHA51218583fc985a4952b9796a2756f667b363c1993b0a606331bd30f44acaa1fd65139debacf0b0321831e30eec57484bedad36bd78cb756d135fc7d736a30b7474c
-
Filesize
8KB
MD53f57f8e8b557438a4387cdb40e3493cc
SHA1263115d448c89f7f4dfdb2e343daf23b2be687f9
SHA256ff36686b377994b76009f9a91d6aab134fd211ea47cd1afa62e8ae4c7fb8d245
SHA512a5ec4e167f6248bf5f48b5ed62fdadb6beeb73dbcb7ced43a239512d7401afd533c4a96f49e0458b1a164b479c0074c2be3088c6ef55428d87ab1e107cccc887
-
Filesize
74KB
MD55f9e43dc60ee9cdae6e708ba56410cf6
SHA15781ec6c0792e009e7ff5fd34683f9e02454be11
SHA25663cc8aace12e6ca572062f0f060e4c3f8af8be71b5a4dbfa08763831bf80949b
SHA512de67c2b8889176d48b3e29b92ef942cbe192ecb30aca2548ec2126c852972c7f57703d1ccc6885c226c77789bfa7ebfb14a142a1d6a8361daf882296f987d588
-
Filesize
480B
MD564691dffe33ad05142b03a658924e5cd
SHA1bb5c9ad7ddbc41fb54204901e67a665cec30e299
SHA256603822efe4c9c7699c415bbdbb149b9b9f53494ff81d50bdf627e1ca4a90011d
SHA5126dd364d24b575d780f85aaccb961e7912983ad425e2c50cea58a7fc4c99712d33819bf2ced3e00255e4ec14a8882834e18369bfff21dd50e42ba6b270c0f267f
-
Filesize
1KB
MD53840b31c383fdf49bfd6740d945c9032
SHA1a6f50164a69718bcef4664d7c47534f0d721866a
SHA2561f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64
SHA512f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d
-
Filesize
305B
MD527c1adfa459a0d4c1a3ee1e4e92f8e0e
SHA1e21b1152b78827c8e59d84c541c190c099297632
SHA2568e88d3edb3da0f6dfe4dc7716ab64256fab189429a6690b129d6789f7eeca49b
SHA512f8f66043ad65be01a11e130ccedd14a1e638950bb95999e650f62362c05e81d413d330e87cc5fdade02776fc742ebf96331a3752ab80eda9931041089563ae36
-
Filesize
140KB
MD52899046a979bf463b612b5a80defe438
SHA121feaa6f3fbb1afa7096c155d6b1908abf4ea3b9
SHA256486b2c2b0ca934ab63a9cf9f4b660768ad34c8df85e6f070aec0b6a63f09b0d8
SHA5128c60eb0d9e82326543f2fbcd08783e041a7f5598723666b1c9ea5df7808d0c4947e8e64c2dcd46331bc3dbc38c6ec8b85ed2fcc5b97eaf0465ea624167829368
-
Filesize
1KB
MD5b3bb71f9bb4de4236c26578a8fae2dcd
SHA11ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e
SHA256e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2
SHA512fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71
-
Filesize
209KB
MD5a41c23558b3c07f8c749844bb553d545
SHA18473013cf5f2be8158c13f1056675d1cbd10586f
SHA256a6193fc0a09ad7145fe38494bcf67fecbc10c07a5f3936e419895b018e85a766
SHA5125930f14f3be4aed70a1ff93dbb75022c2d947a0a2344031992167d72192e0a51d207fc2255cb0ca1fb21b20b1277a528bbf739bbdf8676f7a0786efd132b436f
-
Filesize
693KB
MD564e122b28a1e548c1cca376e32cdd248
SHA14506de40b8422c9be58333f35325a86674ca650c
SHA2560ee2dd095b1cc4c3cda44a237a188e16c8614c107ad9d37ad8a581473ad42215
SHA51236fc7dd056303822b23f9173b43522dee23431a419bdbae43a850e87f37b936b34ed2ef5013997d6d8b59d74627d55b0cc622da751d3ed828c850c7982a0d8fa
-
Filesize
154KB
MD5e3ca6ba742fba06522ab0fe063c620de
SHA158f1e87ae1ac14cf043c1af4c21d00e4197c712b
SHA256f03771bab23cb012beb6bce3618a45fa6d06e3783a67f5f78bf0d9f41a198079
SHA5122de5d08a4a33c03f828244705e4dd25a39d7d56a82c5fb1e5512d10d133d30a6cfeb2dde182f13288e5e0bcab181d9b4636d65db2cf1cc54c834080af0348bcc
-
Filesize
156KB
MD5f52fc50d7cd546aac6ff5b3b6a81fef8
SHA1acee5c531f18e3f9a740fc510a363549eefb6d50
SHA2569adcb96da9b2af3e1f7baf2995ae288721ea14f20c708f5ed862e5b93d33a8e6
SHA51246bbe96cb751fc1af755d486a14411ee03b5c3ed1883b8e5b00e083c21d417fe6ffa0c205bd22a56f38df604621bc443a1f610c5c39415d5b90010614d2f09f8
-
Filesize
46KB
MD52add1f7594df835ca2e2d0dd4494bd13
SHA1c39884219b3b4ba3125f9ddbc20d55757b41ae61
SHA25659b970908d00dcef9f24b9d74f331bcd1986eaa1543de10ddf27f6ca97351e71
SHA512430e74c2acf0921c5c0b89c82367e096267059a2f0ec2d1c932b7b94c3ffa39bcfc80cc1f95858fb5b574e2469d1c3fdd75655b74a9603981ef5cd3ef2744423
-
Filesize
163KB
MD53723dec9f9f58e9548cf705a08272aa7
SHA10eb60973068ba24edd449bed2be05c64a17c46e7
SHA2562906684ef97d39b4aba921be2728dc50458b66045c328adedc33fe483a7ca877
SHA512469b8ca4a0dc6433c90c141320ddcdf77e6b529f660326b249fd4a9d8bc22281079fde6ab71e02b03656f13f5af6d1c4185ac62ce470786091794b33d1433530
-
Filesize
546B
MD5158fb7d9323c6ce69d4fce11486a40a1
SHA129ab26f5728f6ba6f0e5636bf47149bd9851f532
