Overview

overview

10

Static

static

1

f065892060...72.msi

windows7-x64

10

f065892060...72.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-11-2024 04:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72.msi

  • Size

    2.6MB

  • MD5

    055047fe65e1d28dd3bb2e53a9bbcf31

  • SHA1

    126af029786aae23fb19e4ab3b71d50a04880393

  • SHA256

    f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72

  • SHA512

    94da78ac9c85e16e628872ba1d318db1733bb917711836df73b30b5d9825d6f04db5418c094220a20886ecd892e5721238ab47e1ca7b7674c163fa35a91c0ddf

  • SSDEEP

    49152:sBRNlatz55q6jzoz//stPEqQpTIQW8MQ6M97ouRUbFFOV47S9gonUI:MRNlap55qAczWgW9MxcFFOV42+

Score
10/10
ateraagentbootkitdiscoverypersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Blocklisted process makes network request 5 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 50 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 4 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 12 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3588
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:3204
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 3483C3D5F656BB9D4A45664BCA404420
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:884
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSID2A2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240636875 2 AlphaControlAgentInstallationDialog!AlphaControlAgentInstallationDialog.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3492
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="4" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId=""
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:2468
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding F8E99043558A65AB49C5DCC00C24B70E E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1708
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7B87CB7A-A85B-424F-9CAE-22DD721DA5BA}
          3⤵
          • Executes dropped EXE
          PID:884
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFC7CD01-75DB-4D9A-9EB7-7A2698988F71}
          3⤵
          • Executes dropped EXE
          PID:2580
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E5B79420-ACF1-4DEB-847E-29FA943E9F79}
          3⤵
          • Executes dropped EXE
          PID:1728
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B55F964-BF57-41FA-94BB-F28237CF9047}
          3⤵
          • Executes dropped EXE
          PID:3732
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8DEC0FD-7FAA-4049-BAB6-A2DF742BE045}
          3⤵
          • Executes dropped EXE
          PID:3604
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{052EE1ED-7876-42A5-A71A-8885B9820409}
          3⤵
          • Executes dropped EXE
          PID:4804
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A7E29073-885B-4762-9765-3CFF9398B8F7}
          3⤵
          • Executes dropped EXE
          PID:64
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21F18E3D-BD33-4A43-9940-08CD7E8F1344}
          3⤵
          • Executes dropped EXE
          PID:2796
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B5FA279-00BB-4C91-90DF-527862DA1BD3}
          3⤵
          • Executes dropped EXE
          PID:3436
        • C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe
          C:\Windows\TEMP\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_is36AB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B2FFA5BB-99DE-4B15-AA39-37D22445F1B3}
          3⤵
          • Executes dropped EXE
          PID:884
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2472
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3240
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:452
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1648
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2888
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3436
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3276
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3732
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5008
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2972
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2796
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1112
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4848
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4332
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1144
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2368
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4900
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAudioChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3436
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2828
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRVirtualDisplay.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:924
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{52678A4E-BB95-4754-ADA0-A7BF21E7354A}
          3⤵
          • Executes dropped EXE
          PID:1852
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C8762E0-C462-4B8A-AB85-C63AB63FF710}
          3⤵
          • Executes dropped EXE
          PID:4952
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DF9793C9-C2F2-434A-8C3B-B2A17FD0375E}
          3⤵
          • Executes dropped EXE
          PID:3092
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{96461BDD-91DE-4ACC-9E77-5394DE88070A}
          3⤵
          • Executes dropped EXE
          PID:1788
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AC10B78D-B4DF-47E0-ADF8-29BACF0ADBA8}
          3⤵
          • Executes dropped EXE
          PID:1396
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{19EA7F42-691E-4F35-AB99-233F628D077C}
          3⤵
          • Executes dropped EXE
          PID:3964
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{15104D43-3A12-433E-9D15-797AE86D832C}
          3⤵
          • Executes dropped EXE
          PID:64
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37ED130A-D274-49EF-9940-E3B1F78990B4}
          3⤵
          • Executes dropped EXE
          PID:5052
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{84D75858-C7F2-4702-9D10-6321D8F2160D}
          3⤵
          • Executes dropped EXE
          PID:2160
        • C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
          C:\Windows\TEMP\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B63DE8D-6425-4625-81E7-DAA0BB240B53}
          3⤵
          • Executes dropped EXE
          PID:2368
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D87AFC2-BAA0-46DA-B416-3139489EF45B}
          3⤵
          • Executes dropped EXE
          PID:1960
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B596230-D397-4487-97F4-F1DB6AB424E2}
          3⤵
          • Executes dropped EXE
          PID:5000
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B036653C-575D-4BC1-8D40-72BFD82E53FF}
          3⤵
          • Executes dropped EXE
          PID:1368
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0970ADAA-B68D-4F7C-BFD7-6BA031442098}
          3⤵
          • Executes dropped EXE
          PID:3464
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{58198920-DB49-40E9-B719-2CD36A8954A9}
          3⤵
          • Executes dropped EXE
          PID:3436
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{03CBF35D-4E76-4431-8B8E-B4500B58B0C2}
          3⤵
          • Executes dropped EXE
          PID:4804
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{97C4EBE1-3432-4A35-BF03-4337B9D27BBF}
          3⤵
          • Executes dropped EXE
          PID:2160
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8FA49CF1-A37C-4305-8B85-EDCC341315B8}
          3⤵
          • Executes dropped EXE
          PID:2820
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3419E855-2A5B-4712-B13E-0CC334CE6806}
          3⤵
          • Executes dropped EXE
          PID:2276
        • C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe
          C:\Windows\TEMP\{400CB26A-8931-478C-9BB1-C2B3585ABF12}\_is4BFA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FECDEE70-5694-46E9-8E9B-7DF330F1C9B3}
          3⤵
          • Executes dropped EXE
          PID:2144
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3436
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2504
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:3880
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:1112
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:404
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:1008
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55E897FC-93D6-4B17-A1FA-1D4A0E69E845}
              3⤵
              • Executes dropped EXE
              PID:3408
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CAAA4B72-1ED2-441A-9449-92ACB9C52398}
              3⤵
              • Executes dropped EXE
              PID:4008
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{23D1BAE7-142E-4DDD-BB19-CBF13A60D97F}
              3⤵
              • Executes dropped EXE
              PID:1944
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1208A9FF-89E9-430B-955E-C1E17A9AFE39}
              3⤵
              • Executes dropped EXE
              PID:3732
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{532B2811-FA9C-475F-BFC5-E8D13BF50910}
              3⤵
              • Executes dropped EXE
              PID:1000
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E2BE2930-CEBB-41C8-9000-6D9B5585D473}
              3⤵
              • Executes dropped EXE
              PID:4984
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C6CB6467-282C-45A4-AC75-9C33BED650E2}
              3⤵
              • Executes dropped EXE
              PID:3468
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AEC4A06C-AD41-4553-94EF-AF5015B1B499}
              3⤵
              • Executes dropped EXE
              PID:4124
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DBAE418B-9C9E-4732-BB2E-4D1130A8DE0D}
              3⤵
              • Executes dropped EXE
              PID:4628
            • C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe
              C:\Windows\TEMP\{28D4546C-37B2-4DFC-A31A-B712A4C64070}\_is5D71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9E0DC85A-4CC5-46D0-BBE8-BA1F2D741CBD}
              3⤵
              • Executes dropped EXE
              PID:3964
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              PID:2008
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8345C22C-3B55-4587-9353-497053716FCB}
              3⤵
              • Executes dropped EXE
              PID:4792
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{97CEE39A-113D-49A0-A518-9F1493C3E381}
              3⤵
              • Executes dropped EXE
              PID:1000
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{19A64135-20A8-449B-85C7-11A44A5EC878}
              3⤵
              • Executes dropped EXE
              PID:3240
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{56A12C73-3D03-4A17-8688-DFDC0B0215FA}
              3⤵
              • Executes dropped EXE
              PID:3324
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{61C8C50A-B842-4CAB-AAB9-726FCD403021}
              3⤵
              • Executes dropped EXE
              PID:5108
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2664594C-A069-4C1E-9C6C-5611897DCE55}
              3⤵
              • Executes dropped EXE
              PID:1492
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BEDF6BCC-23FB-4C9A-9404-1B26DD01D4DE}
              3⤵
              • Executes dropped EXE
              PID:3732
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3E4694EF-16BB-474E-9056-E98532AE5481}
              3⤵
              • Executes dropped EXE
              PID:4260
            • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
              C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E4D4ABF2-EF3A-4E9B-8D2D-6C417AC06957}
              3⤵
                PID:1000
              • C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe
                C:\Windows\TEMP\{026D7CA2-08FB-48CB-B0B2-E713F3D75E98}\_is6198.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76E466C6-3FBA-4974-BBEB-48D3DFB9EBE2}
                3⤵
                  PID:3240
                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:5108
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding B3D44151FA2949CAA8DE708E9AE93BF7 E Global\MSI0000
                2⤵
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                PID:5648
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSIA09D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240689359 438 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                  3⤵
                  • Drops file in System32 directory
                  • Drops file in Windows directory
                  • Loads dropped DLL
                  • System Location Discovery: System Language Discovery
                  PID:5612
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSIA14A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240689468 442 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • Loads dropped DLL
                  • System Location Discovery: System Language Discovery
                  PID:6076
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSIA487.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240690328 447 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                  3⤵
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:2392
                • C:\Windows\syswow64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:2316
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:3276
                • C:\Windows\syswow64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:2360
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSIC67E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240698984 475 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:2244
              • C:\Windows\system32\NET.exe
                NET STOP AteraAgent
                2⤵
                  PID:5652
                  • C:\Windows\system32\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    3⤵
                      PID:5304
                  • C:\Windows\system32\taskkill.exe
                    taskkill /f /im AteraAgent.exe
                    2⤵
                    • Kills process with taskkill
                    PID:5892
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                    2⤵
                    • Drops file in System32 directory
                    PID:5720
                  • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="a46b6382-ebe5-40a0-8f3d-cbff3ceb70fb"
                    2⤵
                    • Modifies data under HKEY_USERS
                    PID:5804
                • C:\Windows\system32\vssvc.exe
                  C:\Windows\system32\vssvc.exe
                  1⤵
                  • Checks SCSI registry key(s)
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1192
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                  1⤵
                  • Drops file in System32 directory
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Modifies system certificate store
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:3052
                  • C:\Windows\System32\sc.exe
                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                    2⤵
                    • Launches sc.exe
                    PID:4504
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "d6b7947c-827c-40f9-a7a9-43888097a7b8" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"
                    2⤵
                    • Executes dropped EXE
                    PID:4488
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "a9219749-0290-4031-b16a-1879dbe0180a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification"
                    2⤵
                    • Executes dropped EXE
                    PID:1468
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "0e12df56-4c18-4122-9e4d-0306d0b9bca8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui"
                    2⤵
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Suspicious use of WriteProcessMemory
                    PID:5012
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                      • Suspicious use of WriteProcessMemory
                      PID:4800
                      • C:\Windows\system32\cscript.exe
                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        4⤵
                        • Modifies data under HKEY_USERS
                        PID:64
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "7ba3b211-b272-433b-b6c1-b17ba2a1da8d" agent-api.atera.com/Production 443 or8ixLi90Mf "identified"
                    2⤵
                    • Executes dropped EXE
                    PID:1568
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "bbcd647c-8b16-4ec2-abaa-3201e333e309" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0="
                    2⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:1208
                    • C:\Windows\TEMP\SplashtopStreamer.exe
                      "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:2392
                      • C:\Windows\Temp\unpack\PreVerCheck.exe
                        "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                        4⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of WriteProcessMemory
                        PID:2060
                        • C:\Windows\SysWOW64\msiexec.exe
                          msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:2680
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "14bf9a05-abe5-4634-b986-fbdec11578c0" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile"
                    2⤵
                    • Drops file in System32 directory
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:4452
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                  1⤵
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Suspicious use of WriteProcessMemory
                  PID:3492
                  • C:\Windows\System32\sc.exe
                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                    2⤵
                    • Launches sc.exe
                    PID:1328
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "fba1a132-73c2-4ea8-90ae-bad49f21e142" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo"
                    2⤵
                      PID:3384
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        3⤵
                          PID:3604
                          • C:\Windows\system32\cscript.exe
                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                            4⤵
                            • Modifies data under HKEY_USERS
                            PID:3512
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "62e38417-5f36-4537-b1d7-b44f7dc93acc" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded"
                        2⤵
                          PID:3276
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=994e29ba451308ac29e15dcd95d47236&rmm_session_pwd_ttl=86400"
                            3⤵
                            • Loads dropped DLL
                            • System Location Discovery: System Language Discovery
                            PID:3436
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "ee8a5d59-cac4-4a69-9aca-598c6c9b2c90" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates"
                          2⤵
                          • Drops file in System32 directory
                          PID:4524
                          • C:\Windows\SYSTEM32\msiexec.exe
