Overview

overview

10

Static

static

10

Atualizado...Fe.msi

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    08-11-2024 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Atualizador_Fiscal_NFe.msi

  • Size

    2.9MB

  • MD5

    61b54e1bd417282f38e537804fd1d1db

  • SHA1

    e74d97884bc23404c5860e5f58b5d57242c9c4bc

  • SHA256

    fc706bcf6b6c9c787c723bd168c74ca7ebc228962f78b6f57225b7a45c2dc5e7

  • SHA512

    6d6118c470549949a32885a749e38085f619ae64d68b473ec9bcb13007d25606df78ef67072bad46606fc90fe5c89488b52df64c6401656fac4f432e51b4217b

  • SSDEEP

    49152:j+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:j+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoverypersistencephishingprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • A potential corporate email address has been identified in the URL: vlibras-portal@dev
    phishing
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 44 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 60 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 4 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 13 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 11 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Atualizador_Fiscal_NFe.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3180
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5044
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:4
      2⤵
        PID:4340
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 80335CDBF8270E57F41F3F2B19DD3B5F
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4924
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSID590.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240637609 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3144
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSID979.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240638359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4536
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIDF94.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240639890 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:836
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIED26.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240643406 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4092
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 28B863A1ADCD8A33D998F9F67445D9C9 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1404
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4516
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:3612
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3356
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000N8afVIAR" /AgentId="0f3fcdd9-5e83-4d89-877b-3b7d51c2945c"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:1780
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding DB675CF43757F059AB2E91E352127DFC E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2552
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{779A40EE-2DA8-43F9-982D-E361ACF3843B}
          3⤵
          • Executes dropped EXE
          PID:4836
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82A02F3E-941F-4A4A-93BF-1201033EA482}
          3⤵
          • Executes dropped EXE
          PID:524
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{988FB7E0-7A10-4170-996A-C79AF1D05B5F}
          3⤵
          • Executes dropped EXE
          PID:4072
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{136E7884-1BAF-4EBD-91B8-2EFB335F141F}
          3⤵
          • Executes dropped EXE
          PID:2480
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CFB11EA2-3A97-4231-A7F0-B0A6AE01F63C}
          3⤵
          • Executes dropped EXE
          PID:3612
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F27B8E6F-5BED-4F97-9959-23FEC80EBFA0}
          3⤵
          • Executes dropped EXE
          PID:1708
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BA65482F-D7DE-44B5-8115-596FC20B9018}
          3⤵
          • Executes dropped EXE
          PID:1300
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFD1D7B5-A24F-4F13-99E2-769A5BE6FCA4}
          3⤵
          • Executes dropped EXE
          PID:2776
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B5251109-3956-4A3D-AA8F-67D198E8CEF5}
          3⤵
          • Executes dropped EXE
          PID:1228
        • C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe
          C:\Windows\TEMP\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_is28A1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{87B1D276-70FB-48AC-8B94-3AD4F8E32BFD}
          3⤵
          • Executes dropped EXE
          PID:3316
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4092
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:476
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5076
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:408
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3900
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4288
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1872
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4836
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2740
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1500
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:476
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2744
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2480
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4952
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3064
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3584
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4768
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAudioChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2756
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3860
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRVirtualDisplay.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1808
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{96D6DCCF-CC94-4E64-9520-0E68827DF36F}
          3⤵
          • Executes dropped EXE
          PID:1756
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3309F59B-42F0-41B8-BF39-C03C1DFCF109}
          3⤵
          • Executes dropped EXE
          PID:2456
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B93BEC0A-1140-4F91-A377-B5D3F7B3FABC}
          3⤵
          • Executes dropped EXE
          PID:4464
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D5396EA-A5D0-4ED3-9AE3-455CE5BA45E0}
          3⤵
          • Executes dropped EXE
          PID:4560
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{143618E9-2BF1-43C8-B9C1-D88DE6CAD8B3}
          3⤵
          • Executes dropped EXE
          PID:4664
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1D49BFB6-511D-4BE3-B9A8-8FAE044E4049}
          3⤵
          • Executes dropped EXE
          PID:396
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A0AA6ACD-022F-4B6D-95EA-FBC7597A71DF}
          3⤵
          • Executes dropped EXE
          PID:1740
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D5ACCE02-8784-468C-BF9E-AF65DE57D6DB}
          3⤵
          • Executes dropped EXE
          PID:2352
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{95058D0A-FD0D-477E-BE97-835161CD8E72}
          3⤵
          • Executes dropped EXE
          PID:228
        • C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
          C:\Windows\TEMP\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D0AF1E87-F5DB-4C6F-A1FB-DDC77E17AF95}
          3⤵
          • Executes dropped EXE
          PID:3584
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8BD0A369-63E2-433E-97E1-B81725333926}
          3⤵
          • Executes dropped EXE
          PID:5016
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7FFBAED0-D122-4487-837D-B23A980BE7C2}
          3⤵
          • Executes dropped EXE
          PID:2044
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1E521C6C-F46D-4FE1-B8B9-2306234B3A8A}
          3⤵
          • Executes dropped EXE
          PID:3908
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0CB10CC8-DFB0-4029-9986-755D93E4B26E}
          3⤵
          • Executes dropped EXE
          PID:4492
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8398952B-370B-46DD-8B0B-0DE5DD2951A9}
          3⤵
          • Executes dropped EXE
          PID:3472
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{06656AC1-8083-4F03-BABC-4BC1420CDA81}
          3⤵
          • Executes dropped EXE
          PID:4340
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DCC3653B-F351-4FE2-BC0F-3544270BEEFB}
          3⤵
          • Executes dropped EXE
          PID:3140
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C18DCA5E-A6AE-4922-86FA-6C7E7A24CDE4}
          3⤵
          • Executes dropped EXE
          PID:1500
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0E7DECF-D05D-4895-9D00-D3792D84C206}
          3⤵
          • Executes dropped EXE
          PID:4996
        • C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe
          C:\Windows\TEMP\{6221E387-457B-42B2-80FE-A628BD6BE67B}\_is4B5E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{52568747-E73F-4195-9C60-336DBF3EE7BC}
          3⤵
          • Executes dropped EXE
          PID:4592
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:416
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1516
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:4708
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:3160
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:2992
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:3160
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0D66FC16-1924-483A-82BC-6E2A97985B0A}
              3⤵
              • Executes dropped EXE
              PID:4836
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{638D39B6-342C-41F8-9433-BF1A0E352BFB}
              3⤵
              • Executes dropped EXE
              PID:1492
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0D9316C2-9867-43DB-8B49-74A6EC97E8C2}
              3⤵
              • Executes dropped EXE
              PID:4288
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8FCDC40-3C0F-4D7D-AA09-142882552C9B}
              3⤵
              • Executes dropped EXE
              PID:1740
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C5E451AD-35FB-473C-97DE-CC6D1ED1933E}
              3⤵
              • Executes dropped EXE
              PID:1572
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B5A5E05C-1661-4F62-821A-B37900EC75C6}
              3⤵
              • Executes dropped EXE
              PID:4052
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{401BBE68-A1F4-47EA-8357-E3E48A108E2A}
              3⤵
              • Executes dropped EXE
              PID:864
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DA961183-841F-4005-A147-0EC92532A986}
              3⤵
              • Executes dropped EXE
              PID:2296
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CFA927A8-00D1-468F-8DC6-87BCFB2106A6}
              3⤵
              • Executes dropped EXE
              PID:1148
            • C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe
              C:\Windows\TEMP\{55BF4E9F-ABFF-49F0-9B53-9B8BE4A8EE9A}\_is612A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{726A4E0E-3C4C-4C33-B821-25EAADF132BF}
              3⤵
              • Executes dropped EXE
              PID:5016
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              PID:1044
              • C:\Windows\System32\Conhost.exe
                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                4⤵
                  PID:1740
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{86295604-F472-45DC-86D5-5C5A74A5D0AA}
                3⤵
                • Executes dropped EXE
                PID:2992
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D51A1B2-B0AE-42C0-B978-57B3C2A3598A}
                3⤵
                • Executes dropped EXE
                PID:3316
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5CEF8A3C-70A8-40E9-A186-294AFC0B9E62}
                3⤵
                • Executes dropped EXE
                PID:396
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{022B94F3-F8C9-488E-9CC3-AE11598DB783}
                3⤵
                • Executes dropped EXE
                PID:4444
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4DC6A02F-BB74-4553-AAC5-208B6C388024}
                3⤵
                • Executes dropped EXE
                PID:2776
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6AAEA843-3FC5-4FA5-8738-492CE6B9D120}
                3⤵
                • Executes dropped EXE
                PID:3184
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A12C5D1A-7470-4728-B2CE-05C184369F89}
                3⤵
                • Executes dropped EXE
                PID:884
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{584E4478-348C-4141-815D-CE225C5331AD}
                3⤵
                • Executes dropped EXE
                PID:3332
              • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BBA8C936-DF4A-45FB-91C7-145026452B8A}
                3⤵
                  PID:1492
                • C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe
                  C:\Windows\TEMP\{61D1E8D4-19F6-4028-8629-2BA8B0F8D8FF}\_is665B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{603AEC77-520E-435D-B7AC-0389D5E0819C}
                  3⤵
                    PID:3316
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:4444
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 88DAAA4113F2AB821ED85DD17C30AFD3 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:6876
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI9EED.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240689046 465 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                    3⤵
                    • Drops file in System32 directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:100
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIA0E2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240689359 469 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:6628
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIA42F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240690218 474 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                    3⤵
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5296
                  • C:\Windows\SysWOW64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:5696
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:6140
                  • C:\Windows\SysWOW64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:3036
                  • C:\Windows\syswow64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:7032
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:5984
                  • C:\Windows\syswow64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:6868
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIE4FA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240706796 512 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:6008
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                  2⤵
                  • Drops file in System32 directory
                  PID:5832
                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="ba82a861-da31-4513-aa17-527f4255365f"
                  2⤵
                  • Drops file in System32 directory
                  • Modifies data under HKEY_USERS
                  PID:1592
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                • Checks SCSI registry key(s)
                • Suspicious use of AdjustPrivilegeToken
                PID:2844
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in System32 directory
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Modifies system certificate store
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:2924
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:2896
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "b946e521-b8b1-4da3-bc57-5e9adf0000ac" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000N8afVIAR
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  PID:1756
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "71cce94a-1f56-46cd-81df-aa3445702e26" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000N8afVIAR
                  2⤵
                  • Executes dropped EXE
                  PID:4996
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "d7f9aa1d-1ded-466e-90e2-cda9e0b68cde" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000N8afVIAR
                  2⤵
                  • Executes dropped EXE
                  PID:4320
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "ea400318-4c0f-4e09-949d-d2a648b6ba49" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000N8afVIAR
                  2⤵
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Suspicious use of WriteProcessMemory
                  PID:2756
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:392
                    • C:\Windows\system32\cscript.exe
                      cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      4⤵
                      • Modifies data under HKEY_USERS
                      PID:1492
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "ab38d692-88ad-4530-b394-a5659d7ca798" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000N8afVIAR
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:3752
                  • C:\Windows\TEMP\SplashtopStreamer.exe
                    "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Modifies data under HKEY_USERS
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:3252
                    • C:\Windows\Temp\unpack\PreVerCheck.exe
                      "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      4⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:2440
                      • C:\Windows\SysWOW64\msiexec.exe
                        msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:3088
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "8fd20f96-6b92-4df1-8d91-ee020cdfafdf" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000N8afVIAR
                  2⤵
                  • Drops file in System32 directory
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:2968
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Suspicious use of WriteProcessMemory
                PID:1960
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:3592
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "e85d6da2-e2be-463a-8964-cea528c5fc68" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000N8afVIAR
                  2⤵
                    PID:6024
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                        PID:5512
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          • Modifies system certificate store
                          PID:3580
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "fdcc0884-56b7-438a-9f7c-cd887b66bbd1" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000N8afVIAR