SHA2565e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21
SHA5127eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb
-
Filesize
12B
MD5e1d717a53b79233000376e06e7e818fa
SHA1e9f5a584cc49acaf36d4837802b9a3ea7b5144e8
SHA256b670eba39ceb4441a7c9b00d2ad56c22c762a985ab3620fa2df94af6a05d3bc0
SHA512759a6ecbc46bac091a9c712f69125ea739651b185d1ffb26f79bffaf0d5c79ec10f9cb42408e098a89f0408f434919500cf07314ac4eae0948e4aba7a099178f
-
Filesize
94KB
MD53ca5eae6bc6b5b68e86d7e94da6680b4
SHA18b1506e53cd0cc830450cf864bc300b9b249899d
SHA256d297eb8b6b451e47bdd5118a311c30220a392c2e1c606004d822b8db978f6855
SHA512c7d19f1e66d50a0891284c9aedea9bbed9fa82c0aa119c6c6b1e3ef23167727db89c741a70d8673d29aa652b1f97c61f821e5609d16151749f05b83816cdd16d
-
Filesize
687KB
MD574b54353c4e2834907dcf55d0c329050
SHA1bdf81278635673ed3c3f7d9243c56338b18ba950
SHA256a0fcf15c913a9871724f36fd280aa3654a1325c24c46da42704fb79c72860608
SHA5126b4d54bd31310fb5c1936e64c5d1fc7213fa672db1ee18953b62491724c6c407632f9999d8edcab9f15a8b99479572e11e00194b2be3008ba238a5675cdc44f1
-
Filesize
25KB
MD5fd9e8a53114dba71999e09386fb6ff83
SHA18b24a77a7f8cb1070a8207ff9abb9b8b7fe8a679
SHA2564a7d1e7fac5578c585f0d5598f37245bf8288ca654f4d8bfe9935376256b3dbe
SHA5124412e7b8feafbc140a74ff431557e4755fb5a0da15de85666e58a414f378d13a9a23f7e84f7167663e00d95cedddea425af96f63be0a13dec8bc704f71fa7d0b
-
Filesize
214KB
MD50f130672aa993be9264cdc9900b2d9a9
SHA183dfebf1ccce15592b4b250e373cfb768934bc72
SHA2564f3dfdb6e2fa63309466035e0efaabc321659bde04f2d26ebac7ff282e3752cb
SHA5121d2fa98f45c732cf2ab22fd0a8cb6c1d54c09d0118c358c5a511b0a57fbef7cda7b2181b58c70023b1f3ea9a6af5c615dde995b11f6aeef8d917779c46aee931
-
Filesize
31KB
MD55c33b399551c1ff47d5486c6556121bb
SHA174d49780496b0ed524442aa95f6eb69bc83ded18
SHA256aad2956ff675d736d2d98f79aefe3f5fab742846a7f7eac0b796dbab69acd3b9
SHA5126f9c4fa63fb157248a1483869e2c4fd071926a08b396df163db6d53f637c1a0dcb7e4c1315f3bafa438f75a08084ca8cfd7d5fb485316b19eede00814393e74c
-
Filesize
3.4MB
MD581631e3788900f3d082e8aa7d856f891
SHA1bd9e5fdcb27debf5c7b3e00adaae2a704c287b7f
SHA256067456a17bef5440d269fb30fd48032b3d83c52d693d5c82ca1a370be1bc0bf3
SHA512b1da3b21c655af96dd060dfc485258af1c5a80b07cab89f14f7ea3ca0c8ab93e50037c8ea8d925a1e3bedf6f5a1079f56f3e912d387fb15ccda15840159ecffa
-
Filesize
12B
MD594fb323992e48f9d4a3acb5c1e88d656
SHA137a26436c73fb82cb808e56de98ed028adb2a514
SHA25687cf69fb5b332d110b0445fe784c12513a1154aa4393e24e4c4ad489049fd99b
SHA5124d41cf9ffbf90b494ef8100ce88401a92232841907ae464b12ddc9c25f92f1bb1411bfad6ce75a04dad275081174db8779e3def6af25aadf1b4b2dffa9eaa632
-
Filesize
385KB
MD544c39bf8425d1201ac8c003524ab1f6d
SHA19ee7caed9e7bfeafccddd02726da2fa4950924ab
SHA2564de559a6f68aed57a56773511cbcf08a204cf32644cd6d794f67d7a0a0cb3316
SHA5129fe8f6c39d31965883661a3e225a039861b23d545545db75ca4748c7beb50612e86458c0be50ec41241a06958e9ef128f46ccdcc173c09c222e2c7257734dd9c
-
Filesize
1KB
MD5c6ecf24757926eba64e674bff8b747d1
SHA13a46083826c20e8e085c42bbfdfeef4f9e2b90d9
SHA256c3ec04142c15b0a237e72ce1c3c85d19cd1231b9824f7a9854e7909a74b7becc
SHA512efabb9883adb098a90115e8938c92b76bbb8d2eb5de170ecfa205ee949a2d722e0f97f6e01f9a71ac8b5fa2108b9ff82fa0171759d50e30d0ab5fc1948bdce15
-
Filesize
64KB
MD5d180ff7e7c71e01f07fdb9fe124804b8
SHA1151dcabab8bf10ce179f225667bdc2acec725e5b
SHA256aeab12845410f6ed1c56a78f2dd0bb3d072e24417edcb3dfc8550fc918f14f8d
SHA512eac0cd257be1b9f512147f1605eb50c4337b353c1bd6a2ba84e2ab13811acdb4f56686bf48afb99be27fc8a93e6ce52419daf78184cd1db707aa445b708c8154
-
Filesize
151KB
MD5c3d7a0e65ff83cd9f143aa3cab2b7b5b
SHA183291f57922d7ceb203a793e69d1aaf8da5aa288
SHA2563bb327a09a6929fc85d6c8286d2996bb82d1f1ce68b117ebefb522b1e2056960
SHA5128a0df1b1c2723607b557d7a4be482d099229c2c863a4a390452a036d0311c280dd6d388d6b5759b14d3eb8787d4b67dcc4b39a1dbe52810f82e756c18a5e0efb
-
Filesize
862KB
MD587f396a5611ebde1f26ca0aee63c9bc6
SHA1cf2154ee6d8989c108804ca6415d227c889ccbe8
SHA256a4b4bd0442c2c376917ae441d3ee59a299d202ee0277b967e7e9baf076c6b271
SHA512506922bbb8771c2a269792f730bc277d812bb53c5feded003ee9c60acd8420ede07ea5fc5c2688fbb9696f7f2e3a55cb7b457b017d4e011054ba11eed57f6ac4