                            "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                            3⤵
                            • Modifies data under HKEY_USERS
                            PID:5244
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "619c0aee-bb49-4282-9996-cc0f2e5e8d08" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain"
                          2⤵
                          • Drops file in System32 directory
                          • Modifies data under HKEY_USERS
                          • Modifies registry class
                          PID:1116
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "b4bf481b-8392-42b8-b9d5-3c58046bfe0c" agent-api.atera.com/Production 443 or8ixLi90Mf "probe"
                          2⤵
                          • Drops file in System32 directory
                          PID:5356
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "c2c511d6-5219-47e6-a6bf-995245c539e0" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll"
                          2⤵
                          • Drops file in System32 directory
                          PID:5516
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "ab333302-629b-4f24-a9c0-8eaf5fc78460" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:5640
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "6d6c6ada-81ab-4a52-acd3-e81556dff995" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat"
                          2⤵
                          • Drops file in System32 directory
                          PID:5920
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "6fa7a8a6-d7e2-4350-9039-833043794c81" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ=="
                          2⤵
                          • Drops file in System32 directory
                          PID:4432
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "6c5ed128-7156-41a9-a128-729bab4093d4" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:2124
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "6b01ba43-11be-4a46-b5a8-c70d9c37c97b" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision"
                          2⤵
                            PID:6020
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "22397304-feb0-4b2e-badd-f07600125a2b" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjM1IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU4OTc4Y2ViLTVkZTMtNDllMi1iNTcxLTk3MjgyNWIwOGYwYS9mMWJkOWIxYmI1YjI1YjhjOWNlZTQwZWQ5YTNkODAyMy9kb3RuZXQtcnVudGltZS02LjAuMzUtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yNjkyMDY2NC1kNzU0LTRmNzYtOWM5OS1lNjkxMTYzNDhlODIvYTQwMzE1MzcxY2M2MDdjOWYxODQ3OGM5M2YyYTY3NmEvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2EyMjNjNDViLTQ3NzctNDA1Ni1hZWEyLTY1M2M1NzZkODExNS9iZjhhZjYzYzZlNjI1YmU0YWZhODVlYzA5M2U4MWU2NS9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNGY2NTYyMS1iMzZiLTQ2YTktODM4MC1kNWI2NjBiZWYyN2UvMDE4NWZkNzIwNTVkY2RjYTg2MTY2Yjk5YWRkNzE2ODYvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MGZiNWRjLWY0ODgtNDAwZS04NWNhLTg0M2ExMzY0MGY1Ni80ODNkMjQ2MzhjYzJiZWRhZGRhYjQzNzM0YWEyZTQ0Ny9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlVlSmJHR0dWb2NwZmdpckU2eDVNN29MQzhBS2NOSjk4SDNFcmJ0L0taS0dPdWxpQ1Flc1x1MDAyQmx6Wno5XHUwMDJCcnQwdXJMZ2FEeng0cmtXZm0veWg5UWI1RFRKUT09IiwiTWFjWDY0Q2hlY2tzdW0iOiJaZFZQVmRFSG40ZXFkdlNPUksxRUpXcjdnOUt5b0RZSXp6czQzOUxKeHYvZkFRdG5iTjk3OE8yTm1pNGtRSFNkdlJJazEvNFx1MDAyQjlycTZPMEx2Q2FnL1d3PT0iLCJXaW5BUk1DaGVja3N1bSI6IldlTGhodXU3Vi96NEs2WGVubDBINDVWWDExb0ZhdHdvV1BNa2pEQ2dobmhrTm5US2tqZjc0eUFcdTAwMkJcdTAwMkJ0Ri9VU1ZDZXE2T2dRbHI2V1Y1dU1rRWwxUVdqUT09IiwiV2luWDY0Q2hlY2tzdW0iOiJEREtSSlRFanp6XHUwMDJCSWUxMldTM2Y0aHVKQlNpeXR4TkRwQlI2SXpFeHpkM2ZBb0toNVV5MkEwbTlKOFU0ZVh5VmJxeEhjZzB3M25hWW1FZFNFeEwzMEZnPT0iLCJXaW5YODZDaGVja3N1bSI6IjdtSUF5bG9IeWxIVFVJakhud3NXeVVOXHUwMDJCVWU0alk3eXBrZVx1MDAyQnEyM2xNbEdzR0hpVUc1b21scW1LOVEvYVViODhLXHUwMDJCTnBGMWNaUVpXQjVJb3ZtTzVucWN3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9"
                            2⤵
                            • Drops file in System32 directory
                            PID:6140
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:2688
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5912
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "a71faf3d-e6e5-4401-a3db-de5512a00eca" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ=="
                            2⤵
                              PID:5396
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "c65a008d-5b6e-45b0-a6ed-0202c6bde8fb" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor"
                              2⤵
                              • Writes to the Master Boot Record (MBR)
                              • Loads dropped DLL
                              • Modifies data under HKEY_USERS
                              PID:5164
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                            1⤵
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4628
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                              2⤵
                              • Drops file in System32 directory
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Modifies data under HKEY_USERS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4836
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                -h
                                3⤵
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SetWindowsHookEx
                                PID:1000
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                3⤵
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3632
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                  4⤵
                                    PID:1852
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of SetWindowsHookEx
                                  PID:692
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                  3⤵
                                  • Loads dropped DLL
                                  • System Location Discovery: System Language Discovery
                                  PID:2888
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                    SRUtility.exe -r
                                    4⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:4668
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                  3⤵
                                  • Drops file in Program Files directory
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5672
                                  • C:\Windows\System32\cmd.exe
                                    "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                    4⤵
                                      PID:4776
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c ver
                                        5⤵
                                          PID:1620
                                        • C:\Windows\system32\sc.exe
                                          sc query ddmgr
                                          5⤵
                                          • Launches sc.exe
                                          PID:4476
                                        • C:\Windows\system32\sc.exe
                                          sc query lci_proxykmd
                                          5⤵
                                          • Launches sc.exe
                                          PID:3436
                                        • C:\Windows\system32\rundll32.exe
                                          rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                          5⤵
                                          • Drops file in System32 directory
                                          • Drops file in Windows directory
                                          • Checks SCSI registry key(s)
                                          • Modifies data under HKEY_USERS
                                          PID:5676
                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                  1⤵
                                  • Drops file in Program Files directory
                                  • Modifies data under HKEY_USERS
                                  PID:6020
                                  • C:\Windows\System32\sc.exe
                                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                    2⤵
                                    • Launches sc.exe
                                    PID:5960
                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "f19df92f-b51e-4af4-85d7-80975cf3cbb6" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 0013z00002pMd9hAAC
                                    2⤵
                                      PID:1620
                                      • C:\Windows\System32\cmd.exe
                                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                        3⤵
                                          PID:5556
                                          • C:\Windows\system32\cscript.exe
                                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                            4⤵
                                            • Modifies data under HKEY_USERS
                                            PID:5376
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "536e799f-1239-4ac4-8521-fd3b2d6bc1de" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 0013z00002pMd9hAAC
                                        2⤵
                                        • Modifies data under HKEY_USERS
                                        PID:4476
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "cb5ea4e5-578c-4bda-a524-dc1837557904" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 0013z00002pMd9hAAC
                                        2⤵
                                          PID:1520
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "79190123-b8bd-43dc-8fc1-48fe4d169581" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 0013z00002pMd9hAAC
                                          2⤵
                                            PID:4260
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "0cafdb11-1150-4881-a45f-2bfce0fd4527" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 0013z00002pMd9hAAC
                                            2⤵
                                              PID:5204
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "76aad743-24ce-4a1a-b867-d044b9a9777c" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 0013z00002pMd9hAAC
                                              2⤵
                                              • Drops file in Program Files directory
                                              PID:4252
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "20e6ba99-f683-4b8f-938a-4d599733df54" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 0013z00002pMd9hAAC
                                              2⤵
                                                PID:2660
                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=994e29ba451308ac29e15dcd95d47236&rmm_session_pwd_ttl=86400"
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:5108
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "18e6e2b8-c6f4-428a-add4-84effd00010a" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjM1IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU4OTc4Y2ViLTVkZTMtNDllMi1iNTcxLTk3MjgyNWIwOGYwYS9mMWJkOWIxYmI1YjI1YjhjOWNlZTQwZWQ5YTNkODAyMy9kb3RuZXQtcnVudGltZS02LjAuMzUtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yNjkyMDY2NC1kNzU0LTRmNzYtOWM5OS1lNjkxMTYzNDhlODIvYTQwMzE1MzcxY2M2MDdjOWYxODQ3OGM5M2YyYTY3NmEvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2EyMjNjNDViLTQ3NzctNDA1Ni1hZWEyLTY1M2M1NzZkODExNS9iZjhhZjYzYzZlNjI1YmU0YWZhODVlYzA5M2U4MWU2NS9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNGY2NTYyMS1iMzZiLTQ2YTktODM4MC1kNWI2NjBiZWYyN2UvMDE4NWZkNzIwNTVkY2RjYTg2MTY2Yjk5YWRkNzE2ODYvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MGZiNWRjLWY0ODgtNDAwZS04NWNhLTg0M2ExMzY0MGY1Ni80ODNkMjQ2MzhjYzJiZWRhZGRhYjQzNzM0YWEyZTQ0Ny9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlVlSmJHR0dWb2NwZmdpckU2eDVNN29MQzhBS2NOSjk4SDNFcmJ0L0taS0dPdWxpQ1Flc1x1MDAyQmx6Wno5XHUwMDJCcnQwdXJMZ2FEeng0cmtXZm0veWg5UWI1RFRKUT09IiwiTWFjWDY0Q2hlY2tzdW0iOiJaZFZQVmRFSG40ZXFkdlNPUksxRUpXcjdnOUt5b0RZSXp6czQzOUxKeHYvZkFRdG5iTjk3OE8yTm1pNGtRSFNkdlJJazEvNFx1MDAyQjlycTZPMEx2Q2FnL1d3PT0iLCJXaW5BUk1DaGVja3N1bSI6IldlTGhodXU3Vi96NEs2WGVubDBINDVWWDExb0ZhdHdvV1BNa2pEQ2dobmhrTm5US2tqZjc0eUFcdTAwMkJcdTAwMkJ0Ri9VU1ZDZXE2T2dRbHI2V1Y1dU1rRWwxUVdqUT09IiwiV2luWDY0Q2hlY2tzdW0iOiJEREtSSlRFanp6XHUwMDJCSWUxMldTM2Y0aHVKQlNpeXR4TkRwQlI2SXpFeHpkM2ZBb0toNVV5MkEwbTlKOFU0ZVh5VmJxeEhjZzB3M25hWW1FZFNFeEwzMEZnPT0iLCJXaW5YODZDaGVja3N1bSI6IjdtSUF5bG9IeWxIVFVJakhud3NXeVVOXHUwMDJCVWU0alk3eXBrZVx1MDAyQnEyM2xNbEdzR0hpVUc1b21scW1LOVEvYVViODhLXHUwMDJCTnBGMWNaUVpXQjVJb3ZtTzVucWN3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 0013z00002pMd9hAAC
                                                2⤵
                                                  PID:5552
                                                  • C:\Windows\SYSTEM32\cmd.exe
                                                    "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                    3⤵
                                                    • System Time Discovery
                                                    PID:6032
                                                    • C:\Program Files\dotnet\dotnet.exe
                                                      dotnet --list-runtimes
                                                      4⤵
                                                      • System Time Discovery
                                                      PID:5232
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "8b391d5d-4606-4b53-81a2-be5be2c5cc80" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 0013z00002pMd9hAAC
                                                  2⤵
                                                    PID:3984
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "6885a46f-1361-4ad6-9352-d87e3c885278" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 0013z00002pMd9hAAC
                                                    2⤵
                                                      PID:5924
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "4e551987-adc5-41d8-a919-4710e380bd35" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 0013z00002pMd9hAAC
                                                      2⤵
                                                      • Modifies registry class
                                                      PID:5476
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "acd2e139-60a8-41a4-801f-50c11fbeb45c" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 0013z00002pMd9hAAC
                                                      2⤵
                                                      • Writes to the Master Boot Record (MBR)
                                                      PID:3964
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "31ad5b5c-fdad-4866-8fb7-621a5edcd71a" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 0013z00002pMd9hAAC
                                                      2⤵
                                                        PID:1536
                                                        • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                          "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "816d3183-49cd-4dfd-9cb5-71d486ff0c2c" "31ad5b5c-fdad-4866-8fb7-621a5edcd71a" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "0013z00002pMd9hAAC"
                                                          3⤵
                                                            PID:5892
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "536e799f-1239-4ac4-8521-fd3b2d6bc1de" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 0013z00002pMd9hAAC
                                                          2⤵
                                                            PID:4792
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 816d3183-49cd-4dfd-9cb5-71d486ff0c2c "472f6174-e733-4ac8-90bb-3a414a60fedb" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 0013z00002pMd9hAAC
                                                            2⤵
                                                              PID:5628
                                                          • C:\Windows\system32\svchost.exe
                                                            C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                            1⤵
                                                            • Checks SCSI registry key(s)
                                                            PID:1472
                                                            • C:\Windows\system32\DrvInst.exe
                                                              DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000148" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                              2⤵
                                                              • Drops file in System32 directory
                                                              • Drops file in Windows directory
                                                              • Checks SCSI registry key(s)
                                                              • Modifies data under HKEY_USERS
                                                              PID:4752
                                                            • C:\Windows\system32\DrvInst.exe
                                                              DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000154" "WinSta0\Default" "000000000000015C" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                              2⤵
                                                              • Drops file in System32 directory
                                                              • Drops file in Windows directory
                                                              • Checks SCSI registry key(s)
                                                              • Modifies data under HKEY_USERS
                                                              PID:5964
                                                            • C:\Windows\system32\DrvInst.exe
                                                              DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000154"
                                                              2⤵
                                                              • Drops file in Drivers directory
                                                              • Drops file in System32 directory
                                                              • Drops file in Windows directory
                                                              • Checks SCSI registry key(s)
                                                              PID:5164
                                                            • C:\Windows\system32\DrvInst.exe
                                                              DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                              2⤵
                                                              • Drops file in Drivers directory
                                                              • Checks SCSI registry key(s)
                                                              PID:2244