                      2⤵
                      • Drops file in System32 directory
                      • Drops file in Program Files directory
                      PID:2560
                      • C:\Windows\SYSTEM32\msiexec.exe
                        "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                        3⤵
                          PID:3356
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "58920a9f-e0b3-45a8-b1a1-cb8f209065b2" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000N8afVIAR
                        2⤵
                          PID:3344
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=de7ee266795c99d83049ba9251ec6f5a&rmm_session_pwd_ttl=86400"
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:6764
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "b683f680-dfcc-40b3-b197-07e45b078517" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:5968
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "85aa07a1-898c-46f8-b1c2-1b76f95ca64f" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          PID:6048
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "2d53f92d-a922-48fc-93d0-7711e1bddb44" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:6372
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "cb8f149a-02f6-49ce-b638-83c4e36faf54" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          PID:6720
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "6614363e-c2e7-422c-9d95-698a964e0f2e" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000N8afVIAR
                          2⤵
                          • Writes to the Master Boot Record (MBR)
                          • Drops file in Program Files directory
                          • Modifies data under HKEY_USERS
                          PID:6824
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "421b2ccc-5b54-4fd6-8bdf-d5bb775ef9ec" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          PID:6912
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "414c2345-632e-4b01-aa37-654dfb6c03c1" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          PID:6988
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "449959e7-9291-42e3-b031-972882a49a8c" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          PID:7048
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "8e8134bb-4be0-4635-ba4d-0ee4cd95b4ce" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjM1IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU4OTc4Y2ViLTVkZTMtNDllMi1iNTcxLTk3MjgyNWIwOGYwYS9mMWJkOWIxYmI1YjI1YjhjOWNlZTQwZWQ5YTNkODAyMy9kb3RuZXQtcnVudGltZS02LjAuMzUtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yNjkyMDY2NC1kNzU0LTRmNzYtOWM5OS1lNjkxMTYzNDhlODIvYTQwMzE1MzcxY2M2MDdjOWYxODQ3OGM5M2YyYTY3NmEvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2EyMjNjNDViLTQ3NzctNDA1Ni1hZWEyLTY1M2M1NzZkODExNS9iZjhhZjYzYzZlNjI1YmU0YWZhODVlYzA5M2U4MWU2NS9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNGY2NTYyMS1iMzZiLTQ2YTktODM4MC1kNWI2NjBiZWYyN2UvMDE4NWZkNzIwNTVkY2RjYTg2MTY2Yjk5YWRkNzE2ODYvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MGZiNWRjLWY0ODgtNDAwZS04NWNhLTg0M2ExMzY0MGY1Ni80ODNkMjQ2MzhjYzJiZWRhZGRhYjQzNzM0YWEyZTQ0Ny9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlVlSmJHR0dWb2NwZmdpckU2eDVNN29MQzhBS2NOSjk4SDNFcmJ0L0taS0dPdWxpQ1Flc1x1MDAyQmx6Wno5XHUwMDJCcnQwdXJMZ2FEeng0cmtXZm0veWg5UWI1RFRKUT09IiwiTWFjWDY0Q2hlY2tzdW0iOiJaZFZQVmRFSG40ZXFkdlNPUksxRUpXcjdnOUt5b0RZSXp6czQzOUxKeHYvZkFRdG5iTjk3OE8yTm1pNGtRSFNkdlJJazEvNFx1MDAyQjlycTZPMEx2Q2FnL1d3PT0iLCJXaW5BUk1DaGVja3N1bSI6IldlTGhodXU3Vi96NEs2WGVubDBINDVWWDExb0ZhdHdvV1BNa2pEQ2dobmhrTm5US2tqZjc0eUFcdTAwMkJcdTAwMkJ0Ri9VU1ZDZXE2T2dRbHI2V1Y1dU1rRWwxUVdqUT09IiwiV2luWDY0Q2hlY2tzdW0iOiJEREtSSlRFanp6XHUwMDJCSWUxMldTM2Y0aHVKQlNpeXR4TkRwQlI2SXpFeHpkM2ZBb0toNVV5MkEwbTlKOFU0ZVh5VmJxeEhjZzB3M25hWW1FZFNFeEwzMEZnPT0iLCJXaW5YODZDaGVja3N1bSI6IjdtSUF5bG9IeWxIVFVJakhud3NXeVVOXHUwMDJCVWU0alk3eXBrZVx1MDAyQnEyM2xNbEdzR0hpVUc1b21scW1LOVEvYVViODhLXHUwMDJCTnBGMWNaUVpXQjVJb3ZtTzVucWN3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          PID:7064
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:6624
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:7144
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "3816f3ab-50de-44c3-8e57-06e5fddc603b" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000N8afVIAR
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          • Modifies registry class
                          PID:7100
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "719f2f79-4194-4015-b087-3cbf7262d179" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 001Q300000N8afVIAR
                          2⤵
                            PID:4720
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                          1⤵
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:792
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                            2⤵
                            • Drops file in System32 directory
                            • Loads dropped DLL
                            • System Location Discovery: System Language Discovery
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2936
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                              -h
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SetWindowsHookEx
                              PID:228
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1112
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                4⤵
                                  PID:6128
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of SetWindowsHookEx
                                PID:564
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                PID:5400
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                  SRUtility.exe -r
                                  4⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:5468
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of SetWindowsHookEx
                                PID:5504
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                            1⤵
                            • Drops file in Windows directory
                            • Enumerates system info in registry
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:808
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffe12d8cc40,0x7ffe12d8cc4c,0x7ffe12d8cc58
                              2⤵
                                PID:4000
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1924 /prefetch:2
                                2⤵
                                  PID:2024
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2192 /prefetch:3
                                  2⤵
                                    PID:1044
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2276 /prefetch:8
                                    2⤵
                                      PID:3556
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
                                      2⤵
                                        PID:5584
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3144 /prefetch:1
                                        2⤵
                                          PID:5596
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4572 /prefetch:1
                                          2⤵
                                            PID:5784
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3708,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4836 /prefetch:8
                                            2⤵
                                              PID:5900
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3716,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4956 /prefetch:8
                                              2⤵
                                                PID:5908
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3760,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4684 /prefetch:8
                                                2⤵
                                                  PID:5560
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4848,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5232 /prefetch:1
                                                  2⤵
                                                    PID:6664
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4776,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
                                                    2⤵
                                                      PID:7092
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,17031136386898033762,10830204941189724848,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4792 /prefetch:8
                                                      2⤵
                                                        PID:6584
                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                      1⤵
                                                        PID:5696
                                                      • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
                                                        C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding
                                                        1⤵
                                                        • Drops file in Windows directory
                                                        PID:6444
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                        1⤵
                                                          PID:5508
                                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                          1⤵
                                                          • Drops file in Program Files directory
                                                          • Modifies data under HKEY_USERS
                                                          PID:5776
                                                          • C:\Windows\System32\sc.exe
                                                            "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                            2⤵
                                                            • Launches sc.exe
                                                            PID:6032
                                                            • C:\Windows\System32\Conhost.exe
                                                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              3⤵
                                                                PID:4720
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "d27be382-fbdd-41f0-b59d-479e36742bda" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000N8afVIAR
                                                              2⤵
                                                              • Modifies data under HKEY_USERS
                                                              PID:6808
                                                              • C:\Windows\System32\cmd.exe
                                                                "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                3⤵
                                                                  PID:5856
                                                                  • C:\Windows\system32\cscript.exe
                                                                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                    4⤵
                                                                    • Modifies data under HKEY_USERS
                                                                    PID:1196
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "fc529c49-4b29-4e2c-b5d9-f7ed56225ee5" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000N8afVIAR
                                                                2⤵
                                                                  PID:6428
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "0f0fc3cf-6a78-47a7-a0bb-b9005a0d1c56" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000N8afVIAR
                                                                  2⤵
                                                                    PID:380
                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "90bf3565-b989-4094-93ba-e5c3c5e7689c" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000N8afVIAR
                                                                    2⤵
                                                                      PID:6968
                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "eeef5bd0-ba30-4f3f-97ef-ac7402abd6d0" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 001Q300000N8afVIAR
                                                                      2⤵
                                                                        PID:6492
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "e13a88fa-1186-404e-be2f-c0870c2b7ad4" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000N8afVIAR
                                                                        2⤵
                                                                          PID:480
                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "8b7b9171-dd9b-480f-80df-99ded525e886" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000N8afVIAR
                                                                          2⤵
                                                                          • Writes to the Master Boot Record (MBR)
                                                                          PID:5024
                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "03419d0d-804f-4104-8aec-c5239afa0871" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000N8afVIAR
                                                                          2⤵
                                                                            PID:1324
                                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=de7ee266795c99d83049ba9251ec6f5a&rmm_session_pwd_ttl=86400"
                                                                              3⤵
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:2316
                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "14939621-ed65-4b7d-8138-e3a5d06ca1e9" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000N8afVIAR
                                                                            2⤵
                                                                              PID:1792
                                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "d6473589-5846-420a-b500-1bd226c19379" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000N8afVIAR
                                                                              2⤵
                                                                                PID:5932
                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "32f5af5f-0e2a-48a5-b35b-aaa8d17e01b5" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjM1IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU4OTc4Y2ViLTVkZTMtNDllMi1iNTcxLTk3MjgyNWIwOGYwYS9mMWJkOWIxYmI1YjI1YjhjOWNlZTQwZWQ5YTNkODAyMy9kb3RuZXQtcnVudGltZS02LjAuMzUtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yNjkyMDY2NC1kNzU0LTRmNzYtOWM5OS1lNjkxMTYzNDhlODIvYTQwMzE1MzcxY2M2MDdjOWYxODQ3OGM5M2YyYTY3NmEvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2EyMjNjNDViLTQ3NzctNDA1Ni1hZWEyLTY1M2M1NzZkODExNS9iZjhhZjYzYzZlNjI1YmU0YWZhODVlYzA5M2U4MWU2NS9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNGY2NTYyMS1iMzZiLTQ2YTktODM4MC1kNWI2NjBiZWYyN2UvMDE4NWZkNzIwNTVkY2RjYTg2MTY2Yjk5YWRkNzE2ODYvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MGZiNWRjLWY0ODgtNDAwZS04NWNhLTg0M2ExMzY0MGY1Ni80ODNkMjQ2MzhjYzJiZWRhZGRhYjQzNzM0YWEyZTQ0Ny9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlVlSmJHR0dWb2NwZmdpckU2eDVNN29MQzhBS2NOSjk4SDNFcmJ0L0taS0dPdWxpQ1Flc1x1MDAyQmx6Wno5XHUwMDJCcnQwdXJMZ2FEeng0cmtXZm0veWg5UWI1RFRKUT09IiwiTWFjWDY0Q2hlY2tzdW0iOiJaZFZQVmRFSG40ZXFkdlNPUksxRUpXcjdnOUt5b0RZSXp6czQzOUxKeHYvZkFRdG5iTjk3OE8yTm1pNGtRSFNkdlJJazEvNFx1MDAyQjlycTZPMEx2Q2FnL1d3PT0iLCJXaW5BUk1DaGVja3N1bSI6IldlTGhodXU3Vi96NEs2WGVubDBINDVWWDExb0ZhdHdvV1BNa2pEQ2dobmhrTm5US2tqZjc0eUFcdTAwMkJcdTAwMkJ0Ri9VU1ZDZXE2T2dRbHI2V1Y1dU1rRWwxUVdqUT09IiwiV2luWDY0Q2hlY2tzdW0iOiJEREtSSlRFanp6XHUwMDJCSWUxMldTM2Y0aHVKQlNpeXR4TkRwQlI2SXpFeHpkM2ZBb0toNVV5MkEwbTlKOFU0ZVh5VmJxeEhjZzB3M25hWW1FZFNFeEwzMEZnPT0iLCJXaW5YODZDaGVja3N1bSI6IjdtSUF5bG9IeWxIVFVJakhud3NXeVVOXHUwMDJCVWU0alk3eXBrZVx1MDAyQnEyM2xNbEdzR0hpVUc1b21scW1LOVEvYVViODhLXHUwMDJCTnBGMWNaUVpXQjVJb3ZtTzVucWN3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000N8afVIAR
                                                                                2⤵
                                                                                  PID:6124
                                                                                  • C:\Windows\SYSTEM32\cmd.exe
                                                                                    "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                                    3⤵
                                                                                    • System Time Discovery
                                                                                    PID:3004
                                                                                    • C:\Program Files\dotnet\dotnet.exe
                                                                                      dotnet --list-runtimes
                                                                                      4⤵
                                                                                      • System Time Discovery
                                                                                      PID:6372
                                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "090284c0-5057-4b4a-a61e-0cbff64d0df9" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000N8afVIAR
                                                                                  2⤵
                                                                                  • Drops file in Program Files directory
                                                                                  PID:1984
                                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 0f3fcdd9-5e83-4d89-877b-3b7d51c2945c "7ebc50e5-52dc-4a5d-be38-e94a244cdf85" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000N8afVIAR
                                                                                  2⤵
                                                                                  • Modifies registry class
                                                                                  PID:6908