-
Filesize
693KB
MD53ca5d328d909c76b43fbb58fea5e0d4f
SHA18261d45ef9aa6c94bd72a01b80b180f6beceef31
SHA256d94fe016a38ede7c645dce77076167475682e2871d5887cf1d83c40bc8026bb4
SHA5127b688688218fe4873f307539563415c349a0347d11048a8f2af1adb25e07f4b84a8c6cab4024f4f22b73c31dc3262413513ac78b99959591ce7b395c1413135d
-
Filesize
286KB
MD5262f1c97c8e49a527d44c302568e83c8
SHA1e8060b1613f37d7b26cada0a52752a53663921f2
SHA256748dbbda6b1f55f2ad4f0cdcc2cff8376abfa4b45ff0219f86adb24ffcb8243f
SHA51212687a3eb11ac1eba02c6ab076b920a6380f1df93cd9a79a62f7966cdb2cee6f08e31f573fb497d5211f56335df58ebb0021bc4049e4254bdb4da54fb2bb0bde
-
Filesize
270KB
MD51b0509b22d4ebe1d5e0ddf2ef48d2916
SHA1370bd80fd4834b2ecc8daa3ab7feecc06c6d48d4
SHA256e5e742e1c79e2e1777389ae54a20b6afce32ebd69a49083b60ba0d685f100967
SHA512836d17e2e333a4de7711bd0448eca9f5ee2b859a4a24d2b3bcc2f984e15befd21172fd822a458703ee58f95096188cc409c7d9f6ff01128fbc6ec18ded427d8a
-
Filesize
277KB
MD5c3888dc400a36905e2eecbfd815e220e
SHA1aaa531c1cce9a340023bc79f7890abf242351369
SHA2564e11cf3a8e43f8dbaaee073efa513009c492e64d1f89922511aa5e08f8967cfc
SHA512005e24b5206f866ac294a8baa7a3f48af53ba993af3da24546eecb3aaf9573f3c04604aebd83626a3b7dd3fcb9d5caa0b6f69cc4ad3fee4e9ea0c0a0adf787d6
-
Filesize
399KB
MD531761bbd8eac4cb1bdf9c0b0a67d40a5
SHA1f88d78c6bd1f2fc5e87e4af348cd7bbf07648c4d
SHA256365bb1d2f0c95230d67c92f3275e44cc2c829afed1c624323c40eaa42c42b6c0
SHA512460986675f4222ece5538914a835e53f5da104b4c625e672d34e398690f83805bc89691f2b591e32bf40fed53d9ecc5ce5b160e62c308908ec7a20a493e652d8
-
Filesize
48KB
MD5d5b223cb25ec2ecec2384c1f0850de91
SHA11c408b8c1a1ad90a25698c6f561a10db854f7f9b
SHA2562c4947e07954a48a14848f710af8f241a4b413f1c314e4d7128ff97dfbe1d425
SHA512d18995e6cd95b816ec4248a55d11d7968c3f9199e44558f75358203ece400ae2a2183c0f145f5140988a43426c8d6a3efd167e748b1a521329cc895f40c0f238
-
Filesize
1.7MB
MD517f32580ffa2e18693e58fb7659b998c
SHA16460f12c4550ebca70aaa148531580ca42cab2eb
SHA256d64ec004270373daf7d1861d62f4dcd1b19c7a84d42d2a41f16e6662c962fce7
SHA512522cfbba3f8dc65b24d2815792d52da366007ba354117c4ba0f2cd00763359ac4806249cd24400570394618d26c5bc648c6fbb23f6ce857c42700904995746d3
-
Filesize
189KB
MD50abcddc5d5030a547db34232f50fe20f
SHA139b9a26b7cd0a5a04bba69b934918b17b4dd36e8
SHA256dbb0955bd2b4c0088fc56b633bf3ec48624159afd68d8092ca7d0224da442231
SHA5122d933d6fe444e8e9919a8dab5a31b13decc805b662b685d62efd6983cad455649ef4b275f0f871483ccc3164355d7c920684e7417ec7eb05f8931a10511615d5
-
Filesize
48KB
MD5bcea673768ea4e64d96b426fd0dabef1
SHA1782e35b1904e1e2f86ae0e3ad1f8645d860cf457
SHA256ee853ebbebc9cf31540b00d50d404cfd868397c087710c4b6ee4fed230e3981c
SHA512de6c60eb30c5c4027920a78bc48c72848f1e31c6504a6bbd710daf8cfdf8f0acd2be320abdf5a4431d03e377e8c5e167a2e95ae9571c983a5106e0bd00c6b14e
-
Filesize
53KB
MD5b2fc69f3f118fde1076848d3bddb7de7
SHA1c35f7d35e715fdd6656f2dab5302be0df2acb27f
SHA256dbe8c0ffcf0eeb12ba6cf1303ce1feda4d9a866a41dfdeb94f5a49bb6cd43e2e
SHA512e13e2c7880fd2a4022747837fd0fd1a8cfc60fea8a418c165c12e0db34ac9effb113d3d1e183be86affdb71a46a885328ce6071c32a129ee64e9a612ed8bd114
-
Filesize
66KB
MD5a9feeb4fab8f35c9a015be172ee8bf8a
SHA1bd8b6b68ab66d6b83844b5fb9a37762ec9984b26
SHA256f05e83cb0775daf025426ad9d3f2668b2000646e01a953f63033c64898f07631
SHA5126612b9a742d5fcfab171ffb049c45d118acad7062bbe13c00b72c96dd85ba11e539bd74b21e1ca147de151300f3acae8864cfb1e9d1819c660f0c0fa0f660f88
-
Filesize
541B
MD5d0efb0a6d260dbe5d8c91d94b77d7acd
SHA1e33a8c642d2a4b3af77e0c79671eab5200a45613
SHA2567d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102
SHA512a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c
-
Filesize
44KB
MD5104da30f344fa2c2a47f7831b8084bcd
SHA13a14aadbbe204ef694b648128334e41b546619c7
SHA2561394ea09f30db994bb8bbb5ad99d0e143eed5064f78889125736223006529925
SHA5127cc7c4b859b73bdfaf24fc30593452be80d64e52b02e4abd92d831901591736a9c8c9e47ef310010f389f866e18fb1394aaaa0b520651932ed5c6f9f3e4b4241
-
Filesize
30KB
MD5194d372fd98820f5d3632ba7a3fe2198
SHA1c5fefcf9957f62b25873d30de32551fd1a596e88
SHA25608a1bc2a8b4faf85dc20e46de6f2046c980625e68dc7c43596574ce122948d61