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Reconnaissance

                                                          Resource Development

                                                          Initial Access

                                                          Execution

                                                          Persistence

                                                          Event Triggered Execution

                                                          2
                                                          T1546

                                                          Component Object Model Hijacking

                                                          1
                                                          T1546.015

                                                          Installer Packages

                                                          1
                                                          T1546.016

                                                          Pre-OS Boot

                                                          1
                                                          T1542

                                                          Bootkit

                                                          1
                                                          T1542.003

                                                          Privilege Escalation

                                                          Event Triggered Execution

                                                          2
                                                          T1546

                                                          Component Object Model Hijacking

                                                          1
                                                          T1546.015

                                                          Installer Packages

                                                          1
                                                          T1546.016

                                                          Defense Evasion

                                                          Modify Registry

                                                          1
                                                          T1112

                                                          Pre-OS Boot

                                                          1
                                                          T1542

                                                          Bootkit

                                                          1
                                                          T1542.003

                                                          Subvert Trust Controls

                                                          1
                                                          T1553

                                                          Install Root Certificate

                                                          1
                                                          T1553.004

                                                          System Binary Proxy Execution

                                                          1
                                                          T1218

                                                          Msiexec

                                                          1
                                                          T1218.007

                                                          Credential Access

                                                          Discovery

                                                          Peripheral Device Discovery

                                                          2
                                                          T1120

                                                          Query Registry

                                                          4
                                                          T1012

                                                          System Information Discovery

                                                          3
                                                          T1082

                                                          System Location Discovery

                                                          1
                                                          T1614

                                                          System Language Discovery

                                                          1
                                                          T1614.001

                                                          System Time Discovery

                                                          1
                                                          T1124

                                                          Lateral Movement

                                                          Collection

                                                          Command and Control

                                                          Exfiltration

                                                          Impact

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Config.Msi\e57d1b8.rbs
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            4225c7cad09264f95eea329fb8b4dbf2

                                                            SHA1

                                                            ffeef5e969bad15b11365b762aa6bc0b7ae75514

                                                            SHA256

                                                            1be4996cfac389f8a976a6612fe82b08adde52b2063360266083e1b1615552a6

                                                            SHA512

                                                            397f554f8c09fdd0663a0dc74a7e0b04681bdfcb770c94c29644ff39de30395a34d6f5a06c0e1b315d28c4257280d086ca77b58e1da060a7074e132a48c4c7ca

                                                            Download Submit

                                                          • C:\Config.Msi\e57d1bd.rbs
                                                            Filesize

                                                            74KB

                                                            MD5

                                                            3eeb04359c046a793978ec2c717d1ca1

                                                            SHA1

                                                            93531eae1e47b98048e093ed7894e0d3e8f29c29

                                                            SHA256

                                                            d7daaa2215fb8efe8646d065f5637324b99ff91f3757d1c88af004e2ebbc9ac3

                                                            SHA512

                                                            82c9865fca69a83c56ec28c29afea18eec72393dc1880b5472dff9a503a80a337ec2ce0ddaf7be7a684d261188546d9ed91233529d56b4c61b24079bda44357e

                                                            Download Submit

                                                          • C:\Config.Msi\e57d1bf.rbs
                                                            Filesize

                                                            464B

                                                            MD5

                                                            7088c8570887719e9788998864d09b2d

                                                            SHA1

                                                            e4ade09342bc40828d51822d3de14152d8420a4a

                                                            SHA256

                                                            ac2aaba5ea08d885f710a67657244b33c3aac5ed36843f4ba5d6289805e55b57

                                                            SHA512

                                                            47e609c880ff14c67d17f9081a5dae43d57bc70bb398905287752f4f6c789bb0944f701e6c3490378c6bbe5fe62130623c9f156434b0f9900eb4da11d8237605

                                                            Download Submit

                                                          • C:\Config.Msi\e57d1c5.rbs
                                                            Filesize

                                                            9KB

                                                            MD5

                                                            2bbe762c795b92e2dd2c985420cb282b

                                                            SHA1

                                                            3a3d863216e93948d2101f7a621a604dd6612549

                                                            SHA256

                                                            5bb075347044fa33caa4277b1840cce4fc8a86e1de3a77f5756ed5ba76d6b761

                                                            SHA512

                                                            7d284cf138b19477121cd16458919a43c0a7659e01d120bb8abd6cf8218a384b55c90d5db8b00b38d50d7e912286e0dc45d202f6388295bc5580a9ea2db9a096

                                                            Download Submit

                                                          • C:\Config.Msi\e57d1cd.rbs
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            0607c0e2ddc7c10bc2d20224dc2799a2

                                                            SHA1

                                                            13b384ae8cd635ca0bd3118feb10e2221ea328d5

                                                            SHA256

                                                            1d9600aad89e02e309b4d5b6534083588b6db13c877eea6f7a45dd0a3abdbd07

                                                            SHA512

                                                            ecf735967b1ebed029f3e0248f096b6df3788da18cd53c34c8a97698929cf9bbea718b428224fb508a9c93de1b095d42f92788d6cb1a10a0d9fd8be9d0e93068

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            337079222a6f6c6edf58f3f981ff20ae

                                                            SHA1

                                                            1f705fc0faa84c69e1fe936b34783b301323e255

                                                            SHA256

                                                            ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                            SHA512

                                                            ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                            Filesize

                                                            305B

                                                            MD5

                                                            27c1adfa459a0d4c1a3ee1e4e92f8e0e

                                                            SHA1

                                                            e21b1152b78827c8e59d84c541c190c099297632

                                                            SHA256

                                                            8e88d3edb3da0f6dfe4dc7716ab64256fab189429a6690b129d6789f7eeca49b

                                                            SHA512

                                                            f8f66043ad65be01a11e130ccedd14a1e638950bb95999e650f62362c05e81d413d330e87cc5fdade02776fc742ebf96331a3752ab80eda9931041089563ae36

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                            Filesize

                                                            138KB

                                                            MD5

                                                            8dd350bb44e45c0b89d0c2cea8e1fd9f

                                                            SHA1

                                                            298ccacd3f218f8d98709a43df09acc82178cbf2

                                                            SHA256

                                                            127fde9b3c238f66232d0f0db1d3ff62d2c46d16f50aa92073d26977f36f463a

                                                            SHA512

                                                            ec8c638a8c616c7fa7989585cd5c577c3bff88801789c5b975e016ec888c0d2a1d3f492d12bbb3618ee93c79c80dc1f666ed9e21ffe595dd7b2f3c9f601e03c0

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            b3bb71f9bb4de4236c26578a8fae2dcd

                                                            SHA1

                                                            1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                            SHA256

                                                            e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                            SHA512

                                                            fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                            Filesize