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Reconnaissance

                                                                              Resource Development

                                                                              Initial Access

                                                                              Execution

                                                                              Persistence

                                                                              Event Triggered Execution

                                                                              2
                                                                              T1546

                                                                              Component Object Model Hijacking

                                                                              1
                                                                              T1546.015

                                                                              Installer Packages

                                                                              1
                                                                              T1546.016

                                                                              Pre-OS Boot

                                                                              1
                                                                              T1542

                                                                              Bootkit

                                                                              1
                                                                              T1542.003

                                                                              Privilege Escalation

                                                                              Event Triggered Execution

                                                                              2
                                                                              T1546

                                                                              Component Object Model Hijacking

                                                                              1
                                                                              T1546.015

                                                                              Installer Packages

                                                                              1
                                                                              T1546.016

                                                                              Defense Evasion

                                                                              Modify Registry

                                                                              1
                                                                              T1112

                                                                              Pre-OS Boot

                                                                              1
                                                                              T1542

                                                                              Bootkit

                                                                              1
                                                                              T1542.003

                                                                              Subvert Trust Controls

                                                                              1
                                                                              T1553

                                                                              Install Root Certificate

                                                                              1
                                                                              T1553.004

                                                                              System Binary Proxy Execution

                                                                              1
                                                                              T1218

                                                                              Msiexec

                                                                              1
                                                                              T1218.007

                                                                              Credential Access

                                                                              Discovery

                                                                              Browser Information Discovery

                                                                              1
                                                                              T1217

                                                                              Peripheral Device Discovery

                                                                              2
                                                                              T1120

                                                                              Query Registry

                                                                              5
                                                                              T1012

                                                                              System Information Discovery

                                                                              4
                                                                              T1082

                                                                              System Location Discovery

                                                                              1
                                                                              T1614

                                                                              System Language Discovery

                                                                              1
                                                                              T1614.001

                                                                              System Time Discovery

                                                                              1
                                                                              T1124

                                                                              Lateral Movement

                                                                              Collection

                                                                              Command and Control

                                                                              Exfiltration

                                                                              Impact

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Config.Msi\e57d4e5.rbs
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                21e39d452ba374d2768dfe99f8399627

                                                                                SHA1

                                                                                3623b94f6e7bfc7daeedc8ef3e3a3662f15997a3

                                                                                SHA256

                                                                                f436fcd725173b34c6a18aa2325b5c1ccab70a9bacc5e653b96a7038eb58004b

                                                                                SHA512

                                                                                1d18c067cf15e8ed92ef2376359999f0701efebaf13edd26ce1a9de35e1b43dc1435bb1a3dddb2f8269331a82fa6069f6ff5fb7d5cd37608e4093677ae1bb029

                                                                                Download Submit

                                                                              • C:\Config.Msi\e57d4ea.rbs
                                                                                Filesize

                                                                                74KB

                                                                                MD5

                                                                                6f0702f78ef943d8afdf7a484fc45896

                                                                                SHA1

                                                                                efa6b5d35a2a2470ab70ff3cf17c427cff840367

                                                                                SHA256

                                                                                285dbd3195598468cd2288c3717b929c6b45c15996b71720af84d050bbe584e8

                                                                                SHA512

                                                                                d08adb15ef6000097810bff10968f94c5303812816bb64b8ce5e4f579b92f1ef48d570e77d03aabf120a53c9b95c3dc5966c8d6837d02fe0e8b2dacbe8fac62c

                                                                                Download Submit

                                                                              • C:\Config.Msi\e57d4ec.rbs
                                                                                Filesize

                                                                                464B

                                                                                MD5

                                                                                12e7d764889ec1361fb461663d9b2509

                                                                                SHA1

                                                                                2fad1fcd6c76219455d6887972b4973cc41583fe

                                                                                SHA256

                                                                                4b0f9c1f069eac7d18d6608c199ec4d50b214b6052f71a9ee2c2e20785fc6d24

                                                                                SHA512

                                                                                f8fa64251c390a6ca881e30738eb663ace1b482f0c1ca8670329725e0b91fd705d07ee29ead56dc0fef197f57124da91adc76e252e3cb3a76db5cc070190dd17

                                                                                Download Submit

                                                                              • C:\Config.Msi\e57d4f2.rbs
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                6527425ce71e42bdf2babd55f6ef2fde

                                                                                SHA1

                                                                                2a9a01a63bd196faf1dd916c37d6f8ed62d918e2

                                                                                SHA256

                                                                                3e3a08368af95ed5d01940ba10be84bd0bb3b1e1a0282ab6bfc2aace66301f6f

                                                                                SHA512

                                                                                4704983171af0af5c1735c31090d2ba6107418c06aa65bd53143159dafaa16b8bd0b1eb297be89cd40b98aecc20e308da50b0f9cb3e78e56628a01b7c64e4e5d

                                                                                Download Submit

                                                                              • C:\Config.Msi\e57d4fa.rbs
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                449566319bb24babd402fc47e7509510

                                                                                SHA1

                                                                                90453a97179b7dd76282db0bf3b284feac55c816

                                                                                SHA256

                                                                                cb91644cef474dd1a69c8dfade27768db5fb09edcb535e8335adab84e2e99644

                                                                                SHA512

                                                                                0bab9481d1458c815a4b3e353770e175360f11b118a9ffd437012ac80d947b53c4c8b81e25caf1a3e337916f9788c20471383541fe311bb6a32992bf4eecf149

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                3840b31c383fdf49bfd6740d945c9032

                                                                                SHA1

                                                                                a6f50164a69718bcef4664d7c47534f0d721866a

                                                                                SHA256

                                                                                1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

                                                                                SHA512

                                                                                f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                Filesize

                                                                                142KB

                                                                                MD5

                                                                                477293f80461713d51a98a24023d45e8

                                                                                SHA1

                                                                                e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                                SHA256

                                                                                a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                                SHA512

                                                                                23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                b3bb71f9bb4de4236c26578a8fae2dcd

                                                                                SHA1

                                                                                1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                                SHA256

                                                                                e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                                SHA512

                                                                                fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                                Filesize

                                                                                210KB

                                                                                MD5

                                                                                c106df1b5b43af3b937ace19d92b42f3

                                                                                SHA1

                                                                                7670fc4b6369e3fb705200050618acaa5213637f

                                                                                SHA256

                                                                                2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                                SHA512

                                                                                616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                                Filesize

                                                                                693KB

                                                                                MD5

                                                                                2c4d25b7fbd1adfd4471052fa482af72

                                                                                SHA1

                                                                                fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                                SHA256

                                                                                2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                                SHA512

                                                                                f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                                Filesize

                                                                                157KB

                                                                                MD5

                                                                                242d415e238789fbc57c5ac7e8ca5d02

                                                                                SHA1

                                                                                09c1e25e035be67c9fbfa23b336e26bfd2c76d04

                                                                                SHA256

                                                                                7f3ded5bf167553a5a09ca8a9d80a451eb71ccecc043bda1dd8080a2cbe35fa2

                                                                                SHA512

                                                                                ac55d401951ecf0112051db033cc9014e824ab6a5ed9ea129a8793408d9bf2446cb3c15711e59a8577e0f60d858a4639e99e38d6232315f0f39df2c40217ea40

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                                Filesize

                                                                                51KB

                                                                                MD5

                                                                                3180c705182447f4bcc7ce8e2820b25d

                                                                                SHA1

                                                                                ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                                SHA256

                                                                                5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                                SHA512

                                                                                228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                                Filesize

                                                                                12B

                                                                                MD5

                                                                                dc63026e80d2bb04f71e41916f807e33

                                                                                SHA1

                                                                                6cda386d2c365f94ea3de41e2390fd916622eb51

                                                                                SHA256

                                                                                3b54d00f00aa80384de88e4f4005e9d4d889a2ccf64b56e0c29d274352495c85

                                                                                SHA512

                                                                                61da550efd55187978872f5d8e88164a6181a11c8a720684eaa737e0846fe20b9e82b73e1f689a6585834b84c4cee8dd949af43e76fd0158f6cafa704ab25183

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                Filesize

                                                                                173KB

                                                                                MD5

                                                                                31def444e6135301ea3c38a985341837

                                                                                SHA1

                                                                                f135be75c721af2d5291cb463cbc22a32467084a

                                                                                SHA256

                                                                                36704967877e4117405bde5ec30beaf31e7492166714f3ffb2ceb262bf2fb571

                                                                                SHA512

                                                                                bd654388202cb5090c860a7229950b1184620746f4c584ab864eade831168bc7fae0b5e59b90165b1a9e4ba2bd154f235749718ae2df35d3dd10403092185ed1

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                                Filesize

                                                                                546B

                                                                                MD5

                                                                                158fb7d9323c6ce69d4fce11486a40a1

                                                                                SHA1

                                                                                29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                                                SHA256

                                                                                5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                                                SHA512

                                                                                7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                                Filesize

                                                                                94KB

                                                                                MD5

                                                                                9d8b5941ea5b905e8197a175ef2b15a9

                                                                                SHA1

                                                                                86a078e94b5578ec4125f50f78c8518a8ce1d086

                                                                                SHA256

                                                                                c6f05b647dbadc15ab97d31790fc8ace054986ec33e9178feead4235ad15cb0d

                                                                                SHA512

                                                                                fab5fe82873862ce8ed1a427482093cca307f6663e9f6497fdc244ce461312872d419ff274cdca0c496414c28681901f335c9911b95d2a7c112d30e32d74e498

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                                Filesize

                                                                                688KB

                                                                                MD5

                                                                                ba66874c510645c1fb5fe74f85b32e98

                                                                                SHA1

                                                                                e33c7e6991a25cc40d9e0dcc260b5a27f4a34e6c

                                                                                SHA256

                                                                                12d64550cb536a067d8afff42864836f6d41566e18f46d3ca92cb68726bdd4e9

                                                                                SHA512

                                                                                44e8caa916ab98da36af02b84ac944fbf0a65c80b0adbdc1a087f8ed3eff71c750fb6116f2c12034f9f9b429d6915db8f88511b79507cc4d063bab40c4eaa568

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                                Filesize

                                                                                27KB

                                                                                MD5

                                                                                797c9554ec56fd72ebb3f6f6bef67fb5

                                                                                SHA1

                                                                                40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                                SHA256

                                                                                7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                                SHA512

                                                                                4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                Filesize

                                                                                214KB

                                                                                MD5

                                                                                01807774f043028ec29982a62fa75941

                                                                                SHA1

                                                                                afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                                SHA256