SHA512db9a905b9a548289b95f29b41e65053151a2badd994d3b5f627010130682232f1fa642d408267322271795d1a23ec56deccd12dd3b9729406ba89ad777144067
-
Filesize
366B
MD526e7faae0a4aa19676807c7c61b3d039
SHA17162da207e9c164b1e3229c6b219b634743ee210
SHA256bbaa2125f9a5e49418ad7b23e0d4a182c551f0314111464aa61fca9537933471
SHA5128b125cadcaa6fed50caf3862d5e71709fb259a66c7aa6c7045a7375e7d85157089e4a5e70ed973277ae95f7e9bb40cf66b6024f5d18f234d5b579ca5b8cebda3
-
Filesize
432B
MD5a67f90a8dad4e0122ed387c45e3dcd02
SHA1648515c288031318fe0861028b3e6c80413152eb
SHA256369f6e32f6c2f958437a57b57aebbcf0618109787cceb1db18e87cb5d1fe1d63
SHA5125c9d6f17bb441f0f85deb716a4d4f48b8ce8644202c39af2619b5aafe57bdce733b17c7e3592a040a14e25a56879c14c83fb22c907071c36ef1d926c16ac4d00
-
Filesize
520B
MD543fcaae8558f01efe0d4eb1b5a4755f5
SHA1ca9fcb47c2a730781eb96ccb8042516ba6c59733
SHA256c7c3b6a6b726d0032abd5b3b420aee61d1b8db61fe9f3284d947bd401fb9bbb8
SHA5121837e954b63abd79a0e671ca51783a541346fa45e47c94c69b55fe345bae274721885626b2143baf41ba49315059df89a7fb634ba920317696050e7bbb8efed4
-
Filesize
50KB
MD5359325e26281f6d0f1d8301710d8fdb2
SHA12ed1ea282a138b394fe0db4d9d403896e34102bc
SHA256edaf1c2640f2fef085003fc7f831447fbef391d1eeb0aa9ca5ebc021a4759869
SHA512fcbef79be0ef4b5c3b46ff9c4f29b2b75b82b32c52792d045a53f2ff2d1ff711339474420a09b2dd315493416b41d4a1a794f867f9717e5e876a5536ad962ce3
-
Filesize
588KB
MD582b17dc9838e1e21e5c6f53d2867e94a
SHA1a09bfe6582bff9193337cc7dbab79d0b6b723205
SHA2568e7210c1cd0955aeb4cbbdce362d4c450e0bf1be47bdf263fbf2789a4d98fd00
SHA512c1b259655e2514449366f2d150d020a1eabb0e67af29c5e26c3a00f1d84d805216016c306d48e37354de09d4a056dc071c0d0d0d36f8ec9775843e6ae2712430
-
Filesize
158B
MD5101ae1794851aecb0e6fd87a7719aec0
SHA19bd50fb247187bf2eef1217eca65c849330d5531
SHA256ced412cd55013900f3162af4e00ca278aa3c397f7c0ea217ba187a8d585ead97
SHA5128ed095e7c9a53aeb4391b5d8c1c91a033ed4e10177c4eb3ca216d4c16ae6aa94e83e9e5cabb77958439cb1ea079fdb91810276b37e306bfca2048c0709ee936c
-
Filesize
196B
MD52f6f87bd09be5725e1d23ad64c0504be
SHA1f25f887c740c7e80bacbb4edf3073afff82d139d
SHA25651a46a023ccb1ee2abf88f368a84e13fa57364abdd4e41f738f3b26a985af974
SHA5128b4fe75238ba2be573a2174c5e0c7222fb1ea2e10df38eac3c275b82c48d092d692824081327811b705013eb6469421bf3788f5a7e8fc3489a138931b0edac22
-
Filesize
9KB
MD51ef7574bc4d8b6034935d99ad884f15b
SHA1110709ab33f893737f4b0567f9495ac60c37667c
SHA2560814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271
SHA512947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73
-
Filesize
10KB
MD5f512536173e386121b3ebd22aac41a4e
SHA174ae133215345beaebb7a95f969f34a40dda922a
SHA256a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a
SHA5121efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9
-
Filesize
76KB
MD5b40fe65431b18a52e6452279b88954af
SHA1c25de80f00014e129ff290bf84ddf25a23fdfc30
SHA256800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e
SHA512e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d
-
Filesize
80KB
MD53904d0698962e09da946046020cbcb17
SHA1edae098e7e8452ca6c125cf6362dda3f4d78f0ae
SHA256a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289
SHA512c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea
-
Filesize
80KB
MD5414d3fc2699569ff9f8ce21c79489a86
SHA17dd8b319a551e570a18a12f880670689355d75ea
SHA256cdf798e6fe61a05cebe4d5b14ad547f9a3129f378ec39b895573bee8c16ea8b9
SHA512e51f89d6dccfa03dcda1770b714e5112ed6bdae11a1189f9f596f5c16e6e78d165b32d6bc80bd10c18ca7f39c4d799c9982d7229fb121f5cbc5f606639a68020
-
Filesize
60KB
MD5634bc0c41fd7861545ea4d020be2ff20
SHA15b1b7c7f0ce0fd93caf8a0b6f2efe0fe4446b762
SHA256c3f2c7c91127cf7deabd262c7167399c81a8440db61290f293818b458633895b
SHA512478806bdb21984c709886094c155bfcd83dbcb57b5b8c1417555355f76681c7c8c0f63fa02349b5f6bdf7788a8b5e7efacfa0b5417d8222145cb0e9b8ed36d27
-
Filesize
287B
MD5fcad4da5d24f95ebf38031673ddbcdb8
SHA13f68c81b47e6b4aebd08100c97de739c98f57deb
SHA2567e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63
SHA5121694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d
-
Filesize
7KB
MD5362ce475f5d1e84641bad999c16727a0