                                                            209KB

                                                            MD5

                                                            b322ca965d1571b468b8c49d387d7f84

                                                            SHA1

                                                            cc1c2fd52c081e36c2b01f05fb2995d0807fcb19

                                                            SHA256

                                                            e45af7598efae14255851cf7d23c669af1a0e89fffa64e4e12c59960542ad0da

                                                            SHA512

                                                            50cfb1240491efe00760c37150f2f8a7dc6769f58fbeccc811eea9574917f383c510af3bce181efe7515e417fc211314aad48326a296f6c1093ca23ff76c9318

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                            Filesize

                                                            693KB

                                                            MD5

                                                            fdde119bd5c37341879e1bd1bfce033a

                                                            SHA1

                                                            e7228d4dd8a2a0fa7d60f50f68e32560932c3a6a

                                                            SHA256

                                                            9a7f775a3d2569ee6a830a7814f1b6068613153b14bc5515ea7644dd51e5972e

                                                            SHA512

                                                            8f91ae407ae1998d86e2edadf9b871e31f8b46b24f7285d17e6f221c33ed19623cbb16f4b73f94dde860dd47ad122f38cba7f5810350b049f79d89c417f53ab8

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                            Filesize

                                                            157KB

                                                            MD5

                                                            242d415e238789fbc57c5ac7e8ca5d02

                                                            SHA1

                                                            09c1e25e035be67c9fbfa23b336e26bfd2c76d04

                                                            SHA256

                                                            7f3ded5bf167553a5a09ca8a9d80a451eb71ccecc043bda1dd8080a2cbe35fa2

                                                            SHA512

                                                            ac55d401951ecf0112051db033cc9014e824ab6a5ed9ea129a8793408d9bf2446cb3c15711e59a8577e0f60d858a4639e99e38d6232315f0f39df2c40217ea40

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                            Filesize

                                                            51KB

                                                            MD5

                                                            3180c705182447f4bcc7ce8e2820b25d

                                                            SHA1

                                                            ad6486557819a33d3f29b18d92b43b11707aae6e

                                                            SHA256

                                                            5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                            SHA512

                                                            228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                            Filesize

                                                            12B

                                                            MD5

                                                            dc63026e80d2bb04f71e41916f807e33

                                                            SHA1

                                                            6cda386d2c365f94ea3de41e2390fd916622eb51

                                                            SHA256

                                                            3b54d00f00aa80384de88e4f4005e9d4d889a2ccf64b56e0c29d274352495c85

                                                            SHA512

                                                            61da550efd55187978872f5d8e88164a6181a11c8a720684eaa737e0846fe20b9e82b73e1f689a6585834b84c4cee8dd949af43e76fd0158f6cafa704ab25183

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                            Filesize

                                                            173KB

                                                            MD5

                                                            31def444e6135301ea3c38a985341837

                                                            SHA1

                                                            f135be75c721af2d5291cb463cbc22a32467084a

                                                            SHA256

                                                            36704967877e4117405bde5ec30beaf31e7492166714f3ffb2ceb262bf2fb571

                                                            SHA512

                                                            bd654388202cb5090c860a7229950b1184620746f4c584ab864eade831168bc7fae0b5e59b90165b1a9e4ba2bd154f235749718ae2df35d3dd10403092185ed1

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                            Filesize

                                                            546B

                                                            MD5

                                                            158fb7d9323c6ce69d4fce11486a40a1

                                                            SHA1

                                                            29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                            SHA256

                                                            5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                            SHA512

                                                            7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                            Filesize

                                                            94KB

                                                            MD5

                                                            9d8b5941ea5b905e8197a175ef2b15a9

                                                            SHA1

                                                            86a078e94b5578ec4125f50f78c8518a8ce1d086

                                                            SHA256

                                                            c6f05b647dbadc15ab97d31790fc8ace054986ec33e9178feead4235ad15cb0d

                                                            SHA512

                                                            fab5fe82873862ce8ed1a427482093cca307f6663e9f6497fdc244ce461312872d419ff274cdca0c496414c28681901f335c9911b95d2a7c112d30e32d74e498

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                            Filesize

                                                            688KB

                                                            MD5

                                                            ba66874c510645c1fb5fe74f85b32e98

                                                            SHA1

                                                            e33c7e6991a25cc40d9e0dcc260b5a27f4a34e6c

                                                            SHA256

                                                            12d64550cb536a067d8afff42864836f6d41566e18f46d3ca92cb68726bdd4e9

                                                            SHA512

                                                            44e8caa916ab98da36af02b84ac944fbf0a65c80b0adbdc1a087f8ed3eff71c750fb6116f2c12034f9f9b429d6915db8f88511b79507cc4d063bab40c4eaa568

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                            Filesize

                                                            27KB

                                                            MD5

                                                            797c9554ec56fd72ebb3f6f6bef67fb5

                                                            SHA1

                                                            40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                            SHA256

                                                            7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                            SHA512

                                                            4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                            Filesize

                                                            214KB

                                                            MD5

                                                            01807774f043028ec29982a62fa75941

                                                            SHA1

                                                            afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                            SHA256

                                                            9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                            SHA512

                                                            33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                            Filesize

                                                            37KB

                                                            MD5

                                                            efb4712c8713cb05eb7fe7d87a83a55a

                                                            SHA1

                                                            c94d106bba77aecf88540807da89349b50ea5ae7

                                                            SHA256

                                                            30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                            SHA512

                                                            3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                            Filesize

                                                            3.4MB

                                                            MD5

                                                            e010d1f614b1a830482d3df4ba056f24

                                                            SHA1

                                                            5873e22b8c51a808c06a3bbf425fcf02b2a80328

                                                            SHA256

                                                            98a98dd1df25d31a01d47eaf4fa65d5f88bc0ad166f8f31d68f2994b4f739a9b

                                                            SHA512

                                                            727877929530e08062611868fd751d1b64e4c7d28c26b70f14c7cd942b1ae1579cba2a2ef038bad07032ef728ae277963ffb3e1ab7a5c28351326fabad84daa6

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.INI
                                                            Filesize

                                                            12B

                                                            MD5

                                                            5796d1f96bb31a9d07f4db8ae9f0ddb3

                                                            SHA1

                                                            93012724e6cc0a298838aede678806e6c0c6517d

                                                            SHA256

                                                            a90d255cce3b419641fa0b9ba74d4da464e0ce70638a9c2eba03d6b34fca1dc4

                                                            SHA512

                                                            890112ddcb3b92b739c0dd06721efa81926ce3aab04c55cdadb8c4e6b7a28c9796f08f508249db189547dc4755804aa80cc8b104dd65c813a0450aad2cdda21c

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                            Filesize

                                                            389KB

                                                            MD5

                                                            5e3252e0248b484e76fcdbf8b42a645d

                                                            SHA1

                                                            11ae92fd16ac87f6ab755911e85e263253c16516

                                                            SHA256

                                                            01f464fbb9b0bfd0e16d4ad6c5de80f7aad0f126e084d7f41fef36be6ec2fc8e

                                                            SHA512

                                                            540d6b3ca9c01e3e09673601514af701a41e7d024070de1257249c3c077ac53852bd04ab4ac928a38c9c84f423a6a3a89ab0676501a9edc28f95de83818fb699

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe.config
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            c6ecf24757926eba64e674bff8b747d1

                                                            SHA1

                                                            3a46083826c20e8e085c42bbfdfeef4f9e2b90d9

                                                            SHA256

                                                            c3ec04142c15b0a237e72ce1c3c85d19cd1231b9824f7a9854e7909a74b7becc

                                                            SHA512

                                                            efabb9883adb098a90115e8938c92b76bbb8d2eb5de170ecfa205ee949a2d722e0f97f6e01f9a71ac8b5fa2108b9ff82fa0171759d50e30d0ab5fc1948bdce15

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll
                                                            Filesize

                                                            93KB

                                                            MD5

                                                            0e5155ecbe5a1797644f1610daa15583

                                                            SHA1

                                                            89677e0f9443d52c73d4e0b91c5aee5215ec4e88

                                                            SHA256

                                                            9baf23c814dd100b2ac9511c9a2e5302dee1ffb1807dea021e1d317ba36901ca

                                                            SHA512

                                                            3f80a871547bdf47f0a5b58f54b9597d0894580fcee8f53dd08c8a80658697fa9c9426ab8d47a40b0cdcf53d11769c654d26a3b530ad39a3a6e37d468ca309d3

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll
                                                            Filesize

                                                            151KB

                                                            MD5

                                                            12572f87ccf0e40406b3554a1a6d3905

                                                            SHA1

                                                            c9e238ef065d38400d084265ee056b2abb694224

                                                            SHA256

                                                            6fdb589ebadf91a869eaa3a850b0fb17a8ab96bed78422e28f7efaf63bc040f9

                                                            SHA512

                                                            d397888aacb1b787662b1678a24e24ddfa7a42c5363ac673706934a1a42e13f5ed55956d478faf0998c77891a64f5f26e85dcfa7ffc0a6ae87df26b3c24c4314

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll
                                                            Filesize

                                                            863KB

                                                            MD5

                                                            286642cd396c5b6cadc906b112b493ee

                                                            SHA1

                                                            cb625fdbd26798b3042bc5cffd010f4e73cdaf1b

                                                            SHA256

                                                            004bf709595e808ae59558ae7510a40277b7e31d99a5580b0e07f136eae09130

                                                            SHA512

                                                            49773e5ad432f893c559308da144596ce1dfb967db5fcfb1805528cc7535e70a181ed8801cae43a47b58656c9925a236b06a4f2c67802a1a875a3dce3c9002dd

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll
                                                            Filesize

                                                            693KB

                                                            MD5

                                                            b61a163ec8f1e6a3a3572a90ba23f7cb

                                                            SHA1

                                                            467fba9f1c171b58b76f4e9e24aba1ce5c91d02f

                                                            SHA256

                                                            87da900259bea3bb65d984fb6fcd3134661e3eb0883ebf24981d50ca5d36f51a

                                                            SHA512

                                                            87eadb61d95ef67cea0ec8cf15c2e285aff8c92941adb47dbce6886796de45b4940efa803d2a9333fadd09473e1b1a34660042d12562fb07eaf4a59c401244ca

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll
                                                            Filesize

                                                            286KB

                                                            MD5

                                                            3362fdb62a7980ca70c44b4dbda5be9b

                                                            SHA1

                                                            77b328fd868e9be19165c39b541e815bad1fe13f

                                                            SHA256

                                                            a6b74a797384f89b692f2e1027a3f73b4fad2a97914208158869a33068132a1c

                                                            SHA512

                                                            d0441e5c747707434c02a64e8ff3a49edf33cff2c9d22f2c22e8bdfebc30a3cdf79b2ed96b8abd819ecd042876baa77c32e119ebb05ba0ecac73dfe2bf971e86

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll
                                                            Filesize

                                                            270KB

                                                            MD5

                                                            66c97a4217593113658977f5aefc18d8

                                                            SHA1

                                                            a7e4ff9bdb3800c1e93a0d521b53e344a10699ff

                                                            SHA256

                                                            9ad65cc593bfc60815124c6377a8f3ea4f031bca01c688fb543b50a2b6418764

                                                            SHA512

                                                            d2a474718a38aa0ea738200d7584a5c21552dc76428176026c5509ae606fea534f4aeabedf93d5bae5735754d82b2d93e4cfb67bcfea9a435147d7bb4b1f0722