                                                                                9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                                SHA512

                                                                                33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                                Filesize

                                                                                37KB

                                                                                MD5

                                                                                efb4712c8713cb05eb7fe7d87a83a55a

                                                                                SHA1

                                                                                c94d106bba77aecf88540807da89349b50ea5ae7

                                                                                SHA256

                                                                                30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                                SHA512

                                                                                3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                                Filesize

                                                                                3.4MB

                                                                                MD5

                                                                                e010d1f614b1a830482d3df4ba056f24

                                                                                SHA1

                                                                                5873e22b8c51a808c06a3bbf425fcf02b2a80328

                                                                                SHA256

                                                                                98a98dd1df25d31a01d47eaf4fa65d5f88bc0ad166f8f31d68f2994b4f739a9b

                                                                                SHA512

                                                                                727877929530e08062611868fd751d1b64e4c7d28c26b70f14c7cd942b1ae1579cba2a2ef038bad07032ef728ae277963ffb3e1ab7a5c28351326fabad84daa6

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                Filesize

                                                                                389KB

                                                                                MD5

                                                                                5e3252e0248b484e76fcdbf8b42a645d

                                                                                SHA1

                                                                                11ae92fd16ac87f6ab755911e85e263253c16516

                                                                                SHA256

                                                                                01f464fbb9b0bfd0e16d4ad6c5de80f7aad0f126e084d7f41fef36be6ec2fc8e

                                                                                SHA512

                                                                                540d6b3ca9c01e3e09673601514af701a41e7d024070de1257249c3c077ac53852bd04ab4ac928a38c9c84f423a6a3a89ab0676501a9edc28f95de83818fb699

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                Filesize

                                                                                48KB

                                                                                MD5

                                                                                a7e8feadb092e72947d847b62c457b7e

                                                                                SHA1

                                                                                9ff3b93cac650af7adf5ae55af60c14018edfd5b

                                                                                SHA256

                                                                                a3db49bd39da20d87e8bdce9e443e832e80bd16d39483d22656b90cce54bf44f

                                                                                SHA512

                                                                                3066662fe73efc8d70604183917bf00cf6beb7a7793bebc42586d36576d8e523bc0669603f486d6781a5749360075bb0a2bcdd082e00ed453e1719d47a6c595b

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                Filesize

                                                                                196KB

                                                                                MD5

                                                                                5f782d0cb0f717ae9dfd1b4da1295f15

                                                                                SHA1

                                                                                b33575e428e19940f0585c747e054ca70a12d454

                                                                                SHA256

                                                                                0f233bd5fe96cf5f7efea0fa0634f98c37a3a095f72acc79a3544590bf228b43

                                                                                SHA512

                                                                                e373be20e06f31f81a8c0368e8fbee0bd7e98095a6e1f85ecb8969a35caf32e22194e2448de9213bb86478f454e708363ea6ab990648422b57f057a0516959ed

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                Filesize

                                                                                55KB

                                                                                MD5

                                                                                a739b889642ca9ce4ad3a37a3c521604

                                                                                SHA1

                                                                                18bcf6fd14c5aece67ae795a3c505a0c1a9d5175

                                                                                SHA256

                                                                                44b96244b823052fb19509b1f9576488750c4edab61840af24b10c208b47fc92

                                                                                SHA512

                                                                                92243e80fd77b9c3f9231c750935b34d9adcdc76e1a45a445c47888a1e98faca1c26f617459db0c1af4860a5172401f03e64039888e6f84726d2457cc550bae0

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                f81c7b6df8d639d1b449a75d70229aec

                                                                                SHA1

                                                                                cc009b36c4e17685921b581af9aa4a3d3e29812a

                                                                                SHA256

                                                                                faccb405eecc560b7fbbf5cc61610161fcdc209c8e093460b7fe20939307c13b

                                                                                SHA512

                                                                                6baf3c2933a4a8b3c30cbabdb5fea73d131b93a5b5674bc6061a833c41b3b8790001b2fc123c96b642e90a86c9f2c7b73573a12cd6dc996161cbe19d826a0980

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                81051bcc2cf1bedf378224b0a93e2877

                                                                                SHA1

                                                                                ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                                                SHA256

                                                                                7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                                                SHA512

                                                                                1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                                Filesize

                                                                                54KB

                                                                                MD5

                                                                                77c613ffadf1f4b2f50d31eeec83af30

                                                                                SHA1

                                                                                76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                                                SHA256

                                                                                2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                                                SHA512

                                                                                29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                                Filesize

                                                                                334KB

                                                                                MD5

                                                                                b3e14504a48bed32c53ec7aab2cb2c8f

                                                                                SHA1

                                                                                0bc0d486a5ed1c4cdf2390229883ed3473926882

                                                                                SHA256

                                                                                adea6001759b5604f60bbaec8ce536a1e189adebc7394f9cff3921cae40c8c9b

                                                                                SHA512

                                                                                e5a5c09355eb9cb45dc872b59edbd54f62f15445ca6caaa3187e31e7928ef4453ae8405d9eee5d2aec4fa34965d3006dcf61c060b8691519a2312382612c683f

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                Filesize

                                                                                72KB

                                                                                MD5

                                                                                749c51599fbf82422791e0df1c1e841c

                                                                                SHA1

                                                                                bba9a471e9300bcd4ebe3359d3f73b53067b781d

                                                                                SHA256

                                                                                c176f54367f9de7272b24fd4173271fd00e26c2dbdbf944b42d7673a295a65e6

                                                                                SHA512

                                                                                f0a5059b326446a7bd8f4c5b1ba5858d1affdc48603f6ce36355daeaab4ed3d1e853359a2440c69c5dee3d47e84f7bf38d7adf8707c277cd056f6ebca5942cc5

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                Filesize

                                                                                50KB

                                                                                MD5

                                                                                c0f02eaa3eb28659d8f1bcba8de48479

                                                                                SHA1

                                                                                5be3c69e3f46daff4967484a09eb8c4a1f4a7f0f

                                                                                SHA256

                                                                                6befb51a6639cae7e25570f5259f7b1f2d9b9b6539177d64d2ed8be50dde6268

                                                                                SHA512

                                                                                47b536fa628608a58f6f382bbc99911eeff706becfaf4b1c5ff904ca768917f40c2e916ba5a31992df0335ba5a57755f047f70aafaac414fc655da0cd6f95e34

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                Filesize

                                                                                32KB

                                                                                MD5

                                                                                f531d3157e9ff57eea92db36c40e283e

                                                                                SHA1

                                                                                d0e49925476af438875fa9b1ccfb9077fa371ecc

                                                                                SHA256

                                                                                30aa4b3e85e20ada6fe045c7e93fee0d4642dcabd358a9987d7289c2c5582251

                                                                                SHA512

                                                                                27d247ab93ef313ce06ff5c1deca4b0819b688839c46808a6be709c205c81b93562181926a36a45a7da9570baea3b3152b6673a3bcce0b9326c7d3599a3d63c8

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                Filesize

                                                                                54KB

                                                                                MD5

                                                                                d11b2139d29e79d795054c3866898b7f

                                                                                SHA1

                                                                                020581c77ed4bc01c3f3912f304a46c12ca443e6

                                                                                SHA256

                                                                                11cdb5ec172389f93f80d8eff0b9e5d4a98cfeab6f2c0e0bc301a6895a747566

                                                                                SHA512

                                                                                de5def2efcba83a4b9301dd342391c306cf68d0bb64104839dfc329b343544fd40597a2b9867fd2a8739c63081d74157acfc9b59c0cb4878b2f5155f582a6f09

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                                Filesize

                                                                                588KB

                                                                                MD5

                                                                                17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                                SHA1

                                                                                bc0316e11c119806907c058d62513eb8ce32288c

                                                                                SHA256

                                                                                13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                                SHA512

                                                                                f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                                Filesize

                                                                                223B

                                                                                MD5

                                                                                4ccd329a41bae933f1035d18d8cb5c32

                                                                                SHA1

                                                                                6d52df7efc1cf57911fbcdaa60c796e6e9cd297e

                                                                                SHA256

                                                                                4b46b918621dba7d9a930edd3e20ab7d4cc5f20359fd26c829d75425bc499028

                                                                                SHA512

                                                                                c35a43b9aab828b2b8ddbef315f7228f7d3a29bf77c99ffa12fd1d7059e6b67abed83c821339f56e2d8a162cd584f87cd05a6581425ffca94e6ac8f6638fc280

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                1ef7574bc4d8b6034935d99ad884f15b

                                                                                SHA1

                                                                                110709ab33f893737f4b0567f9495ac60c37667c

                                                                                SHA256

                                                                                0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                                SHA512

                                                                                947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                f512536173e386121b3ebd22aac41a4e

                                                                                SHA1

                                                                                74ae133215345beaebb7a95f969f34a40dda922a

                                                                                SHA256

                                                                                a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                                SHA512

                                                                                1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                                Filesize

                                                                                76KB

                                                                                MD5

                                                                                b40fe65431b18a52e6452279b88954af

                                                                                SHA1

                                                                                c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                                SHA256

                                                                                800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                                SHA512

                                                                                e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                                Download Submit

                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                                Filesize

                                                                                80KB

                                                                                MD5

                                                                                3904d0698962e09da946046020cbcb17

                                                                                SHA1

                                                                                edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                                SHA256

                                                                                a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                                SHA512

                                                                                c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                Filesize

                                                                                287B

                                                                                MD5

                                                                                fcad4da5d24f95ebf38031673ddbcdb8

                                                                                SHA1

                                                                                3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                                                SHA256

                                                                                7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                                                SHA512

                                                                                1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                Filesize

                                                                                717B

                                                                                MD5

                                                                                ef0a07aec4367a64c16c581da2657aa9

                                                                                SHA1

                                                                                13011a5abcbadb3424fb6ecee560665556bb1d24

                                                                                SHA256

                                                                                f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                                                                                SHA512

                                                                                35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                                Filesize

                                                                                1.9MB

                                                                                MD5

                                                                                8de5a7a19d882820893d8b911c1710fb

                                                                                SHA1

                                                                                95cdf5855bc5e454c8944952697ab142f77124f7

                                                                                SHA256

                                                                                2bee5835a45e74f454648c57fef0d6fca40d64308f813cb759ccab1b2ab576a9

                                                                                SHA512

                                                                                3056784d9a1ae5a8a5dd92d7ed6ad1311e863e41a6ca5971aac5d626da1338da44d0828448aa9ab1f9edb88afbaaacd57660c4c102812bc94240654b8d5237a7

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                                Filesize

                                                                                1.1MB

                                                                                MD5

                                                                                9a9b1fd85b5f1dcd568a521399a0d057

                                                                                SHA1

                                                                                34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                                SHA256

                                                                                88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                                SHA512

                                                                                7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                                Filesize

                                                                                375KB

                                                                                MD5

                                                                                3c93b399b417b0d6a232d386e65a8b46

                                                                                SHA1

                                                                                bb26deae135f405229d6f76eb6faaeb9a3c45624

                                                                                SHA256

                                                                                29bc4577588116cbfea928b2587db3d0d26254163095e7fbbcde6e86fd0022d7

                                                                                SHA512

                                                                                a963f5cf2221436938f031b65079bea7c4bafbd48833a9e11cd9bdd1548d68ed968d9279299aa2adfc23311a6744d516cc50e6537aa45321e5653755ed56f149

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                                Filesize

                                                                                321KB

                                                                                MD5

                                                                                d3901e62166e9c42864fe3062cb4d8d5

                                                                                SHA1

                                                                                c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                                SHA256

                                                                                dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                                SHA512

                                                                                ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                                Filesize

                                                                                814KB

                                                                                MD5

                                                                                9b1f97a41bfb95f148868b49460d9d04

                                                                                SHA1

                                                                                768031d5e877e347a249dfdeab7c725df941324b

                                                                                SHA256

                                                                                09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                                SHA512