SHA16b613c73acb58d259c6379bd820cca6f785cc812
SHA2561f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA5127630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b
-
Filesize
1.9MB
MD50839967f6a7825e2ec897f7c7864727c
SHA1c9c540c0259b07870e7f68be62b70f852a5b767b
SHA256c3fc47982d670b544c9f7b98c5d7375ce12e45b63180773de57c645ba42e5d8a
SHA5128be156409b59d4073d80b4f949d2fbee178167a6d55089bf9bda3da8eacb8c52243bbd37cf8d1f1e3dba611315dcefa414e80d116a73bb491284c380811523e4
-
Filesize
1.1MB
MD584fac5e89653949fcd3a132fc8bbbc40
SHA1f3c939e86538de163bbb2b0adacaaab615c04ef5
SHA2562e8ed005f3ad4216798ddeb2cae212986702ce4509e86bc3d3e84921d59e396c
SHA5121d249c5d46cfc2e6a61ace6922c3568a55dc9ebf4a2f4cf3e7249df5b86b149a79b84a615383bd1c3333b9498e94d68a3dbe92b4325f17de0b912eeecc006719
-
Filesize
256KB
MD5c850af1b1e2e5d84d04478bfba17681d
SHA1df04f3076310b1326bae8e44be28273ba8267d05
SHA256ea8b693c4e427a628b5f7bc5124ccbecc34c706da8206db69bc26257a65a760b
SHA512b072b517b7705d23925d1ae22500d8356ff8087c70e183a07d2e410c31d3651ced288551a92e6a7431791e56091af09833bb2feaedc0631d71708fee3f7a7dc5
-
Filesize
257KB
MD5f54436dd3ee2ac48146afa2446265971
SHA1b23595b5664910bc7a9fd9d6bfd70ae13016b8a1
SHA2564737f4cce3aed5c4e553aedcdd3f06be6a2a9c024f4f05a065f36147946675d7
SHA51287cfa10cf5eb93db5b69a91a146bda33e3dbad8afec3a45d7b2515640ec2b160ee91c52eb28170174f3a252cf9d5ff048602562ce229853a9b0fdc3535509483
-
Filesize
812KB
MD551e384a5446e10a5fb9a152f56554b01
SHA1616c1f36bae6ee3ba27082c8d2e0ab5e352e9ff9
SHA256ffd03fc476413e2686c0d9fea0d6f2862c341991fbc1a9e21ee7f23b332de22f
SHA5122470cb875e2f3278c4f013bb146aecf07f4aae01cf080156511492ef50e40b83b6918d654d61988c1ebf541b07bf7c4b398023035c9fd06de7bad07430c78450
-
Filesize
1.2MB
MD50ea2b575392ea7632732b37c5cccca66
SHA1313e0fb4ac84c820f3433fc01d6603c2c6bf90fd
SHA256de854de77d86569c1d3ec2642d47f1961eb4c33ecb78ba1e6d6c2b04ac8f0067
SHA51277e3f27ab579e45e3bb28f55a98d8858410cec249b6847fb9569540acd2a59692e70a8d71e2448593101b85f1cec8091ef40837bed9bfad7c26c3c04133521cc
-
Filesize
48KB
MD5b4a865268d5aca5f93bab91d7d83c800
SHA195ac9334096f5a38ca1c92df31b1e73ae4586930
SHA2565cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203
SHA512c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b
-
Filesize
48KB
MD5d5c189ebf6e0c11caf30527e97057d14
SHA14873030fa43cf2143bac2be96c9a197ac61193a3
SHA2566b9c31b640282fe14621eaff31565f6efbb04d5645d3261026a68696db6b3a53
SHA5120457a42175e4c284f428475add4597eac123fc982b46da3525a3a3f2fccd8d7e85689f2473392e5a6123cde677f6f9c0635921bcb9e41d26179ac06abf4f5f0b
-
Filesize
48KB
MD53b53a7a57ce24aa8e315489450d1069b
SHA11930c384bcd4e2a6a0bcfe5fca3f802cb4058517
SHA2565ac019c53844822515e66350d706e53d1d82dd0d953f7dbd46fe17ee89f2cc03
SHA51285fadf78fd02c0522199f8c9152789ee1071081166205c4f859896a84e7b74a79045605fcd8265c54c7d2970d0bef1ffaea7a750f72dbf4d13af15fb7f8edc12
-
Filesize
2.8MB
MD5c1bf52ee4269fd0d828f87f060916bb1
SHA1a93b06f7c0750911221cd311c5fa0a691710c7d5
SHA25675ddd489737eedfe8734552bbbc3593a17bea1d8a28a964d3ee8dec2090190a9
SHA5127faf5a2bf746c6c39644fe3daf369a2bf88bafa356cef2415228e871162a7fd04146d3d789f47cc04e27f910ac6fc5f14ae7fefb63d645bbec9ddb01cc8a6f41
-
Filesize
2.6MB
MD5f28ce55ef79b8ba242afca3bd8cc0513
SHA13703d9836f3bd3ab428313d0dffc3d00410632e6
SHA256fa7f7b73e090daa8662118e1db3ba95b6425ca296d5daaeb39ddf4575282f2f3
SHA51244c5820dd70d1fa925f0308b48121e649e92ce8f2dbd88f747c5691c478e590de94fed4564bfabe6b0fc9130b694489e721d126b329066a87baf2a9f833673a5
-
Filesize
1.1MB
MD5a603fcf1c73ecd23566d0d8089b04e89
SHA1f73021ec8b2d29a0fa80a50edb14c464dc1d51a2
SHA256a7ee72ee7c08c185b3b2d376fa468b9f9ba7d4259bd7cbf6d6e8add5f8ea8fe7
SHA5125c5922251fe4f7ba9f8708229654f495e0a1bb61a48318bb0ed0820a0c29b94c3f62b896f6c23b2051eccef49a81524e1b6c25e98f486203d69bdfba287e7e7a
-
Filesize
331KB
MD5f4fcbad16f581936b9157c1e4cd4c17a
SHA16f38fe22258075724e7e7fa6b7af231f1ba46e42
SHA256a3b68ab87740b148fdd5b9cba2077373047b9174a9edfbe756aa5343d55de81f
SHA51266cb3274e96152f48f1c48543aee96cf79d050695a2896fcd3f089ed100c2255c2a122ec3a0210e8c1a07aa8a046dcd69b1c9e318ca29a07de2191274e83a0fe
-
Filesize
353KB