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll
                                                            Filesize

                                                            277KB

                                                            MD5

                                                            a6d30251ed124d7656f523a7df177d09

                                                            SHA1

                                                            48092d267e067c1967b5acf1aebd9a18f0b91515

                                                            SHA256

                                                            ec81827b885c0b109aaa3882469bb41d26871274b2e39d3b227fbd18858bf6a3

                                                            SHA512

                                                            466809068b5813ac5531d9e5c76ba080a3a15b0d1aff2a7187149cd5366d990dfd07df1d51eeb8fcc656ed5c2d1c099ac32e0416f219fc38b64bd1a2351ee502

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll
                                                            Filesize

                                                            399KB

                                                            MD5

                                                            5b3639406abb5ad7f16a90124b708862

                                                            SHA1

                                                            466db9d6bc5f2a8eb205e5f3a7f2ec8c52809597

                                                            SHA256

                                                            83717328623f05f5987dc258332bca21c1f2858b7ce6b834af5da687b0948847

                                                            SHA512

                                                            f10717408e0140c8dbefcce9501cf03b86cecd32f2b55770879c28e21d793e45bd8b7eeed52e56e3386000a7beef7f0bdd05ebeff99a44d1056512f48063f71c

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                            Filesize

                                                            48KB

                                                            MD5

                                                            4eb92a7bb85f5cbae4192f874fdbcc95

                                                            SHA1

                                                            bb7b868a4e48ba587ca19c9d5f2a62e9e2a27b7f

                                                            SHA256

                                                            a504e2c6647a23f90ce0a833eed71c282971626e4fe86e8627ef3a5d0e872cc8

                                                            SHA512

                                                            ae1e49f9c36dc3e932ee97dcb8a9cfcea107b5af0ad810ecab69e124e92ea94fc32fe92ff6e493d2b89d2e53ec51c260e97d7fca34a2f635185460239ddc188e

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll
                                                            Filesize

                                                            1.7MB

                                                            MD5

                                                            cba9d50085ee939b987cf758c727dd62

                                                            SHA1

                                                            ddc0faf68995883ac754662c59c4295bb0a64e3b

                                                            SHA256

                                                            75e47a697a46e31811fab8c5d9fe1aba6ba095b6d13dc79a8c848be308917c37

                                                            SHA512

                                                            a5f3d1b96535e0b523ecd71dc36fd3af157c630874ff11da29066c545114d256b14a5ee2ba725679c4192182d37df6900aa69ece228bafce909a482dff43a1e0

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                            Filesize

                                                            196KB

                                                            MD5

                                                            5f782d0cb0f717ae9dfd1b4da1295f15

                                                            SHA1

                                                            b33575e428e19940f0585c747e054ca70a12d454

                                                            SHA256

                                                            0f233bd5fe96cf5f7efea0fa0634f98c37a3a095f72acc79a3544590bf228b43

                                                            SHA512

                                                            e373be20e06f31f81a8c0368e8fbee0bd7e98095a6e1f85ecb8969a35caf32e22194e2448de9213bb86478f454e708363ea6ab990648422b57f057a0516959ed

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                            Filesize

                                                            55KB

                                                            MD5

                                                            a739b889642ca9ce4ad3a37a3c521604

                                                            SHA1

                                                            18bcf6fd14c5aece67ae795a3c505a0c1a9d5175

                                                            SHA256

                                                            44b96244b823052fb19509b1f9576488750c4edab61840af24b10c208b47fc92

                                                            SHA512

                                                            92243e80fd77b9c3f9231c750935b34d9adcdc76e1a45a445c47888a1e98faca1c26f617459db0c1af4860a5172401f03e64039888e6f84726d2457cc550bae0

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                            Filesize

                                                            9KB

                                                            MD5

                                                            9d1528a2ce17522f6de064ae2c2b608e

                                                            SHA1

                                                            2f1ce8b589e57ab300bb93dde176689689f75114

                                                            SHA256

                                                            11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                            SHA512

                                                            a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.5640.update
                                                            Filesize

                                                            9KB

                                                            MD5

                                                            14ffcf07375b3952bd3f2fe52bb63c14

                                                            SHA1

                                                            ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                            SHA256

                                                            6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                            SHA512

                                                            14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            079ee5f46027f3af016ef46618ead7e8

                                                            SHA1

                                                            197a94dc9d5340941943ad535579f953fe75fe2f

                                                            SHA256

                                                            2e8bcea09b75c08a9ec10f602e4c4fb01e196fbd1b47d4fcf5cb223d9a6a4376

                                                            SHA512

                                                            adee75995317cae5926b0617ea7b81e380bedacc7c31161d3dcaae21e61a7e8c0242718eacdfef12db62548b344b99c903af73a5d03064342b9d9bf427a64fae

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                            Filesize

                                                            2B

                                                            MD5

                                                            81051bcc2cf1bedf378224b0a93e2877

                                                            SHA1

                                                            ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                            SHA256

                                                            7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                            SHA512

                                                            1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                            Filesize

                                                            54KB

                                                            MD5

                                                            77c613ffadf1f4b2f50d31eeec83af30

                                                            SHA1

                                                            76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                            SHA256

                                                            2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                            SHA512

                                                            29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                            Filesize

                                                            334KB

                                                            MD5

                                                            b3e14504a48bed32c53ec7aab2cb2c8f

                                                            SHA1

                                                            0bc0d486a5ed1c4cdf2390229883ed3473926882

                                                            SHA256

                                                            adea6001759b5604f60bbaec8ce536a1e189adebc7394f9cff3921cae40c8c9b

                                                            SHA512

                                                            e5a5c09355eb9cb45dc872b59edbd54f62f15445ca6caaa3187e31e7928ef4453ae8405d9eee5d2aec4fa34965d3006dcf61c060b8691519a2312382612c683f

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.INI
                                                            Filesize

                                                            12B

                                                            MD5

                                                            3d66ae5ed06891e8ce75a39a24070844

                                                            SHA1

                                                            368064119835d4376727a14706c41384446183e8

                                                            SHA256

                                                            73dba8242fdb4de1393b367a239f730aca6713e6658be69f1d8992ad26479176

                                                            SHA512

                                                            c0b61f92bb61a7bf90225d1ba5a1bea0fc077c2481a2149663b546296421855ab3147c3a1f5372ebc920731624bc8578595c18ca9d138691c720fdcb86d03f8a

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                            Filesize

                                                            72KB

                                                            MD5

                                                            749c51599fbf82422791e0df1c1e841c

                                                            SHA1

                                                            bba9a471e9300bcd4ebe3359d3f73b53067b781d

                                                            SHA256

                                                            c176f54367f9de7272b24fd4173271fd00e26c2dbdbf944b42d7673a295a65e6

                                                            SHA512

                                                            f0a5059b326446a7bd8f4c5b1ba5858d1affdc48603f6ce36355daeaab4ed3d1e853359a2440c69c5dee3d47e84f7bf38d7adf8707c277cd056f6ebca5942cc5

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                            Filesize

                                                            541B

                                                            MD5

                                                            d0efb0a6d260dbe5d8c91d94b77d7acd

                                                            SHA1

                                                            e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                            SHA256

                                                            7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                            SHA512

                                                            a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll
                                                            Filesize

                                                            94KB

                                                            MD5

                                                            ebbe06f612e1c8b87e3d4aaca15a29b5

                                                            SHA1

                                                            d2b1317ed96ec0c92ccaf7e85f68ee24f289413f

                                                            SHA256

                                                            6cd16dce27e724c2daa098f131343ffdbbed0da5b7ef62542b421a0817de3a3e

                                                            SHA512

                                                            eb079eb409925516118db4980be734a645b7444bc51862ce7c95d52e0697b7b937bbacaf421fc5af1a01d3262c1b19a3cf9376adb0a5537de0973e0b7dde63df

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll
                                                            Filesize

                                                            693KB

                                                            MD5

                                                            3b395830460c2f72bc6cd12dd096db0c

                                                            SHA1

                                                            73063c63d2b562310af76abef2a8b7e697389c94

                                                            SHA256

                                                            f7bb07b7c1718dbbcb692aa4296ebefd7ccd1e55f27be00703a3ce623ad38d5b

                                                            SHA512

                                                            dbcaedddc4d99586f1e04fda97e1c706fbc6be7bb766e0fe73addad3116517010a3c1c92d7f54d71533b4c4459631966d8d0cf370ecf1f789f7d25fcb2f5a64e

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                            Filesize

                                                            50KB

                                                            MD5

                                                            c0f02eaa3eb28659d8f1bcba8de48479

                                                            SHA1

                                                            5be3c69e3f46daff4967484a09eb8c4a1f4a7f0f

                                                            SHA256

                                                            6befb51a6639cae7e25570f5259f7b1f2d9b9b6539177d64d2ed8be50dde6268

                                                            SHA512

                                                            47b536fa628608a58f6f382bbc99911eeff706becfaf4b1c5ff904ca768917f40c2e916ba5a31992df0335ba5a57755f047f70aafaac414fc655da0cd6f95e34

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                            Filesize

                                                            32KB

                                                            MD5

                                                            f531d3157e9ff57eea92db36c40e283e

                                                            SHA1

                                                            d0e49925476af438875fa9b1ccfb9077fa371ecc

                                                            SHA256

                                                            30aa4b3e85e20ada6fe045c7e93fee0d4642dcabd358a9987d7289c2c5582251

                                                            SHA512

                                                            27d247ab93ef313ce06ff5c1deca4b0819b688839c46808a6be709c205c81b93562181926a36a45a7da9570baea3b3152b6673a3bcce0b9326c7d3599a3d63c8

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                            Filesize

                                                            54KB

                                                            MD5

                                                            d11b2139d29e79d795054c3866898b7f

                                                            SHA1

                                                            020581c77ed4bc01c3f3912f304a46c12ca443e6

                                                            SHA256

                                                            11cdb5ec172389f93f80d8eff0b9e5d4a98cfeab6f2c0e0bc301a6895a747566

                                                            SHA512

                                                            de5def2efcba83a4b9301dd342391c306cf68d0bb64104839dfc329b343544fd40597a2b9867fd2a8739c63081d74157acfc9b59c0cb4878b2f5155f582a6f09

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                            Filesize

                                                            588KB

                                                            MD5

                                                            d39533ae3451324100a8be62845799e6

                                                            SHA1

                                                            31af6d7acac3ff2b67a3b6d5dca6ba22809988d3

                                                            SHA256

                                                            fa52b413bec029179f4dc476b9198f53d9034b0de59ae2439a8882403b61d07e

                                                            SHA512

                                                            ce69bde9859ba32aa24b09538e5ccefa8766f2f264bf637fae2d0ec1419e306f767e3343793448d960880c82d328fa6e7b75e14cbc2de3403fb21c80f03318bd

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                            Filesize

                                                            166B

                                                            MD5

                                                            79368aaf0e794f603c213bc4ef554102

                                                            SHA1

                                                            a60d97ed1667e0100fcabb56d48829e66e8d17e4

                                                            SHA256

                                                            f0ca14388cf47dd6cb81d236b01bcd5a56622eca5293efdfaad8d27c4335d1c9

                                                            SHA512

                                                            c6ae7f9121985231db0c921f953238277ef4ceef3ea51ecd34c5cfdc8a0c0f2020c9a895a92f6e76feaad9863d53802d52d8afc3c7ab4ea56c67741e5cd85f73