                                                                                9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                                Filesize

                                                                                1.2MB

                                                                                MD5

                                                                                e74d2a16da1ddb7f9c54f72b8a25897c

                                                                                SHA1

                                                                                32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                                SHA256

                                                                                a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                                SHA512

                                                                                52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                                                Filesize

                                                                                11B

                                                                                MD5

                                                                                5eda46a55c61b07029e7202f8cf1781c

                                                                                SHA1

                                                                                862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                                                SHA256

                                                                                12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                                                SHA512

                                                                                4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                                Filesize

                                                                                12B

                                                                                MD5

                                                                                5796d1f96bb31a9d07f4db8ae9f0ddb3

                                                                                SHA1

                                                                                93012724e6cc0a298838aede678806e6c0c6517d

                                                                                SHA256

                                                                                a90d255cce3b419641fa0b9ba74d4da464e0ce70638a9c2eba03d6b34fca1dc4

                                                                                SHA512

                                                                                890112ddcb3b92b739c0dd06721efa81926ce3aab04c55cdadb8c4e6b7a28c9796f08f508249db189547dc4755804aa80cc8b104dd65c813a0450aad2cdda21c

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                Filesize

                                                                                48KB

                                                                                MD5

                                                                                c143e4ad5e6ceade7b176a26c34914c0

                                                                                SHA1

                                                                                15721e786a88ed44b04c67682f00ba530a7abca7

                                                                                SHA256

                                                                                1d479a9a811a0d875ba28764b54c0031984371d8992d6385c37e78212dec0e90

                                                                                SHA512

                                                                                2b74dea8f101fa91cc231f01a9ca7a8d036d8f0f76cf03ac2745b0e50dff44e1e020719e219907f15bb763b7f197eba82ed29d56cf72b1a147a440d7caf85be8

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                Filesize

                                                                                48KB

                                                                                MD5

                                                                                a02ab508b10d72cde5a68d025f8052bc

                                                                                SHA1

                                                                                6ca0f1fe94524bb1c0462b20563f2854c9df6197

                                                                                SHA256

                                                                                aeeb64f59fe03d69e1ea6e32a8be609d36a93bed8c5d07e91552db03f1fc248e

                                                                                SHA512

                                                                                2827d0c36b7f7d6ab8ca31925344c5aa90903c442e91e26716b8a14cb87f5de7e40c1098fb54b42923cefdda2a2f1640ed734cc35e9caae7c943042e33dccfa2

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                                Filesize

                                                                                2.8MB

                                                                                MD5

                                                                                91453d3e1e2bc9586cf5495073fb3cf7

                                                                                SHA1

                                                                                09cfa9dc27545fb600dd7a60e44258c511eb43c4

                                                                                SHA256

                                                                                5d398c6ce0636eadd4b7f6920dbd6127388f698e9bc1a440cb7db3992acb6557

                                                                                SHA512

                                                                                462d59453ed01d8ddf54e06319aaefc0ab5ef70ed7b0a45ffd4d3f049692044acf0dee3599173e58a4c281bc69af63d8b64f9586a1b2f04991adfa6747f19bdc

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                                                Filesize

                                                                                2.9MB

                                                                                MD5

                                                                                384d6da5c34ff401b18f0af41e3a2643

                                                                                SHA1

                                                                                3ddfbcf79e55904df77df2125f2112cfe7703eec

                                                                                SHA256

                                                                                0699c4ccaa2f9e6768475f7fbd0dd93dab1a0a0dc8859e9ee8f8a48ad1075d7d

                                                                                SHA512

                                                                                5b63245bedfc7260b27254a33f621a8b626a36c13c8f8ad516f51013bd6751770d37afdc1ff8f7646d9f972081acd24776314405cc397762a4f58d6dca0a7f32

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                                Filesize

                                                                                1.1MB

                                                                                MD5

                                                                                6c6f85e896655a6eb726482f04c49086

                                                                                SHA1

                                                                                2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                                                SHA256

                                                                                e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                                                SHA512

                                                                                b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                                Filesize

                                                                                541B

                                                                                MD5

                                                                                d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                                SHA1

                                                                                e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                                SHA256

                                                                                7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                                SHA512

                                                                                a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                                Filesize

                                                                                12B

                                                                                MD5

                                                                                3d66ae5ed06891e8ce75a39a24070844

                                                                                SHA1

                                                                                368064119835d4376727a14706c41384446183e8

                                                                                SHA256

                                                                                73dba8242fdb4de1393b367a239f730aca6713e6658be69f1d8992ad26479176

                                                                                SHA512

                                                                                c0b61f92bb61a7bf90225d1ba5a1bea0fc077c2481a2149663b546296421855ab3147c3a1f5372ebc920731624bc8578595c18ca9d138691c720fdcb86d03f8a

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                                Filesize

                                                                                646KB

                                                                                MD5

                                                                                7895698867d1ad33934a8553b4806dc5

                                                                                SHA1

                                                                                32704df55deaff9bf0b4ee0b887541856578938b

                                                                                SHA256

                                                                                ef5854b5e800a534a08c083d4a3956dfc0a474ff540cae9bf0a9077a213b2ff9

                                                                                SHA512

                                                                                20337093ddc5322c4b96c7bf26f1a0b966fafde70a96f7e9b5e9d36acac7d862bd2a50cae9a63731b23904a9256c94cd3bb4e19768130580511ec4c408536a58

                                                                                Download Submit

                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                                Filesize

                                                                                3.1MB

                                                                                MD5

                                                                                85e1898362165fc1315d18abb73c1b37

                                                                                SHA1

                                                                                289a48ba5ee27c0134f75e243c55a90d32c11a05

                                                                                SHA256

                                                                                d0594b261e16394244c64289dac00367fdc853a1a8e542e0e814a57494c5228a

                                                                                SHA512

                                                                                49fdbef67c2a85b5d319c26e6e55456c94d294b836c946b9966c8746fb33de4ede62b93ba91ad657df4db24fdb3ee1de7395652ae1086c876b7d0b85000d594a

                                                                                Download Submit

                                                                              • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\eca230b57b1348b508d4950b933d67cc
                                                                                Filesize

                                                                                16KB

                                                                                MD5

                                                                                b2e89027a140a89b6e3eb4e504e93d96

                                                                                SHA1

                                                                                f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                                SHA256

                                                                                5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                                SHA512

                                                                                93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                                Download Submit

                                                                              • C:\ProgramData\chocolatey\config\chocolatey.config
                                                                                Filesize

                                                                                809B

                                                                                MD5

                                                                                8b6737800745d3b99886d013b3392ac3

                                                                                SHA1

                                                                                bb94da3f294922d9e8d31879f2d145586a182e19

                                                                                SHA256

                                                                                86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                                                SHA512

                                                                                654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                                                Download Submit

                                                                              • C:\ProgramData\chocolatey\config\chocolatey.config.1984.update
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                14ffcf07375b3952bd3f2fe52bb63c14

                                                                                SHA1

                                                                                ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                                                SHA256

                                                                                6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                                                SHA512

                                                                                14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                                                Download Submit

                                                                              • C:\ProgramData\chocolatey\config\chocolatey.config.1984.update
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                9d1528a2ce17522f6de064ae2c2b608e

                                                                                SHA1

                                                                                2f1ce8b589e57ab300bb93dde176689689f75114

                                                                                SHA256

                                                                                11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                                                SHA512

                                                                                a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                                                Download Submit

                                                                              • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                c342ddd5d6852cbec4c8feaafce6e45c

                                                                                SHA1

                                                                                af0c731ad4faa92a9371590b5a27e1322f864798

                                                                                SHA256

                                                                                216f999700f6ac56ffae1f24a4a7854e60fcd0135e01027c01c3f72b4ee592e1

                                                                                SHA512

                                                                                cb10822556fb2445c8c55778c5439638e3b97cf0853f4e331b62319ef04ff58d63552a903c6b9dd40dae34797f5640d8abec324fd236447bc8f0582316c657f2

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                Filesize

                                                                                471B

                                                                                MD5

                                                                                7795df33fc7dd3aa62e0bc052f9dfbad

                                                                                SHA1

                                                                                ea227ec994561b5bce01c5228f9c337286fbec9c

                                                                                SHA256

                                                                                6ad47d714f3dd55b2fe9072e829542851d2ecf60cb88254002c60449e8aca736

                                                                                SHA512

                                                                                de11027f0ca32119ebbb17976ecbe6582ab6af8caa7ce522d75c4185da722550f1f981064db9be6074eb1c6c096c933c2de7ee42b1f31b4fedc9982f87157f9d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                Filesize

                                                                                727B

                                                                                MD5

                                                                                29dd7378778c44788bac45d70ea7b440

                                                                                SHA1

                                                                                7a3c5e30c0c9a9be505b18fd2c24422d5e3dbe56

                                                                                SHA256

                                                                                69354ff510301b85c14cc1ecd0e5b3c98308b820cfbce483389a7b9a437f67d5

                                                                                SHA512

                                                                                9e67bee1ae05b0f2408210a6662926cc9da6ee2864820a4704adffae9dd78b80e79ee32e83f5a5e35bed9603e82795a38570d56cc93384b82dc6254940079fe7

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                Filesize

                                                                                727B

                                                                                MD5

                                                                                eb9a1d98cc4b6ac3d674a6621df5a758

                                                                                SHA1

                                                                                5e9bc182d48b8e86a61d8a3f4b5add9c88da6800

                                                                                SHA256

                                                                                20d856d68dba3e2246ebb62a5eaedcefda221accfa1b9362b33afad33b6e48c7

                                                                                SHA512

                                                                                1054d82e5e1b2f2c1416d31f01ff2c172aca8dcc31a622cdd959f918b78a474bd9b40a9b7316122a8262fac24d6236860e2eadd665030a61d56c5c0a153f81c7

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                Filesize

                                                                                400B

                                                                                MD5

                                                                                2859abc2b504f7e4a000175ba3c393f4

                                                                                SHA1

                                                                                e6e7c505f3c80f63d6db6e8b49891d40a989c68b

                                                                                SHA256

                                                                                02f98692a63264f34af50bea3dadecf01ed7fea136f8b1c17695beb999d20bc9

                                                                                SHA512

                                                                                b6b327a2df385137eb416e1d6fd78f140cc9924582da649f2f90007d9646f1a80056144178a4f2a7d6e0a97396540c51e87a4fbd8e3283624faaac16d912b8df

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                Filesize

                                                                                404B

                                                                                MD5

                                                                                04084ae9bbd6e7c0100f35a7b920fc4b

                                                                                SHA1

                                                                                01304863f66eefbcd0285d6bfbba7b9d3528508c

                                                                                SHA256

                                                                                1e22d9527b923407f983c9d9ce2900a38c84b80eaa75ad5c6a895fce1ad582b8

                                                                                SHA512

                                                                                bb3932f6a98b4b80a0c0709ac47a30a23c4abaea540e1efbbe05b70d363af5cb0d5ea06d9b03c19a000cbf3e64ccfdb0bd87cc1709ae5b066a4001c078562e6b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                Filesize

                                                                                412B

                                                                                MD5

                                                                                156b68d3c33bcb8d0bc4d32024be9375

                                                                                SHA1

                                                                                49331d62de1041f160d53616ed0b742e96872774

                                                                                SHA256

                                                                                63e6b86f5198b922baad68ac8a9fd4af3456b52d77e4221ba58cee4744c56704

                                                                                SHA512

                                                                                2d61ada99d05ca9c28ea3b565f03a587807e724a634598c1c62b4f6f8a3ed23a04addd64921455d3e44b43f4b3a7faee56d02f0de62c04a0c9902eb4acba251f