MD586f9da8aee6d44f3baff360a3eb6fc68
SHA11da7357c75fd74ee93206cc7a35e03cc9b327da7
SHA256c2e921bd0bc0ff049db43bb120d7338d2eb51228e732727187268d26810df16d
SHA5120e6294f4395ffcf2456213f701ffb844ea2b2822c05aec1cb683f948b6dfd2393ee06ffb50fa035da8692bbccefeafb804677d0be0cf1b16fca673d5f8194d78
-
Filesize
567KB
MD5ffa8e311b03e0086a9c124ebc241f9c1
SHA1d06b1b1e91d9dd8f79e454490cedd277bb3827a1
SHA256318c7d7b2def9fd2bcb2769b50087714f9d837e3b170b60284d708a9dd73a92c
SHA5124e553eb9c05c3f80db89c4cbedeb444cbef4b4e221f8641429a55e2b1129dcd5a203d2723dbfa2e3ed576bc81603570b9d4df4e4043e7e696d0f9adfc10b9200
-
Filesize
27KB
MD529f288f751fbcea5cd75ea9774882787
SHA15a4c30382c63e29e848b681d39cc213c2198e12e
SHA256711702eb24803788ce601996f90b7ef57eef1f764f7aaf3a96e2196ed4a9533e
SHA512b7fc0a739b33e79232ef506393cf90297f4d41f165f34b5be50648d8a1967419e1f0ee369e809d5c142898824e8b5a3784106d33a2d1d72cd811d5352f4bbd60
-
Filesize
16KB
MD5b2e89027a140a89b6e3eb4e504e93d96
SHA1f3b1b34874b73ae3032decb97ef96a53a654228f
SHA2565f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982
SHA51293fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19
-
Filesize
471B
MD59abfa0026b796b2b4c474f15856623d5
SHA14bcac56e75dfac0dff2a1afe4dfccb38983ddf9d
SHA256958b9885c158e596f721373a787b680dd30a793a5620545b6d038eb6761614bc
SHA51212e703681f826a57fe73268611e49ec077e531427c16b034e45c9435e5faa19cf0b2117bd803b041501bf199965ccf4abc81c95639a6dbbb3777c64be137b568
-
Filesize
727B
MD5acacf23d53fada183c9e96be5834f2c6
SHA164ad8008fe5a583fc141c68b77da4f768b24f57b
SHA2563bf90b75af73cb7be45748ce7a0aa083cda22cb817fb5265496490102cca6d05
SHA51211da415131ca37d9832f3f4e3e5ca2d3e9414b0c40233ff1a738eb7e95dcb9d4e0e7935b0e4bfa8d1f2e4b148926e9935c0b2051b83784b1bcf8a51eb8df20e5
-
Filesize
727B
MD57919a6e82e13fdbc3b9bceff3e812dd9
SHA19e7a44e513d57bd7caee81e3d53bf01d44dc06e1
SHA256e6638bbbd6c7095af8928670b9a5ee874ecc1b40778cd1226614f1db6d4e7730
SHA5126947c67e7c9a1281083ee1494ba504fa31d78c636650d7efcd12b4a16aaf78d1b077e2be3b94cf36d4fdc7fb70848ecdf76759f69b3f5c5bfe5d2563137482c5
-
Filesize
400B
MD54864edd0582ec3b79d84abf6fa9e6352
SHA1ae2cf3f1b436406d58805029f74674bf327670be
SHA256ed44ef8fe7e656259f2a6640c8cdff769110231ae1d72a3b2107ab12d234ce1d
SHA512985f530b2ba75285aebbca5f9cb2859b64eaacb99464a66c5e9480efc6893a6e8dd8519279f2349df666c856a96152278d583254123e1719d21b693c4efb172f
-
Filesize
404B
MD55f7e36f49c862f21099b8b9e3a678412
SHA1dc5237fa97452485f4da6fe2a5e9b973e211615a
SHA256a18912361ad57e852b792ed5659c0c3b8aac021dd85eee01b28e5421b55ad5f7
SHA51270ddedf0e7b0144148705aabe05afef0c1e7835196c2ceed2804f5ee17dbbccafb97cb3deb84d040beb1b4852d2ab060367e7b663f838088eeb99e62b9ae6731
-
Filesize
412B
MD52513f7fdf207bf4ce1b9a14bfba7bc3f
SHA1d1324b52f8fc939fe9a5f1ea4133999784b8aaeb
SHA256c2c378f3f204d5a97060b1eee0c9154493955c56cfd83a59bec11e55e672e0dd
SHA512e098ab0644c39b56efac31f844fdd6a59c1329d0c03ce128fb427bcce2d8423c26846b7143cb06126f989c1bcc40036e34c6e58e26053db79bf0a2e7a276befe
-
Filesize
4.5MB
MD52ad8fa8566819c976074bb69952b696f
SHA1483102e5db40d2f0f1c43c0ff8db21e67ec15149
SHA2561276f6941cb2f9f852c43843b9a921dea6c4999a49b1f9fa6530f619be730e5e
SHA512ed48dedaaf90463a64dd2bcdf5a2858cafbb59e3a914e58a24cb2e1481a8eab9fa91de7ad8e403bc89bba0940132e56aa0e0f3ce1635cad025db28a61db24f90
-
Filesize
1KB
MD51af5819fdd9eb400a9a511d6ad0d2895
SHA1dbfc9cde51dcf09e87495be4fa40997de434f268
SHA256f864f1cf177c104ec6fc25520fe58dd502ea163c77219c4ad0c59ba929253797
SHA512b0cdbbac53ae163e7a5131649ff241757e61c18910d10aa1f157d3376f61fd612dd2aeebd2d31d8259e6bebd5aa2114991f357e173cc595508629192841923b8
-
Filesize
275KB
MD5672e03b9d7a2d50f3e935909a198928b
SHA16cc8a45126243c6ad8a6336ef1789e6a8b5dd33f
SHA256c4772f8a8761f052bd0336923539699ba2f358ac203beb197cda576146e05a0d
SHA512bf5833ea48942319d560fb4dad62997fa5495e0d9c634361d919d3328364d0f4a999dfb56590d48227c3690d8a867b022f6d5fd01c46f27d2ad6421d88380372
-
Filesize
19KB
MD54db38e9e80632af71e1842422d4b1873
SHA184fe0d85c263168487b4125e70cd698920f44c53
SHA2564924aad650fa0f88c6fc6ca77068d73f70f0d0866a98212b615290ffb0b04efa