                                                            Download Submit

                                                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                            Filesize

                                                            203B

                                                            MD5

                                                            3e06285e99b0c13324a2f7754a60ec91

                                                            SHA1

                                                            318a522da654ff8a08d56a5d120e535711679201

                                                            SHA256

                                                            05146ac2feca8dfeb530ea0e6862133119bad40ca5446f515e1c389974069fc0

                                                            SHA512

                                                            1c1c857806fb43db9f561f616a0a229d7ad1561fb8bec9221ab4bce723f2ff4a6ecb7db31924884246bcc37030613f9dfd825e4dfbe9b24a28e1b77ccdcd7109

                                                            Download Submit

                                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                            Filesize

                                                            9KB

                                                            MD5

                                                            1ef7574bc4d8b6034935d99ad884f15b

                                                            SHA1

                                                            110709ab33f893737f4b0567f9495ac60c37667c

                                                            SHA256

                                                            0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                            SHA512

                                                            947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                            Download Submit

                                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                            Filesize

                                                            10KB

                                                            MD5

                                                            f512536173e386121b3ebd22aac41a4e

                                                            SHA1

                                                            74ae133215345beaebb7a95f969f34a40dda922a

                                                            SHA256

                                                            a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                            SHA512

                                                            1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                            Download Submit

                                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                            Filesize

                                                            76KB

                                                            MD5

                                                            b40fe65431b18a52e6452279b88954af

                                                            SHA1

                                                            c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                            SHA256

                                                            800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                            SHA512

                                                            e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                            Download Submit

                                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                            Filesize

                                                            80KB

                                                            MD5

                                                            3904d0698962e09da946046020cbcb17

                                                            SHA1

                                                            edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                            SHA256

                                                            a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                            SHA512

                                                            c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                            Download Submit

                                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                            Filesize

                                                            92KB

                                                            MD5

                                                            08933419cee56ebfd4c69930127284c5

                                                            SHA1

                                                            9552c2fb0699cad52008fd5a5de8a3dde04db432

                                                            SHA256

                                                            594ba7863227b6d7f20085de871acbedf67d021162bc20a8cd782f38cd78eedd

                                                            SHA512

                                                            f339afe5593b3710e5971cdcb3e18a7df91e9d0c8c6ef681716f960d54666edb5fcdcac7e4e9fe37b5b6efb46f952f576015166ae7da8f616d5994f5a8b1be34

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                            Filesize

                                                            287B

                                                            MD5

                                                            fcad4da5d24f95ebf38031673ddbcdb8

                                                            SHA1

                                                            3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                            SHA256

                                                            7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                            SHA512

                                                            1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                            Filesize

                                                            7KB

                                                            MD5

                                                            362ce475f5d1e84641bad999c16727a0

                                                            SHA1

                                                            6b613c73acb58d259c6379bd820cca6f785cc812

                                                            SHA256

                                                            1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                            SHA512

                                                            7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                            Filesize

                                                            1.9MB

                                                            MD5

                                                            8de5a7a19d882820893d8b911c1710fb

                                                            SHA1

                                                            95cdf5855bc5e454c8944952697ab142f77124f7

                                                            SHA256

                                                            2bee5835a45e74f454648c57fef0d6fca40d64308f813cb759ccab1b2ab576a9

                                                            SHA512

                                                            3056784d9a1ae5a8a5dd92d7ed6ad1311e863e41a6ca5971aac5d626da1338da44d0828448aa9ab1f9edb88afbaaacd57660c4c102812bc94240654b8d5237a7

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                            Filesize

                                                            1.1MB

                                                            MD5

                                                            9a9b1fd85b5f1dcd568a521399a0d057

                                                            SHA1

                                                            34ed149b290a3a94260d889ba50cb286f1795fa6

                                                            SHA256

                                                            88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                            SHA512

                                                            7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                            Filesize

                                                            375KB

                                                            MD5

                                                            3c93b399b417b0d6a232d386e65a8b46

                                                            SHA1

                                                            bb26deae135f405229d6f76eb6faaeb9a3c45624

                                                            SHA256

                                                            29bc4577588116cbfea928b2587db3d0d26254163095e7fbbcde6e86fd0022d7

                                                            SHA512

                                                            a963f5cf2221436938f031b65079bea7c4bafbd48833a9e11cd9bdd1548d68ed968d9279299aa2adfc23311a6744d516cc50e6537aa45321e5653755ed56f149

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                            Filesize

                                                            321KB

                                                            MD5

                                                            d3901e62166e9c42864fe3062cb4d8d5

                                                            SHA1

                                                            c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                            SHA256

                                                            dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                            SHA512

                                                            ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                            Filesize

                                                            814KB

                                                            MD5

                                                            9b1f97a41bfb95f148868b49460d9d04

                                                            SHA1

                                                            768031d5e877e347a249dfdeab7c725df941324b

                                                            SHA256

                                                            09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                            SHA512

                                                            9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                            Filesize

                                                            1.2MB

                                                            MD5

                                                            e74d2a16da1ddb7f9c54f72b8a25897c

                                                            SHA1

                                                            32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                            SHA256

                                                            a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                            SHA512

                                                            52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                            Filesize

                                                            11B

                                                            MD5

                                                            5eda46a55c61b07029e7202f8cf1781c

                                                            SHA1

                                                            862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                            SHA256

                                                            12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                            SHA512

                                                            4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                            Filesize

                                                            48KB

                                                            MD5

                                                            b4a865268d5aca5f93bab91d7d83c800

                                                            SHA1

                                                            95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                            SHA256

                                                            5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                            SHA512

                                                            c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                            Filesize

                                                            48KB

                                                            MD5

                                                            5e67307c0c9fa9955e197e5e649985fe

                                                            SHA1

                                                            589ed4f0fabaf492886bceb96e40edf5639a5177

                                                            SHA256

                                                            87b980dffd4390f85c5be5ab45500eb5153e35d44d219cbcaccad30f3deae66a

                                                            SHA512

                                                            332f4c7ab551fad95d9219bc1f920fde072c65f210ada6727d5fe1cf7b4275ffda37cf78b8facd5ca295a5d441bd6614c41b941017e45e9a100920eb526498f4

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                            Filesize

                                                            48KB

                                                            MD5

                                                            568dbb1b99d0567abbb350b6028a3d91

                                                            SHA1

                                                            b1139601e20d8bcaca4f978a8d8bb8cd1afac46f

                                                            SHA256

                                                            5a4947fa23649b17ec883dbf03fc26e6473a6e78959a4e3795340783cf9a4002

                                                            SHA512

                                                            f4bdbca76d560fdf41622576e750eb7713b57827bd18862108cbc087f4b5f873b1a34def579327269c2bf2ef4d1384bae3590bbde0465200ab432328a76a7382

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                            Filesize

                                                            2.8MB

                                                            MD5

                                                            91453d3e1e2bc9586cf5495073fb3cf7

                                                            SHA1

                                                            09cfa9dc27545fb600dd7a60e44258c511eb43c4

                                                            SHA256

                                                            5d398c6ce0636eadd4b7f6920dbd6127388f698e9bc1a440cb7db3992acb6557

                                                            SHA512

                                                            462d59453ed01d8ddf54e06319aaefc0ab5ef70ed7b0a45ffd4d3f049692044acf0dee3599173e58a4c281bc69af63d8b64f9586a1b2f04991adfa6747f19bdc

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                            Filesize

                                                            2.9MB

                                                            MD5

                                                            384d6da5c34ff401b18f0af41e3a2643

                                                            SHA1

                                                            3ddfbcf79e55904df77df2125f2112cfe7703eec

                                                            SHA256

                                                            0699c4ccaa2f9e6768475f7fbd0dd93dab1a0a0dc8859e9ee8f8a48ad1075d7d

                                                            SHA512

                                                            5b63245bedfc7260b27254a33f621a8b626a36c13c8f8ad516f51013bd6751770d37afdc1ff8f7646d9f972081acd24776314405cc397762a4f58d6dca0a7f32

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                            Filesize

                                                            1.1MB

                                                            MD5

                                                            6c6f85e896655a6eb726482f04c49086

                                                            SHA1

                                                            2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                            SHA256

                                                            e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                            SHA512

                                                            b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                            Filesize

                                                            646KB

                                                            MD5

                                                            7895698867d1ad33934a8553b4806dc5

                                                            SHA1

                                                            32704df55deaff9bf0b4ee0b887541856578938b

                                                            SHA256

                                                            ef5854b5e800a534a08c083d4a3956dfc0a474ff540cae9bf0a9077a213b2ff9

                                                            SHA512

                                                            20337093ddc5322c4b96c7bf26f1a0b966fafde70a96f7e9b5e9d36acac7d862bd2a50cae9a63731b23904a9256c94cd3bb4e19768130580511ec4c408536a58

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                            Filesize

                                                            3.1MB

                                                            MD5

                                                            85e1898362165fc1315d18abb73c1b37

                                                            SHA1

                                                            289a48ba5ee27c0134f75e243c55a90d32c11a05

                                                            SHA256

                                                            d0594b261e16394244c64289dac00367fdc853a1a8e542e0e814a57494c5228a

                                                            SHA512

                                                            49fdbef67c2a85b5d319c26e6e55456c94d294b836c946b9966c8746fb33de4ede62b93ba91ad657df4db24fdb3ee1de7395652ae1086c876b7d0b85000d594a

                                                            Download Submit

                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                            Filesize

                                                            569KB

                                                            MD5

                                                            9614d1da18956de06747c03068208d66

                                                            SHA1

                                                            fea2680ddb9e4ceea8489a132df9a1542febfe88

                                                            SHA256

                                                            dde9e0ca3fd274902f1a4c22cfec6870c6c4dbbccad17d2189477ab60f769dab

                                                            SHA512

                                                            d8e46a5819e9dced61471966646de153bf3480933054c50190d50de4900685265367b12c9147630f184ce8809786fc010bf6fcd1884035fb4c77cfde660a8b9d

                                                            Download Submit

                                                          • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\9f63e35c96e1ba57820c1df44a5cb662
                                                            Filesize

                                                            16KB

                                                            MD5

                                                            b2e89027a140a89b6e3eb4e504e93d96

                                                            SHA1

                                                            f3b1b34874b73ae3032decb97ef96a53a654228f

                                                            SHA256

                                                            5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                            SHA512

                                                            93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                            Download Submit

                                                          • C:\ProgramData\chocolatey\config\chocolatey.config
                                                            Filesize

                                                            809B

                                                            MD5

                                                            8b6737800745d3b99886d013b3392ac3

                                                            SHA1

                                                            bb94da3f294922d9e8d31879f2d145586a182e19

                                                            SHA256

                                                            86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                            SHA512

                                                            654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                            Download Submit

                                                          • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                            Filesize

                                                            12KB

                                                            MD5

                                                            218de4ad3100dc8606d20ebc065db672

                                                            SHA1

                                                            ca86ba331a262f246ece82eb009d6fbeb8fbbf84

                                                            SHA256

                                                            4cdfe8cf13bae42ce68a792392ceaea668e28666079d24e82a91c05d8c6b45b1

                                                            SHA512

                                                            e292a75dcd5d84dd9e596b765f8cb00704e42e7f18c892d4cbbe847fe5da0b3b3812237dc5e4342ae82453e72206d9f60bebd04e6242ee5101a55f1ceab4b743