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                Filesize

                                                                                649B

                                                                                MD5

                                                                                fb9be25482985b0b9c14d4da379ce827

                                                                                SHA1

                                                                                1ac5f7ad8b1d85782350a81a36a83396af743152

                                                                                SHA256

                                                                                5442e1c079516f542dacc63a74884b1ed78bbc4497bd2389ef6b5c00e2aa9a87

                                                                                SHA512

                                                                                fc4711477bbab1f84d73383f7416a25a19af2b40daf9897caa4e8651b63de2e7bea13d61336a32998ea195f671ab2cb754dbccc1653e8d3d86c89aa3ea5ad67a

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
                                                                                Filesize

                                                                                76KB

                                                                                MD5

                                                                                8406855872c6d73a469b4cafe77616cc

                                                                                SHA1

                                                                                2b7584f4743c18bff4fc6180bb3f7a15889e15db

                                                                                SHA256

                                                                                0b10acb966a39d399969ff5b0ec0b5142d5108d152ddff71521e65ef8a8c7779

                                                                                SHA512

                                                                                562d3cb01cea11f3af6254ff4f14474575374e2db35fb43ca1430a1e18847cab660df5af8040268bc1dc979cef88e9e8a6b60478f1c19b9d32bb8b7b604ab144

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                158faaf45d86658ceef6e2a8c1a1be90

                                                                                SHA1

                                                                                79e1fa716b630fb01492d77826cefd6412e55091

                                                                                SHA256

                                                                                f9d26763390c10e42695d6a0f9f96faa002fe13739e8c09a124211a9378923e2

                                                                                SHA512

                                                                                63483f48ae5d693f6b18711ede1d0ecf9f2887b1ce6ee9fdff2939a9fededd6ace463898976c22edd1fc7c4606d44b147ff4b0bac31344bf5656c8c8befe52e7

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                6c5fd4dffe6129af57e196d5bbd2e58b

                                                                                SHA1

                                                                                0793060188a5de52a14e74fd57bd516ecb7ecb87

                                                                                SHA256

                                                                                b7cdf1053c39e58c79d87babc677cdfdd8111bba0dfe33d46cd981eeacbeec65

                                                                                SHA512

                                                                                e4f7e9cb28e9fcd87d0b0f465bd237a8d6a0588811156171a1bc5f759b49a61e24fac0fdf1cf84419caf08f7acc891968ed4685faa44d2b99bc91b48438dceb1

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                d751713988987e9331980363e24189ce

                                                                                SHA1

                                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                                SHA256

                                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                SHA512

                                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                519B

                                                                                MD5

                                                                                106471cb83b266a8a42d5b9c9cf5b47e

                                                                                SHA1

                                                                                7556979d06c53a4384e1c489f3b926149599dea8

                                                                                SHA256

                                                                                0ad475cdbcf229cbb11dd893ccc1f01dd7846d067453a4701cfcfce890d27ef9

                                                                                SHA512

                                                                                5efc29da4c96708f349be98908731277df5ac002a84a8c3c7358974213e84fb0fb761da935bcdc596fe3a9381669b44833a27a77bde63b2f44ba7cded4c5c0f5

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                b345c4c9ddf4b36eed9f474ba6b9904a

                                                                                SHA1

                                                                                9938cfea9fb8d30973b62ec9e6ad29c212f5f67a

                                                                                SHA256

                                                                                5d9ffb9df9bdbabf1ce62dde148ec5b2f91174299eaf153448661feb9e366345

                                                                                SHA512

                                                                                4caeb6d4eaf356496be4197c0c9db30dae520a07fb926220a8c1a335999544e64b7d1629e40b24af40afe99546fffdf94c8695b9f85d82110bec805e73cd3ab2

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                a594284765819116763cb3ae9e7fda11

                                                                                SHA1

                                                                                f591fa612a4c964023e51bce7ba6216ce096a4cb

                                                                                SHA256

                                                                                4bbc1fad0c340f4c77088635f27e201ac8cd4b7945e8433cd8fe1cc0ef5e9c0b

                                                                                SHA512

                                                                                80464fa3a260eb9740213fa6ff87be694fc903d64e38865b139d556ff5a0f53bf63039d325dc62a010bd904b326105328fdf259520b62395f8b5f6909da223e9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                df96e8bb7ea2f9964778395c83851030

                                                                                SHA1

                                                                                469dd7aa538fe96cb81eba66c439258367cda661

                                                                                SHA256

                                                                                16cd6df1a1aecdf4ef2e08ded08da901b77ac8100928eed5cd2c967fdafa3855

                                                                                SHA512

                                                                                ed1637a8c118b10189a9a28213da061e863150263402deff2dfde5736530bbdedf4516511c396308e3667728149c685f3f00169d049baae7b97f3f5350e58a5b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                c7ef3d2884fab1dd54af102728d65c96

                                                                                SHA1

                                                                                87ebdbbaf0557824c8f51c7b13379da036668b6c

                                                                                SHA256

                                                                                55efd9992a693927b0614e4acfd9798039b43dff92cced9aab72291f724b998d

                                                                                SHA512

                                                                                9040cdd70db48d4f62a9cc8b69927b9b567da51d0b967257b2fcbf950dce8ebb6eb127cd49fa29ce9bbedf1c34e38d2c0118a7e7943c93dad3fe0362aff43754

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                5ae798cc68311cf4947da6c2574f36fa

                                                                                SHA1

                                                                                32a87ac94832dedace1d6c03983b3c07f7e6502c

                                                                                SHA256

                                                                                8ec7b5fedc194dad153fb4295b0f5c5938923b2ad7b73d2e440db6d22bf51bd4

                                                                                SHA512

                                                                                c1853f693e1e3753ad7c9a8cbd0feada3646b39371ff39dfcaf86e8abb9a5d400b8f54ff9f968a674255a4ec16509660ecc189573e5b903347b4c97c14f4a554

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                b01ef3982cf8ef0a911317ab956c3fcf

                                                                                SHA1

                                                                                d7dec8b99cdc0b78a80f03cdacca8cb6dcbabd7b

                                                                                SHA256

                                                                                998569bb3c22b435647d1e4da9abc459058c2abc3e2e3edfd19faf585b9d8c89

                                                                                SHA512

                                                                                9e62dadee14ae5fc5bad7f55bb73e72ff5717c936d71b14f46bca300b84f1b991e13ade781e13eddd9b88286fe85cd621dab1e1394cbce1d8701a2fd9bce785a

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                6758d8f8c95630a2a17424b6a4100ae9

                                                                                SHA1

                                                                                b364fd52e99b70d29d3c753c0b21685344e11b2b

                                                                                SHA256

                                                                                6dacdf8c15c72e77158c2e45fe0f037547668d0000e142eb208ea9f14cba058e

                                                                                SHA512

                                                                                71c663672b17b185140085510cfc3301f743cfd897ba0a00960f8834a41284984cd709b5ef99992395ff3d6799ac3f7302610a4da54ed1b069a1fb5eb65562b9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                Filesize

                                                                                15KB

                                                                                MD5

                                                                                2414abc6752647b6475f108f18bb7af0

                                                                                SHA1

                                                                                94c03d39fc84f43dbb7c416a84b8110e99ada096

                                                                                SHA256

                                                                                1b77949635562bae8bd97b1a3a70351bae596a59b9b3e31c3e31e7dc69ed4a93

                                                                                SHA512

                                                                                f377a5300bf7b52a34b8edab040bb6d96e3e8426ed3bb4a3ee01680dbe99bd9c487f24e08cc88141b58d35e1be1c22720b6c91c65b69637005a074da954c5ac9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                118KB

                                                                                MD5

                                                                                1ed77458a1709cf7596e46ed01f3914c

                                                                                SHA1

                                                                                53c334bdae52755b61ddd5a4a245de00f53eee24

                                                                                SHA256

                                                                                bd94949e05a1f390bc91f83f86f3bea659eb22ec1ae25af9806a3dda457ff28d

                                                                                SHA512

                                                                                cfc1578726c4f3bee8a8936613487b5e9956dd0ddeea6f6939b4285b360100f56cef209ef7dc615419f4f9877a049e37f16e1192b24d6d560c9a835fad1a6f2f

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                Filesize

                                                                                234KB

                                                                                MD5

                                                                                cc7ce43e24984f69c4bbc7f3b2a125d3

                                                                                SHA1

                                                                                d237cda1fca8fd1c8959c794430bc2fe98b3849d

                                                                                SHA256

                                                                                8c12b2d188f88ff44311399ff99d818aa5a5a72d91ccc27079ab800cb3d2e32b

                                                                                SHA512

                                                                                be1167c780b3c6829d1b82e033f9d822762efdcc62933dc73b6f3e1b07290c1ad67b5fc4170cc057af3cb290ea6207e830fc83c792b5b1e5be88eff933a2cb6e

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                                Filesize

                                                                                651B

                                                                                MD5

                                                                                2720e84a1017ee0e44ea1c9611490d96

                                                                                SHA1

                                                                                a12c1eb5e5dbf8fc4db7738c9d9f4adfeac1dfa7

                                                                                SHA256

                                                                                ee892f37d0e68c8377e91786efdf33442336162213592fdc815bbc64933abfef

                                                                                SHA512

                                                                                f6de7e567e300b77ae6b77a3a20f3dd3c374c946ee2aace0de2393a1350452107e9f9e5ff0bbbd58932f2d3f7eeb4d8e6d2eb704c67b79eb0311bf451e73542e

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSI4A31.tmp
                                                                                Filesize

                                                                                4.5MB

                                                                                MD5

                                                                                2207f96731ce2f9d9327c0baaf4959ef

                                                                                SHA1

                                                                                f56ea992c59ad669ec8ee5d6a827adc472159cc0

                                                                                SHA256

                                                                                e4ceddd5c37c90f8fc7787663a9bed31518fba82413e80b21230425e380c42db

                                                                                SHA512

                                                                                7e4bd781f879b593f722277839175aa895c863b2015d691c85c8eec4fe635d233cd94d2b0dce46cd058f08a005caa73888809df414983ff2a4c938770ef71fd4

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSIA0E2.tmp-\System.Management.dll
                                                                                Filesize

                                                                                60KB

                                                                                MD5

                                                                                878e361c41c05c0519bfc72c7d6e141c

                                                                                SHA1

                                                                                432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                                SHA256

                                                                                24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                                SHA512

                                                                                59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSID590.tmp
                                                                                Filesize

                                                                                509KB

                                                                                MD5

                                                                                88d29734f37bdcffd202eafcdd082f9d

                                                                                SHA1

                                                                                823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                                SHA256

                                                                                87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                                SHA512

                                                                                1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSID590.tmp-\AlphaControlAgentInstallation.dll
                                                                                Filesize

                                                                                25KB

                                                                                MD5

                                                                                aa1b9c5c685173fad2dabebeb3171f01

                                                                                SHA1

                                                                                ed756b1760e563ce888276ff248c734b7dd851fb

                                                                                SHA256

                                                                                e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                                SHA512

                                                                                d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSID590.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                                Filesize

                                                                                179KB

                                                                                MD5

                                                                                1a5caea6734fdd07caa514c3f3fb75da

                                                                                SHA1

                                                                                f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                                SHA256

                                                                                cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                                SHA512

                                                                                a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSID979.tmp-\CustomAction.config
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                bc17e956cde8dd5425f2b2a68ed919f8

                                                                                SHA1

                                                                                5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                                SHA256

                                                                                e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                                SHA512

                                                                                02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSID979.tmp-\Newtonsoft.Json.dll
                                                                                Filesize

                                                                                695KB

                                                                                MD5

                                                                                715a1fbee4665e99e859eda667fe8034

                                                                                SHA1

                                                                                e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                                SHA256

                                                                                c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                                SHA512

                                                                                bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                                Download Submit

                                                                              • C:\Windows\Installer\MSIE18A.tmp
                                                                                Filesize