SHA5129ce1e75b11e43369fe2320cf52bef856170385a8e898a934c735cb92a8399e5e612a54b248579687c372dae58e47e05d9095116313aea9555cf2358944252d77
-
Filesize
179KB
MD51a5caea6734fdd07caa514c3f3fb75da
SHA1f070ac0d91bd337d7952abd1ddf19a737b94510c
SHA256cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca
SHA512a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1
-
Filesize
211KB
MD5a3ae5d86ecf38db9427359ea37a5f646
SHA1eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA51296ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0
-
Filesize
192KB
MD5f9d9cb41b549a1466c7496f51edefee2
SHA1385bd00473e116e27d69ac58792bb5496e226edf
SHA2566b4247b98ec8bcc42a796ed706917a355012d1caa45c2889a57ac8366ddc6085
SHA5128a4e06e180a61d5f1b0a2f2890c22caacc05909c1302ec935379f898d9aab3df0f526d9218c55731c3013b5d7353a21f5dc2a03f1d9aacb91593d03d6561d898
-
Filesize
49.1MB
MD58ea7e4e29322afde0c01a5745f7992ba
SHA14fede6c44392940b859d29e47501d9971dad9848
SHA25606db65d83a7627a8fb06d0c570bc08df29277b298fc1f4d3e7d6beb14df7d4bc
SHA512e5e19e2c137b794ff971e383c94d740720f7202948d2ef82bf80f4c23e831f90f5827630a8e43e3fafc67bd8c6ae4b629fa9ae1e4b5ec03faa4510cbf4327413
-
Filesize
4KB
MD526e3e31b5471a4890ee90b3c4103cc87
SHA1659d75459e63ba0264aa74afb4382ca3f308951c
SHA2560286045cc46ba55c25f6da06b6236c57d96e6cf49b6c192efdbd67b8bd17b3eb
SHA512d74b0fd778518eb90d9aeb7f9d0628f692619cf96e246b1453360be97121386076cbbeedce749728f24846468fbc643e21c29ba94c9e6e1174629907aae1c549
-
Filesize
2KB
MD5e29795a9c862791e436352896f1bbdb0
SHA1b92713ebe2a13085f1910e73e545bfbae97f99e1
SHA25616d2f34ec52c71f39e1ae03c2f4840c23318f91e8efba678f1a44d17f84afc26
SHA51255ed1b98f759940291b9e3ea45b8ca27367816b9e18fe7c35887a222d83ef0d178b3d4a241344654c43d48122cf77296fb968f73086f87a76e080654212111ef
-
Filesize
5KB
MD505a1c34b2ddf2bd9ce2b539230e034f4
SHA1940fa7a9d5f050f6f119e35c5ee0288c2d1da607
SHA256f88426681ea6df9c248f697c3ed5c4e46028a5b108c5e675d5cfea29ef413c98
SHA5124a100bbd2b319acce8361d8e0baf0914fa86b0ef84998e42ed83f91216c09ac5c6f7106d948b0cab287992f4b1cc3727d2455b5d6efc10c937b0aa5688a3f7bd
-
Filesize
52.2MB
MD559e70b73490996efadd047db10f13a97
SHA19b91c2a3899514a2e1ae0aa577a6aa81ec038eef
SHA25604c3215b847240f1c9710a3c55fddff4ee9676c590951cf9ba7cd45c4aeb5fa4
SHA512b5cc698ca5271d6c86255a069e97691a406904227aa3d2861cd4039ec1c26689609f0c5c9f72fd98e6ea01e571687d4cfe4f87c11bf87aec3172eaab5c25314e
-
Filesize
3KB
MD5560af444a6a7faa0b0ca94dc16ca2a58
SHA1df31453fafde354870a0a9a8ca50b18e284c32e4
SHA25694739ca46676bd602a78671257fbfce39feaabc9664c6326bf4970a0108e3429
SHA5127c853176c088d56a517e52c6687b6debf08f6f9726376720ade9d13fafc9be0ca72f0f2b35562a61ece653aeb789c838c60447f463b2bbe70c21bfc8c039b681
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
4KB
MD55a3df0de9d80c27170fa81cd49d5d4d3
SHA1789fb2c517bdeeabd4391a9f5c2ee4feccaec25c
SHA25679219352d8bfb1fa33019204873427b60e8b5b467ee174efe23d6d8e0115782d
SHA5121f5385efe08668507a490c17701fb3a7ec9232225f4079a20400f4b684edacdc02bd70c5d3c4e9363e02d0c2ed1b3d6d444d43f892e3e0a159e0586ab879dfe6
-
Filesize
5KB
MD59f7452980df4bee2ba668160642700c5
SHA182ad8a5dc86d67a1a21e71d7e76327fb2595c9b1
SHA2568c78d84ae940b2becf6d18d569fa812efc97087222bc2b089f3f076d15bf1ba4
SHA512efdf616f7101c5e754d77a2f34385678491a07941d9ad632cb9a40206e45c6ae1034edee56ca8786303568fdde95e7e4ba8ae7d0349a514eab8bdd42fe26ffae
-
Filesize
2.7MB
MD56a93028122ca116eacae296d1d5b2696
SHA182b26b1f9dfd19c90508b6d8e2ea482ed93c0736
SHA256a60db6d81fdd5174b6e5bc21dc4497dd9e1c2b19b3393584adb2aa10e711bb5f
SHA512d11c049385205b32803ff463df3f87390f12c5e59cba725f707fe8ce2401d9c7a74c9eb23af96563edfc57f267f65ef3c1ce86d94467cafd2fa149ad5e93701b
-
Filesize
538B
MD5cbe2e79acebb14d0922b094e65a0f4b6
SHA147dc9082b099919048029994a7e85e0773a66e6c
SHA256896e08da4b5a13b3a67ad54cb847285efddd96208b645cbf8d9ba6ddb9deb09d
SHA5122ec052d8187b75273b1e9056301a654ae4ac55c7dfead004676239447a2888bbe07a5bc057824e0a7f2156993a8b23c2c2e6fde3e30dc70f8bf1bca68de54fdf
-
Filesize
181KB
MD528abb4a512eeecdc2a7996df8896622f
SHA101885f11e9a7eebdceab7ae234ebbd6336bedef4
SHA256fa5331562c929e748e92de08836729bd94d9f07056dc75ce9181342f64460815