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                            Filesize

                                                            471B

                                                            MD5

                                                            7795df33fc7dd3aa62e0bc052f9dfbad

                                                            SHA1

                                                            ea227ec994561b5bce01c5228f9c337286fbec9c

                                                            SHA256

                                                            6ad47d714f3dd55b2fe9072e829542851d2ecf60cb88254002c60449e8aca736

                                                            SHA512

                                                            de11027f0ca32119ebbb17976ecbe6582ab6af8caa7ce522d75c4185da722550f1f981064db9be6074eb1c6c096c933c2de7ee42b1f31b4fedc9982f87157f9d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9
                                                            Filesize

                                                            727B

                                                            MD5

                                                            fa7db42a9d9f0a91fbfa3719ed26a7a2

                                                            SHA1

                                                            b902e20b3fa4845a3a253dab7594750514b35f01

                                                            SHA256

                                                            a8f54cb906b48086ffc06af5009f0df6c1fa7a1495861112a5e11f9e5fada604

                                                            SHA512

                                                            d214aaa0d654012e5a000b2fd1d770fe92a8540f33978361d0e83f34a3feab7e358ceffbc81378b4c9c73a8cd3dfa7ebb4a1add7811ce26b9afd3214222d1590

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                            Filesize

                                                            727B

                                                            MD5

                                                            f0339c0506fe0b51215f7227b14e656f

                                                            SHA1

                                                            cf937eeed1483e23e81244baa03d5e8f112c56d5

                                                            SHA256

                                                            47bf8749c1ac54c6586d625c99219f03c6a073f3b3f5689444985aae85a3e5b1

                                                            SHA512

                                                            afb55465411bce78b7453e17aca382e0add24a1b0dd7f116cb077a2641abcbde8684e076d69ca6a3a61a3e47d156f85c80621082ab1a80f4a5b3b1b75f20d5bc

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                            Filesize

                                                            400B

                                                            MD5

                                                            195e82af59e98706fa508931c7326a61

                                                            SHA1

                                                            230e818036fcb6fc6b06f0191ca3086f5ee363b1

                                                            SHA256

                                                            ebdac9a74cbc8febf2ec4379af9f3a01bd69860e5ae094c27f653373721ff41d

                                                            SHA512

                                                            5b28bcd012b47ca032d120a7b40cb99fad5be790f4a9974ae827e48891daa50ed093c009ee7f62b0652fce028fcf86a7093e22a09f8b35bab417c9bda67cf5b4

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D6781754937F132531C364D68914BDA9
                                                            Filesize

                                                            408B

                                                            MD5

                                                            02935eab8aff7ca2e28735e51fa7e046

                                                            SHA1

                                                            f4c8414756aeae4e1efb7b579d41df4f304cebbd

                                                            SHA256

                                                            431835c4185ce9b037c44773a303ee46f47d4e5c84baac6ebb223a8bbf2f143b

                                                            SHA512

                                                            40a3c7183e349890defe79aa38aab189df9d4793ba63f816cbe25efb8999c2e6aad2e3b9ebab6a17475a9712b611c73cf0b1d331387bffb5188783e7831051de

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                            Filesize

                                                            412B

                                                            MD5

                                                            a98e2e0a45262acb59fa0cb09ed8c6a0

                                                            SHA1

                                                            b29e4331465a568afc29692b030d279afede2080

                                                            SHA256

                                                            6588e847e739cc512ac2f46ed1fc966b6440d5b49396fe0cc318e71a4e3c2c70

                                                            SHA512

                                                            6a5db3f206440c9eac12214898f5445e7d3af86f7e6e6615140335a4101df56caa0a5b6ce82cc8c2838c2f89e0033858c571e8710e63f5ea08159aaf0fc5aa2d

                                                            Download Submit

                                                          • C:\Windows\Installer\MSI4B65.tmp
                                                            Filesize

                                                            4.5MB

                                                            MD5

                                                            2207f96731ce2f9d9327c0baaf4959ef

                                                            SHA1

                                                            f56ea992c59ad669ec8ee5d6a827adc472159cc0

                                                            SHA256

                                                            e4ceddd5c37c90f8fc7787663a9bed31518fba82413e80b21230425e380c42db

                                                            SHA512

                                                            7e4bd781f879b593f722277839175aa895c863b2015d691c85c8eec4fe635d233cd94d2b0dce46cd058f08a005caa73888809df414983ff2a4c938770ef71fd4

                                                            Download Submit

                                                          • C:\Windows\Installer\MSIA14A.tmp-\AlphaControlAgentInstallation.dll
                                                            Filesize

                                                            25KB

                                                            MD5

                                                            aa1b9c5c685173fad2dabebeb3171f01

                                                            SHA1

                                                            ed756b1760e563ce888276ff248c734b7dd851fb

                                                            SHA256

                                                            e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                            SHA512

                                                            d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                            Download Submit

                                                          • C:\Windows\Installer\MSIA14A.tmp-\CustomAction.config
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            bc17e956cde8dd5425f2b2a68ed919f8

                                                            SHA1

                                                            5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                            SHA256

                                                            e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                            SHA512

                                                            02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                            Download Submit

                                                          • C:\Windows\Installer\MSIA14A.tmp-\Newtonsoft.Json.dll
                                                            Filesize

                                                            695KB

                                                            MD5

                                                            715a1fbee4665e99e859eda667fe8034

                                                            SHA1

                                                            e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                            SHA256

                                                            c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                            SHA512

                                                            bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                            Download Submit

                                                          • C:\Windows\Installer\MSIA487.tmp
                                                            Filesize

                                                            509KB

                                                            MD5

                                                            88d29734f37bdcffd202eafcdd082f9d

                                                            SHA1

                                                            823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                            SHA256

                                                            87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                            SHA512

                                                            1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                            Download Submit

                                                          • C:\Windows\Installer\MSID2A2.tmp
                                                            Filesize

                                                            245KB

                                                            MD5

                                                            acf29f18088d57d255b2b5c859e6d844

                                                            SHA1

                                                            cb0260ff6e7dd2189677d1c2afc9d25cd0c6f208

                                                            SHA256

                                                            767b905a0af875fde991601e1ea86ce40af300e6054ea719cad02fe72df28fd8

                                                            SHA512

                                                            29fe0a4159a7aabb7886475824c5b23310863304a315cf59b5d6bf44c0dc2c4df36521c38ff97e5336a8c7dda63a3f1b0405b493985c3ee4f308693bed9f638b

                                                            Download Submit

                                                          • C:\Windows\Installer\MSID2A2.tmp-\AlphaControlAgentInstallationDialog.dll
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            23b4b8d7a19b6de1bf97308c084a31c6

                                                            SHA1

                                                            cf8ac83896cfc180fe2f1c3d5db67adb25860038

                                                            SHA256

                                                            5b47208bdd53b9d55efbb807063a783a992fb4aca3b7da15ac64f30930a4cbc0

                                                            SHA512

                                                            b1ca3006d9aa1c25efbd84eb67d18dd0b88fd23190e296d0b005364223ef057c18d0ae6253d987fbca3e675646654557e897c9a9e5b354fb5b76d42775480830

                                                            Download Submit

                                                          • C:\Windows\Installer\MSID2A2.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                            Filesize

                                                            179KB

                                                            MD5

                                                            1a5caea6734fdd07caa514c3f3fb75da

                                                            SHA1

                                                            f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                            SHA256

                                                            cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                            SHA512

                                                            a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                            Download Submit

                                                          • C:\Windows\Installer\MSIEA71.tmp
                                                            Filesize

                                                            211KB

                                                            MD5

                                                            a3ae5d86ecf38db9427359ea37a5f646

                                                            SHA1

                                                            eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                            SHA256

                                                            c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                            SHA512

                                                            96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                            Download Submit

                                                          • C:\Windows\Installer\e57d1b7.msi
                                                            Filesize

                                                            2.6MB

                                                            MD5

                                                            055047fe65e1d28dd3bb2e53a9bbcf31

                                                            SHA1

                                                            126af029786aae23fb19e4ab3b71d50a04880393

                                                            SHA256

                                                            f065892060e9e58460c920516e4c7257c265bf8b532e9782d5d73146ee936c72

                                                            SHA512

                                                            94da78ac9c85e16e628872ba1d318db1733bb917711836df73b30b5d9825d6f04db5418c094220a20886ecd892e5721238ab47e1ca7b7674c163fa35a91c0ddf

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{2b5f1af6-829f-0f4d-9346-2b9dd9bc8fcc}\lci_iddcx.cat
                                                            Filesize

                                                            10KB

                                                            MD5

                                                            62458e58313475c9a3642a392363e359

                                                            SHA1

                                                            e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                            SHA256

                                                            85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                            SHA512

                                                            49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{2b5f1af6-829f-0f4d-9346-2b9dd9bc8fcc}\lci_iddcx.inf
                                                            Filesize

                                                            4KB

                                                            MD5

                                                            1cec22ca85e1b5a8615774fca59a420b

                                                            SHA1

                                                            049a651751ef38321a1088af6a47c4380f9293fc

                                                            SHA256

                                                            60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                            SHA512

                                                            0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{2b5f1af6-829f-0f4d-9346-2b9dd9bc8fcc}\x64\lci_iddcx.dll
                                                            Filesize

                                                            52KB

                                                            MD5

                                                            01e8bc64139d6b74467330b11331858d

                                                            SHA1

                                                            b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                            SHA256

                                                            148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                            SHA512

                                                            4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{c580225d-9824-6c42-a52e-fe156c92303e}\lci_proxywddm.cat
                                                            Filesize

                                                            12KB

                                                            MD5

                                                            8e16d54f986dbe98812fd5ec04d434e8

                                                            SHA1

                                                            8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                            SHA256

                                                            7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                            SHA512

                                                            e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{c580225d-9824-6c42-a52e-fe156c92303e}\lci_proxywddm.inf
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            0315a579f5afe989154cb7c6a6376b05

                                                            SHA1

                                                            e352ff670358cf71e0194918dfe47981e9ccbb88

                                                            SHA256

                                                            d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                            SHA512

                                                            c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{c580225d-9824-6c42-a52e-fe156c92303e}\x64\lci_proxyumd.dll
                                                            Filesize

                                                            179KB

                                                            MD5

                                                            4dc11547a5fc28ca8f6965fa21573481

                                                            SHA1

                                                            d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                            SHA256

                                                            e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                            SHA512

                                                            bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{c580225d-9824-6c42-a52e-fe156c92303e}\x64\lci_proxyumd32.dll
                                                            Filesize

                                                            135KB

                                                            MD5

                                                            67ae7b2c36c9c70086b9d41b4515b0a8

                                                            SHA1

                                                            ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                            SHA256

                                                            79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                            SHA512

                                                            4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                            Download Submit

                                                          • C:\Windows\System32\DriverStore\Temp\{c580225d-9824-6c42-a52e-fe156c92303e}\x64\lci_proxywddm.sys
                                                            Filesize

                                                            119KB

                                                            MD5

                                                            b9b0e9b4d93b18b99ece31a819d71d00

                                                            SHA1

                                                            2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                            SHA256

                                                            0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                            SHA512

                                                            465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                            Download Submit

                                                          • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-04-02-22.dat
                                                            Filesize