                                                                                211KB

                                                                                MD5

                                                                                a3ae5d86ecf38db9427359ea37a5f646

                                                                                SHA1

                                                                                eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                                SHA256

                                                                                c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                                SHA512

                                                                                96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                                Download Submit

                                                                              • C:\Windows\Installer\e57d4e4.msi
                                                                                Filesize

                                                                                2.9MB

                                                                                MD5

                                                                                61b54e1bd417282f38e537804fd1d1db

                                                                                SHA1

                                                                                e74d97884bc23404c5860e5f58b5d57242c9c4bc

                                                                                SHA256

                                                                                fc706bcf6b6c9c787c723bd168c74ca7ebc228962f78b6f57225b7a45c2dc5e7

                                                                                SHA512

                                                                                6d6118c470549949a32885a749e38085f619ae64d68b473ec9bcb13007d25606df78ef67072bad46606fc90fe5c89488b52df64c6401656fac4f432e51b4217b

                                                                                Download Submit

                                                                              • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-13-00-07.dat
                                                                                Filesize

                                                                                602B

                                                                                MD5

                                                                                9683126247d5e97b160bec02864462a3

                                                                                SHA1

                                                                                65682ede41e9f5e7826bf31097a7602428143d66

                                                                                SHA256

                                                                                88b99fa027c7353127c1909b60ae1a5a9436cea327dc7e5b5d3eb60cb7bb00c3

                                                                                SHA512

                                                                                477850a7b29fed56a5878d76c9cffcb5f4b52fbc352f1a1cb5ddc3bbe60569e557cf57dfe6c8dd2a607c4f8c02103584f1c7a0315e80bb828ca0bcbb3bba9edd

                                                                                Download Submit

                                                                              • C:\Windows\Temp\InstallUtil.log
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                c23435f1b7884be58f743d92b6251a0c

                                                                                SHA1

                                                                                649d15a806613811feca2533786ebaf4eb67fb21

                                                                                SHA256

                                                                                00a117de5919dea4f45e149fc91c30628fb0ef5d92128f4df2db9ee4eb8081f6

                                                                                SHA512

                                                                                e53d893a1a0eefe8e916ca976ad838b0a59762eac0bb04bb034639ece973dd93af4867d6a7bd5ea4a9f6c75c0e53c598f851895401ab9768d3fcb50cbce2d503

                                                                                Download Submit

                                                                              • C:\Windows\Temp\InstallUtil.log
                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                43535667118e76e22f9281e1b66ec7aa

                                                                                SHA1

                                                                                bbcf1126f09e1df95f82ccfe5b3498afb0e9a53f

                                                                                SHA256

                                                                                de327278e1da3d8ed2c3554216d9591a534caf2fcd5bab111fe4d0edaeb75255

                                                                                SHA512

                                                                                67254e051c929f622df6cfcccd7ffc06eed5338252810f7bc5c5ea07e03447f30462cae15f3e473b7c6966f9e21e5508c1133328b7612d4e96e82fbf40d462c6

                                                                                Download Submit

                                                                              • C:\Windows\Temp\unpack.log
                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                2a02f6ca6efe247fd6ede1ce88973dc1

                                                                                SHA1

                                                                                1cd9f5e6fe42314469d6b77410299f4b9215d596

                                                                                SHA256

                                                                                78297c5b414a4d16daec60b93095331c284d745c1dd1c8fd11ffbb577a704789

                                                                                SHA512

                                                                                811fca04d8a2f4be7da0e4c69ae18020a8b849b2b37cca1a4130b416067f3e013fe8d40f8217e4d49fadcf5645ae35c4851336876dd2feaa41382f79f135d565

                                                                                Download Submit

                                                                              • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                Filesize

                                                                                3.2MB

                                                                                MD5

                                                                                a7ce785b6cd1c9657040ca9b6cbeed10

                                                                                SHA1

                                                                                4b254fee47cc8a9eaec6ce7b714a2ce05b6ed8ec

                                                                                SHA256

                                                                                7ba6e401b8e78ab28e1ccf38d2cd05e12751f960661e159b4e35bc63d3544b4d

                                                                                SHA512

                                                                                39202f477017daa9428a0c1bbe1daae30aa1b7b9f57b04832c44a7b28af0144ff47edfc1ad3d6a940ad1c49471dfe190077b594c337bacc115c552d91a24c2d9

                                                                                Download Submit

                                                                              • C:\Windows\Temp\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\IsConfig.ini
                                                                                Filesize

                                                                                571B

                                                                                MD5

                                                                                38370175ce7d8dd5c3581030a9104259

                                                                                SHA1

                                                                                bbc1b4254c3e3da692c2667b4c5092d687ad8dc9

                                                                                SHA256

                                                                                ee90ca3f30aa75fe1c3b095ddd2b24680bd3b081829094c18d9c78ebed206b83

                                                                                SHA512

                                                                                e11494869b04a2206d3dda67411be294106f6363408399d9363b27720c6fe88fd393ae90fc2ab7cd4909e940e98f273c8869532b65a1f0b0f4b8b18a24589748

                                                                                Download Submit

                                                                              • C:\Windows\Temp\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\String1033.txt
                                                                                Filesize

                                                                                182KB

                                                                                MD5

                                                                                37a2c4ef0ff41955f1cb884b7790699f

                                                                                SHA1

                                                                                8e7dad0bc6ae65dfaec9fc29d0ef6e260dd83e9d

                                                                                SHA256

                                                                                6b629fdf1520ba40bb0d7bc8d9a7bb231624fd190e03bcacc607f248222b3c63

                                                                                SHA512

                                                                                fb3a109395872e6f116a75b39566f4b9efe0486512620deb33ef83ac0ac3165d96dbefbe3023ece1d3d0d6be7c8eb8abb58da90f01f225e1ed2d4add2b544d42

                                                                                Download Submit

                                                                              • C:\Windows\Temp\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\_is39B9.exe
                                                                                Filesize

                                                                                179KB

                                                                                MD5

                                                                                7a1c100df8065815dc34c05abc0c13de

                                                                                SHA1

                                                                                3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                                SHA256

                                                                                e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                                SHA512

                                                                                bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                                Download Submit

                                                                              • C:\Windows\Temp\{02EFEBA5-F0CB-4727-9C1E-47951729B521}\setup.inx
                                                                                Filesize

                                                                                345KB

                                                                                MD5

                                                                                0376dd5b7e37985ea50e693dc212094c

                                                                                SHA1

                                                                                02859394164c33924907b85ab0aaddc628c31bf1

                                                                                SHA256

                                                                                c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                                SHA512

                                                                                69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                                Download Submit

                                                                              • C:\Windows\Temp\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\ISRT.dll
                                                                                Filesize

                                                                                427KB

                                                                                MD5

                                                                                85315ad538fa5af8162f1cd2fce1c99d

                                                                                SHA1

                                                                                31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                                SHA256

                                                                                70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                                SHA512

                                                                                877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                                Download Submit

                                                                              • C:\Windows\Temp\{A9CB6307-B513-4FED-8799-B1242B51FA1C}\_isres_0x0409.dll
                                                                                Filesize

                                                                                1.8MB

                                                                                MD5

                                                                                befe2ef369d12f83c72c5f2f7069dd87

                                                                                SHA1

                                                                                b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                                SHA256

                                                                                9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                                SHA512

                                                                                760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                                Download Submit

                                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                Filesize

                                                                                404B

                                                                                MD5

                                                                                be64904c2d2b6c9b012a540ac5a276b8

                                                                                SHA1

                                                                                44f8d94c7c7631446c2f69d9318c1681f67df311

                                                                                SHA256

                                                                                4f63e09eed448d601d13e9cd37b1026ff79eead6380c55a0fd7619b99fce7d16

                                                                                SHA512

                                                                                4a32b2a214171c8925985c9f25a4d79bcc8522f42cec285e31882debaa895729c1be117fe2103eb1ae05cf5abea10a063ae2fcc54a65baffb6910fc86e98fb31

                                                                                Download Submit

                                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                Filesize

                                                                                412B

                                                                                MD5

                                                                                5e9f6c48ca229fc5fc9df512559a7edf

                                                                                SHA1

                                                                                924063c7027c2e41078757372afd40cf9c1e902f

                                                                                SHA256

                                                                                3a759c101dd4903a0441701d63df5aece43f54e23a722d5fae10092f606f3ea6

                                                                                SHA512

                                                                                570c455e6192f46fe7878accbdfc7b6e74fb6565618aee5fc311713aad6a19dcc3feb71c38684722d7174afdc54e43968b03c61ea079e5b22d2490aea74914bf

                                                                                Download Submit

                                                                              • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                350028df2f64c6cca062c42152291435

                                                                                SHA1

                                                                                4a674f284841fe23633b1f257fb455e6001dc937

                                                                                SHA256

                                                                                c2497d84250e21a49f03e977bbcb2657707c5281326aee5dae26d1bb44f7bc91

                                                                                SHA512

                                                                                01eb5ef0bce73b0171c075b926087a590c66d5a1605e282f490cce43b8ba82d3c56b83a5ea4786e7ef6cce9beb7fa269bc93f1240225aa6e1aa060728f3f713a

                                                                                Download Submit

                                                                              • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                                Filesize

                                                                                23.9MB

                                                                                MD5

                                                                                67c58a861bdcfac8a7823d871b556e32

                                                                                SHA1

                                                                                c5d9611c825b88db96d9cfb82a86d5e7abbb9cec

                                                                                SHA256

                                                                                722dbc82501051cfbc632c1c28a1473b01dc31cfc68758baa89ba397fc0d1f3e

                                                                                SHA512

                                                                                4a69e554a49a361cb013dda5241cb8c20fa6120f792d2724983f6999325681da4c1c85b186edc600d8926e0845b2b2b35e9a4c897b8a301718c85d42f66ca261

                                                                                Download Submit

                                                                              • \??\Volume{94cd437f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{9a704fc8-e742-40eb-b449-005d1c9434b3}_OnDiskSnapshotProp
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                d97a6b3420581a1389f9e5fbade89722

                                                                                SHA1

                                                                                47620db827b557beda278ca1998a6029d605dc8a

                                                                                SHA256

                                                                                00c985fcc1c7efad67149fb61605c266a3e39d535fb0351ba785e842e650449c

                                                                                SHA512

                                                                                03fef6b96b8911a6fa82e83a0c37ae30c6b94dc37bb42c8fe17fcbbc7d70cff05854ea61eeabdae42bd98cb9551b405d6ff45d8dbfd1a56c73cc3ec295b96e95

                                                                                Download Submit

                                                                              • memory/228-2489-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/228-1796-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/228-3279-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/228-2490-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/228-3278-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/228-1135-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/228-1136-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/1112-2491-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/1112-2300-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/1112-2299-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/1112-1138-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/1112-2492-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/1112-1139-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/1592-2454-0x000002BE0C260000-0x000002BE0C282000-memory.dmp

                                                                                Filesize

                                                                                136KB

                                                                                Download

                                                                              • memory/1756-257-0x0000018B4FC60000-0x0000018B4FC7C000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/1756-255-0x0000018B68970000-0x0000018B68A20000-memory.dmp

                                                                                Filesize

                                                                                704KB

                                                                                Download

                                                                              • memory/1756-252-0x0000018B4F7A0000-0x0000018B4F7D0000-memory.dmp

                                                                                Filesize

                                                                                192KB

                                                                                Download

                                                                              • memory/1780-124-0x0000020EDD710000-0x0000020EDD738000-memory.dmp

                                                                                Filesize

                                                                                160KB

                                                                                Download

                                                                              • memory/1780-136-0x0000020EDF4D0000-0x0000020EDF568000-memory.dmp

                                                                                Filesize

                                                                                608KB

                                                                                Download

                                                                              • memory/1780-141-0x0000020EDDB90000-0x0000020EDDBCC000-memory.dmp

                                                                                Filesize

                                                                                240KB

                                                                                Download

                                                                              • memory/1780-140-0x0000020EDDB00000-0x0000020EDDB12000-memory.dmp

                                                                                Filesize

                                                                                72KB

                                                                                Download

                                                                              • memory/2552-468-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2552-471-0x0000000002FE0000-0x00000000031A7000-memory.dmp