SHA512c7bd74911ba78a501f6a4b4349af288bc63f9688d28a9c880f8618bcc50df06e9472e21be92f35eb720c52b010c07819c0b57339856f538864d73ef8c9bf47ca
-
Filesize
179KB
MD57a1c100df8065815dc34c05abc0c13de
SHA13c23414ae545d2087e5462a8994d2b87d3e6d9e2
SHA256e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed
SHA512bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327
-
Filesize
343KB
MD543454a76a06dc9ec2ccd6be7eacfc025
SHA16fdf1b80dd62d159dd9e6fa52ef7d6a72634ffb5
SHA25604171540d4dad2237035075aa6175a0b5752fc16a19b91789cc33ca9cce08998
SHA5123d70eb04d83f5e51a272571cbfe9916b86e12f75b7de9fe098fe1982c8758b140f3cafe05e860b80ed2fa00f90c719e8b93b443d8a39bf6881116706690d05d5
-
Filesize
427KB
MD585315ad538fa5af8162f1cd2fce1c99d
SHA131c177c28a05fa3de5e1f934b96b9d01a8969bba
SHA25670735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7
SHA512877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556
-
Filesize
1.8MB
MD5befe2ef369d12f83c72c5f2f7069dd87
SHA1b89c7f6da1241ed98015dc347e70322832bcbe50
SHA2569652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131
SHA512760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b
-
Filesize
727B
MD522da0d8f64f6e0ada177d89231b0966d
SHA1bffdc1244a666a7bfe9d493f1c74d39e4b3153f5
SHA2569febeea3bcd4c7e2634ef104b36ba79106d111034ea50de571b3dd6130b71925
SHA512979b9d7be728ded8ff8682f11509d96f9f048fa028166a68190f7e33e1e4b3112542e1a3573b9ecc92739aa160e6852393d48123ba4bf239390b8f42a17c2174
-
Filesize
408B
MD57076d9a40fe38e49e746dfb0341dfb43
SHA12b308a9dbba303062d062548445dbde4f67677dd
SHA2569805fcd3a2e158fd131aaadb5d262cec1f1a504cad61326751efb1934a2b073e
SHA512ce5427c4af3830fd32af26100bb41258c966cac5eeb75dd11b6dfa9df71a367df2fa5aba8df2dacf9dcc7b83e389369010906c5f655028f945e3d8d5a6a4ac3c
-
Filesize
412B
MD5b5f71b0aca369143b7ea34d0e5288ab7
SHA1add2de54bac5537548fb11c9417ab2b8e2206297
SHA2567fc71b5365df881a4a7af9984b43d64c4c925634b8787276feaaf1727619e5c3
SHA512af8e0784e958df256920bcb8e22469b10f5f2cb8c1a9ef84fcbf3c2857d88b07a16bf5033b0a31ac86ff874c18759d8733a8d5cb783e4fb162ade8594225d2f4
-
Filesize
1KB
MD5e96c8d2aabf9b24de725a25342bca261
SHA11b273ccb6660b2659c735d9a31ea5e14d3af70bf
SHA2568fe942027d0e728c075281385535acd62e1b226c2c44dc58d2e6144c5c9d5ab7
SHA512fdf1fcb0235df8883220bba56ce614d09a9c4ae20efc4b97d22761279f550803be62c962b5f0e28b629eb539ab9684bf18cd2c896075d31736ad6e35c84f5a2f
-
Filesize
8.5MB
MD574bea0d3f9a79b51f4163d7c034e4ca4
SHA1c0c0ce1b37803ca6c558921792bfc40ff5c60d15
SHA25692143064692a02d6a7d4cb4a28b0135819420d900508129b7bea5ae6d94905cc
SHA5126554d5d740cfe4322c5e5c2ca16b4a43f924800b7318ec0b31c46732242bac7f867c1b2977584fa56a6a79bc56da75abe18ff2d4d11d5a3575909a8c0f8c919f
-
Filesize
6KB
MD5a1da8522bed7bde90bf1d98019e383cd
SHA110ac3f833a53a06da299379dedcfe24942b861f0
SHA256783bbc830dd433dca83e5d1acb6648f429e35d2555bb14bed8b53f7db57cd5ed
SHA51262d738060811e4a8d0cf1532c8f8634a4ed41186059b9a3780528a95014330f33b023aba0ca678ed96b4c830b18ace560835d5a80528cc29214f2b156ca5216a
-
Filesize
32KB
-
Filesize
400KB
-
Filesize
10.8MB
-
Filesize
296KB
-
Filesize
10.8MB
-
Filesize
112KB
-
Filesize
152KB
-
Filesize
232KB
-
Filesize
168KB
-
Filesize
416KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
712KB
-
Filesize
880KB
-
Filesize
40KB
-
Filesize
32KB
-
Filesize
288KB
-
Filesize
304KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
704KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
328KB
-
Filesize
10.8MB
-
Filesize
608KB
-
Filesize
152KB
-
Filesize
240KB
-
Filesize
64KB
-
Filesize
72KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
112KB
-
Filesize
176KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
408KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
184KB
-
Filesize
64KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
48KB
-
Filesize
64KB
-
Filesize
224KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
712KB
-
Filesize
136KB
-
Filesize
1008KB
-
Filesize
1.1MB
-
Filesize
3.8MB
-
Filesize
1008KB
-
Filesize
1.1MB
-
Filesize
3.8MB
-
Filesize
1008KB
-
Filesize
1.1MB
-
Filesize
3.8MB
-
Filesize
328KB
-
Filesize
1.1MB
-
Filesize
3.8MB
-
Filesize
1008KB