                                                                                Filesize

                                                                                1.8MB

                                                                                Download

                                                                              • memory/2552-890-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2552-1029-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2552-959-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2552-893-0x0000000003020000-0x00000000031E7000-memory.dmp

                                                                                Filesize

                                                                                1.8MB

                                                                                Download

                                                                              • memory/2552-502-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2552-1066-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2560-1351-0x000001BDDE5A0000-0x000001BDDE5B2000-memory.dmp

                                                                                Filesize

                                                                                72KB

                                                                                Download

                                                                              • memory/2560-1786-0x000001BDDEFC0000-0x000001BDDF014000-memory.dmp

                                                                                Filesize

                                                                                336KB

                                                                                Download

                                                                              • memory/2560-1352-0x000001BDDEA50000-0x000001BDDEA6C000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/2560-1479-0x000001BDF77D0000-0x000001BDF7882000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/2924-217-0x000001827C330000-0x000001827C368000-memory.dmp

                                                                                Filesize

                                                                                224KB

                                                                                Download

                                                                              • memory/2924-177-0x000001827BC30000-0x000001827BC52000-memory.dmp

                                                                                Filesize

                                                                                136KB

                                                                                Download

                                                                              • memory/2924-176-0x000001827BE30000-0x000001827BEE2000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/2936-1807-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2936-1119-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/2936-2266-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2936-2267-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/2936-1808-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/2936-1118-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2936-1249-0x00000000725F0000-0x000000007270C000-memory.dmp

                                                                                Filesize

                                                                                1.1MB

                                                                                Download

                                                                              • memory/2936-1250-0x0000000072020000-0x00000000723ED000-memory.dmp

                                                                                Filesize

                                                                                3.8MB

                                                                                Download

                                                                              • memory/2968-327-0x000001F59E5C0000-0x000001F59E60A000-memory.dmp

                                                                                Filesize

                                                                                296KB

                                                                                Download

                                                                              • memory/2968-342-0x000001F5B70B0000-0x000001F5B70DA000-memory.dmp

                                                                                Filesize

                                                                                168KB

                                                                                Download

                                                                              • memory/2968-341-0x000001F5B72E0000-0x000001F5B7348000-memory.dmp

                                                                                Filesize

                                                                                416KB

                                                                                Download

                                                                              • memory/2968-329-0x000001F59E6C0000-0x000001F59E70C000-memory.dmp

                                                                                Filesize

                                                                                304KB

                                                                                Download

                                                                              • memory/2968-343-0x000001F5B7390000-0x000001F5B73CA000-memory.dmp

                                                                                Filesize

                                                                                232KB

                                                                                Download

                                                                              • memory/2968-344-0x000001F5B7080000-0x000001F5B70A6000-memory.dmp

                                                                                Filesize

                                                                                152KB

                                                                                Download

                                                                              • memory/2968-340-0x000001F5B7070000-0x000001F5B7078000-memory.dmp

                                                                                Filesize

                                                                                32KB

                                                                                Download

                                                                              • memory/2968-326-0x000001F59DD00000-0x000001F59DD64000-memory.dmp

                                                                                Filesize

                                                                                400KB

                                                                                Download

                                                                              • memory/2968-337-0x000001F5B7220000-0x000001F5B72D2000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/2968-332-0x000001F59E610000-0x000001F59E61A000-memory.dmp

                                                                                Filesize

                                                                                40KB

                                                                                Download

                                                                              • memory/2968-339-0x000001F5B7060000-0x000001F5B7068000-memory.dmp

                                                                                Filesize

                                                                                32KB

                                                                                Download

                                                                              • memory/2968-333-0x000001F5B7140000-0x000001F5B721C000-memory.dmp

                                                                                Filesize

                                                                                880KB

                                                                                Download

                                                                              • memory/2968-330-0x000001F5B6F10000-0x000001F5B6F58000-memory.dmp

                                                                                Filesize

                                                                                288KB

                                                                                Download

                                                                              • memory/2968-338-0x000001F59E720000-0x000001F59E728000-memory.dmp

                                                                                Filesize

                                                                                32KB

                                                                                Download

                                                                              • memory/2968-331-0x000001F59E5B0000-0x000001F59E5B8000-memory.dmp

                                                                                Filesize

                                                                                32KB

                                                                                Download

                                                                              • memory/2968-328-0x000001F59E590000-0x000001F59E5AC000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/3144-39-0x00000000037E0000-0x000000000380E000-memory.dmp

                                                                                Filesize

                                                                                184KB

                                                                                Download

                                                                              • memory/3144-43-0x0000000003830000-0x000000000383C000-memory.dmp

                                                                                Filesize

                                                                                48KB

                                                                                Download

                                                                              • memory/3752-286-0x00000181A8BA0000-0x00000181A8BBC000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/3752-284-0x00000181A8350000-0x00000181A8366000-memory.dmp

                                                                                Filesize

                                                                                88KB

                                                                                Download

                                                                              • memory/3752-285-0x00000181C14C0000-0x00000181C1572000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/4536-80-0x0000000005C10000-0x0000000005F67000-memory.dmp

                                                                                Filesize

                                                                                3.3MB

                                                                                Download

                                                                              • memory/4536-76-0x0000000005B50000-0x0000000005C02000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/4536-79-0x0000000005A20000-0x0000000005A42000-memory.dmp

                                                                                Filesize

                                                                                136KB

                                                                                Download

                                                                              • memory/5776-2519-0x000001FED6D00000-0x000001FED6D30000-memory.dmp

                                                                                Filesize

                                                                                192KB

                                                                                Download

                                                                              • memory/5968-1762-0x00000204885B0000-0x00000204885CC000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/5968-1761-0x00000204A0DB0000-0x00000204A0E62000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/5968-1767-0x00000204A0D00000-0x00000204A0D48000-memory.dmp

                                                                                Filesize

                                                                                288KB

                                                                                Download

                                                                              • memory/5968-1741-0x0000020487BB0000-0x0000020487BEA000-memory.dmp

                                                                                Filesize

                                                                                232KB

                                                                                Download

                                                                              • memory/6048-1745-0x00000225903E0000-0x00000225903FA000-memory.dmp

                                                                                Filesize

                                                                                104KB

                                                                                Download

                                                                              • memory/6048-1788-0x00000225A93E0000-0x00000225A9908000-memory.dmp

                                                                                Filesize

                                                                                5.2MB

                                                                                Download

                                                                              • memory/6048-1739-0x000002258FBA0000-0x000002258FBAA000-memory.dmp

                                                                                Filesize

                                                                                40KB

                                                                                Download

                                                                              • memory/6048-1749-0x00000225A8DF0000-0x00000225A8EA2000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/6372-1744-0x00000271EF4D0000-0x00000271EF4E0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/6372-1794-0x00000271F1940000-0x00000271F1F9C000-memory.dmp

                                                                                Filesize

                                                                                6.4MB

                                                                                Download

                                                                              • memory/6372-1748-0x00000271F0650000-0x00000271F0702000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/6372-1746-0x00000271EFCF0000-0x00000271EFD00000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/6372-1750-0x00000271EFD20000-0x00000271EFD40000-memory.dmp

                                                                                Filesize

                                                                                128KB

                                                                                Download

                                                                              • memory/6720-1757-0x000002392B440000-0x000002392B450000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/6720-1759-0x000002392B7F0000-0x000002392B80C000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/6720-1793-0x000002392B810000-0x000002392B818000-memory.dmp

                                                                                Filesize

                                                                                32KB

                                                                                Download

                                                                              • memory/6720-1779-0x0000023944820000-0x00000239448FC000-memory.dmp

                                                                                Filesize

                                                                                880KB

                                                                                Download

                                                                              • memory/6720-1787-0x0000023944900000-0x00000239449B2000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/6720-1758-0x000002392B830000-0x000002392B87A000-memory.dmp

                                                                                Filesize

                                                                                296KB

                                                                                Download

                                                                              • memory/6912-1770-0x000001C946080000-0x000001C94609C000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/6912-1778-0x000001C95E9B0000-0x000001C95E9FA000-memory.dmp

                                                                                Filesize

                                                                                296KB

                                                                                Download

                                                                              • memory/6912-1755-0x000001C945820000-0x000001C945854000-memory.dmp

                                                                                Filesize

                                                                                208KB

                                                                                Download

                                                                              • memory/6912-1756-0x000001C9460B0000-0x000001C9460FA000-memory.dmp

                                                                                Filesize

                                                                                296KB

                                                                                Download

                                                                              • memory/6912-1775-0x000001C9460A0000-0x000001C9460AA000-memory.dmp

                                                                                Filesize

                                                                                40KB

                                                                                Download

                                                                              • memory/6912-1774-0x000001C946260000-0x000001C946278000-memory.dmp

                                                                                Filesize

                                                                                96KB

                                                                                Download

                                                                              • memory/6912-1790-0x000001C95ED60000-0x000001C95EE3C000-memory.dmp

                                                                                Filesize

                                                                                880KB

                                                                                Download

                                                                              • memory/6912-1789-0x000001C95EBC0000-0x000001C95EC72000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/6988-1785-0x0000028DC75B0000-0x0000028DC75C4000-memory.dmp

                                                                                Filesize

                                                                                80KB

                                                                                Download

                                                                              • memory/6988-1783-0x0000028DC8190000-0x0000028DC81F6000-memory.dmp

                                                                                Filesize

                                                                                408KB

                                                                                Download

                                                                              • memory/6988-1769-0x0000028DAED70000-0x0000028DAED90000-memory.dmp

                                                                                Filesize

                                                                                128KB

                                                                                Download

                                                                              • memory/6988-1782-0x0000028DC7650000-0x0000028DC7702000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/6988-1765-0x0000028DAE540000-0x0000028DAE550000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/7048-1772-0x000002886BED0000-0x000002886BEDC000-memory.dmp

                                                                                Filesize

                                                                                48KB

                                                                                Download

                                                                              • memory/7048-1773-0x000002886C790000-0x000002886C7DA000-memory.dmp

                                                                                Filesize

                                                                                296KB

                                                                                Download

                                                                              • memory/7048-1780-0x000002886C360000-0x000002886C37C000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/7064-1795-0x000002426BF80000-0x000002426C05C000-memory.dmp

                                                                                Filesize

                                                                                880KB

                                                                                Download

                                                                              • memory/7064-1781-0x000002426AE70000-0x000002426AE8C000-memory.dmp

                                                                                Filesize

                                                                                112KB

                                                                                Download

                                                                              • memory/7064-1776-0x000002426B470000-0x000002426B4BA000-memory.dmp

                                                                                Filesize

                                                                                296KB

                                                                                Download

                                                                              • memory/7064-1768-0x000002426AAA0000-0x000002426AAB2000-memory.dmp

                                                                                Filesize

                                                                                72KB

                                                                                Download

                                                                              • memory/7064-1792-0x000002426BDE0000-0x000002426BE92000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/7100-1766-0x00000206A4A00000-0x00000206A4A0C000-memory.dmp

                                                                                Filesize

                                                                                48KB

                                                                                Download

                                                                              • memory/7100-1784-0x00000206A5280000-0x00000206A52A0000-memory.dmp

                                                                                Filesize

                                                                                128KB

                                                                                Download

                                                                              • memory/7100-1777-0x00000206BDB70000-0x00000206BDC22000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                                Download

                                                                              • memory/7100-1771-0x00000206A5260000-0x00000206A5278000-memory.dmp

                                                                                Filesize

                                                                                96KB

                                                                                Download