                                                            602B

                                                            MD5

                                                            d0e4732a0c78549c072d00cbc70eaba1

                                                            SHA1

                                                            d48794fc7d2c3dab6e45ac217b0239d3288fe445

                                                            SHA256

                                                            f6ceacc6c169577f82b99cdfb77b9837371e34f32510f067f0c15437254f9f0c

                                                            SHA512

                                                            9a23311154210209d30d3f055345d0b16eff66eb86b658b04d8469569390870bcdde1702568c0ddca666d3aebeefe15393d637e0d75b66f87dfabf59e0dc28d0

                                                            Download Submit

                                                          • C:\Windows\Temp\InstallUtil.log
                                                            Filesize

                                                            976B

                                                            MD5

                                                            9fb2f2d2d099fbd287d47481c7bc2fe8

                                                            SHA1

                                                            a5c994496ccf5f3913380fdd86afcf56a8b81db6

                                                            SHA256

                                                            a6041814e217d0e9e27dd19b6497eec4d0f372525b9ec8b83d34e7e36314c6cf

                                                            SHA512

                                                            ad0d5a5c67dc24dbbed3d8d1eb157efae0e83978a06feaefb3dd7af008316d4fd9b70a9670668d84ecb0c6cdd983fd3c20559dbc86df44169a60939ba9dbfb72

                                                            Download Submit

                                                          • C:\Windows\Temp\InstallUtil.log
                                                            Filesize

                                                            4KB

                                                            MD5

                                                            69fb63433ad7d712cca0f16ca0fed600

                                                            SHA1

                                                            89fb71c8dd825378c880cc01c42f237a7525b5dd

                                                            SHA256

                                                            d3672f96243a6e3083eea1d88e21f6fa54a947fd488ce74917f1cda8b9fe9dc9

                                                            SHA512

                                                            a14af09bb059c2d037ab607e4f03de56e1064a130e742eab818a6d220cfbed033aa5086f4a4153101ef1433ebb241de6df99605c3bd37217ab4faea7f71a0a74

                                                            Download Submit

                                                          • C:\Windows\Temp\PreVer.log
                                                            Filesize

                                                            2KB

                                                            MD5

                                                            6f4e59c238059b46240985eb11f4006d

                                                            SHA1

                                                            920d9fc007a4a74bdf8481ba43462d9c9697fdcc

                                                            SHA256

                                                            4c537414054af5e5e820bffea8a5cc3e18075a5f62bdc570cf93b7a6a36ff4c7

                                                            SHA512

                                                            91e95034674bf3e62b49293e79d6e7b80d38c4c937f07cac8dd1cbad3785c650357cb886a79f53ae8179f27b037398f4b4c7a12037f307c1b8cd97d760321b61

                                                            Download Submit

                                                          • C:\Windows\Temp\unpack.log
                                                            Filesize

                                                            3KB

                                                            MD5

                                                            ed9ade8118d5a68bbd0a884cce39d794

                                                            SHA1

                                                            f0f16d4fbd850e293faccf28da2a8fc01c7cbc47

                                                            SHA256

                                                            a7adfc2f2dcb092690361e40a34ad04983c1e8ac367ae6e355e7e9be1f8566f5

                                                            SHA512

                                                            3c0b52cdd626312627a46418b38cbd3204261e1bc890b9f1898a0351a19726fff5326744e0495a428620e0449710497a45557894f004e22d62f6dd680e043b9a

                                                            Download Submit

                                                          • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                            Filesize

                                                            3.2MB

                                                            MD5

                                                            a7ce785b6cd1c9657040ca9b6cbeed10

                                                            SHA1

                                                            4b254fee47cc8a9eaec6ce7b714a2ce05b6ed8ec

                                                            SHA256

                                                            7ba6e401b8e78ab28e1ccf38d2cd05e12751f960661e159b4e35bc63d3544b4d

                                                            SHA512

                                                            39202f477017daa9428a0c1bbe1daae30aa1b7b9f57b04832c44a7b28af0144ff47edfc1ad3d6a940ad1c49471dfe190077b594c337bacc115c552d91a24c2d9

                                                            Download Submit

                                                          • C:\Windows\Temp\unpack\setup.ini
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            fc5de1fea9170b61439922a367a12478

                                                            SHA1

                                                            96941d31908b0cb49adeabbdfcc43508f2b99b36

                                                            SHA256

                                                            087ba98d89b1e1366d04a909ac09d109bb80a872b6d5c38e29568dbee5b116f1

                                                            SHA512

                                                            6423294e13ea896ce12e8369101cdeaf6eb467cc60a2852e5145be12cd8ee1189a8508a59faf504bb4bc90593f451ec09291662e6bd43438bbcac57f2b69613b

                                                            Download Submit

                                                          • C:\Windows\Temp\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\ISRT.dll
                                                            Filesize

                                                            427KB

                                                            MD5

                                                            85315ad538fa5af8162f1cd2fce1c99d

                                                            SHA1

                                                            31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                            SHA256

                                                            70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                            SHA512

                                                            877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                            Download Submit

                                                          • C:\Windows\Temp\{0C7E393A-1297-497F-9C8C-D7CBDBF3293D}\_isres_0x0409.dll
                                                            Filesize

                                                            1.8MB

                                                            MD5

                                                            befe2ef369d12f83c72c5f2f7069dd87

                                                            SHA1

                                                            b89c7f6da1241ed98015dc347e70322832bcbe50

                                                            SHA256

                                                            9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                            SHA512

                                                            760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                            Download Submit

                                                          • C:\Windows\Temp\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\IsConfig.ini
                                                            Filesize

                                                            571B

                                                            MD5

                                                            38370175ce7d8dd5c3581030a9104259

                                                            SHA1

                                                            bbc1b4254c3e3da692c2667b4c5092d687ad8dc9

                                                            SHA256

                                                            ee90ca3f30aa75fe1c3b095ddd2b24680bd3b081829094c18d9c78ebed206b83

                                                            SHA512

                                                            e11494869b04a2206d3dda67411be294106f6363408399d9363b27720c6fe88fd393ae90fc2ab7cd4909e940e98f273c8869532b65a1f0b0f4b8b18a24589748

                                                            Download Submit

                                                          • C:\Windows\Temp\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\String1033.txt
                                                            Filesize

                                                            182KB

                                                            MD5

                                                            37a2c4ef0ff41955f1cb884b7790699f

                                                            SHA1

                                                            8e7dad0bc6ae65dfaec9fc29d0ef6e260dd83e9d

                                                            SHA256

                                                            6b629fdf1520ba40bb0d7bc8d9a7bb231624fd190e03bcacc607f248222b3c63

                                                            SHA512

                                                            fb3a109395872e6f116a75b39566f4b9efe0486512620deb33ef83ac0ac3165d96dbefbe3023ece1d3d0d6be7c8eb8abb58da90f01f225e1ed2d4add2b544d42

                                                            Download Submit

                                                          • C:\Windows\Temp\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\_is4293.exe
                                                            Filesize

                                                            179KB

                                                            MD5

                                                            7a1c100df8065815dc34c05abc0c13de

                                                            SHA1

                                                            3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                            SHA256

                                                            e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                            SHA512

                                                            bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                            Download Submit

                                                          • C:\Windows\Temp\{91C1B01B-DAF7-49D2-9AFC-5ECC65462A34}\setup.inx
                                                            Filesize

                                                            345KB

                                                            MD5

                                                            0376dd5b7e37985ea50e693dc212094c

                                                            SHA1

                                                            02859394164c33924907b85ab0aaddc628c31bf1

                                                            SHA256

                                                            c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                            SHA512

                                                            69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                            Download Submit

                                                          • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                            Filesize

                                                            412B

                                                            MD5

                                                            5ba86f2c8ebc18616ba063c7f65cddc0

                                                            SHA1

                                                            68e8925c377b2a64a44e452b7bdeae0b7e728d87

                                                            SHA256

                                                            912bfe124f440017b4ab126a8f6e6bbb73f82f7c5b18a3f6c9319cbf6253d200

                                                            SHA512

                                                            f0018bcca0953bcb65b26199d830ad2227708a5547a849be7bad94068e12651da4d3f4c6818d8cb1477f9225fbf7d36bf721aeb09b5c2a08aee46e235081c418

                                                            Download Submit

                                                          • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                            Filesize

                                                            1KB

                                                            MD5

                                                            9cad061ddf5ad182cfe7879190aeed71

                                                            SHA1

                                                            cfd292d16d937f95b642527464403b7e5ef6af96

                                                            SHA256

                                                            b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                            SHA512

                                                            df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                            Download Submit

                                                          • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                            Filesize

                                                            24.1MB

                                                            MD5

                                                            0d324a4574a54fc8771e38c6c13e18d9

                                                            SHA1

                                                            c6af7c5cf20759a4f43aac703e9bdd80e1f6ff59

                                                            SHA256

                                                            18245095d3d11810b0a080c7c5da87b94ef47351952b37b1db98053185f4fc52

                                                            SHA512

                                                            ed03bf28942fc0d3f2768b46a6404dcd1cd4bea331132faf0567cdab49084f36320a41b15d155d87571eb2810504d9adffd2b9773094c1213cee43caffa73a16

                                                            Download Submit

                                                          • \??\Volume{62c5c1e3-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{c567b7b5-8d85-4845-8d28-fc59bf21ae2f}_OnDiskSnapshotProp
                                                            Filesize

                                                            6KB

                                                            MD5

                                                            1f814ecf537f1e04593cacff2d92c52c

                                                            SHA1

                                                            02397230a9259b10c227200a7bccf2f953683215

                                                            SHA256

                                                            50d3c2a3aebd90b0746942cae698ce72d26f580c51564d9d7d4242cd86c72d57

                                                            SHA512

                                                            a5a4b81bb129d2fae1b5c032f2e4ad71739b245b28c735b055797393a36e00d1b1b0cc9cebf260fcd92ff20af5386eb21193284cb5a9b871df04ce0d8c9e8629

                                                            Download Submit

                                                          • memory/1000-1152-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1000-2247-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1000-2248-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/1000-3039-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/1000-1245-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/1000-1080-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/1000-3038-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1000-1079-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1116-1249-0x0000019E58720000-0x0000019E587D2000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/1116-1250-0x0000019E58660000-0x0000019E58680000-memory.dmp

                                                            Filesize

                                                            128KB

                                                            Download

                                                          • memory/1116-1248-0x0000019E3FF70000-0x0000019E3FF88000-memory.dmp

                                                            Filesize

                                                            96KB

                                                            Download

                                                          • memory/1116-1247-0x0000019E3F5F0000-0x0000019E3F5FC000-memory.dmp

                                                            Filesize

                                                            48KB

                                                            Download

                                                          • memory/1208-216-0x00000204DB890000-0x00000204DB8AC000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/1208-214-0x00000204F44F0000-0x00000204F45A2000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/1208-211-0x00000204DB3C0000-0x00000204DB3D6000-memory.dmp

                                                            Filesize

                                                            88KB

                                                            Download

                                                          • memory/1708-1013-0x0000000010000000-0x0000000010114000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1708-414-0x0000000003970000-0x0000000003B37000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                            Download

                                                          • memory/1708-411-0x0000000010000000-0x0000000010114000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1708-445-0x0000000010000000-0x0000000010114000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1708-833-0x0000000010000000-0x0000000010114000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1708-836-0x00000000039B0000-0x0000000003B77000-memory.dmp

                                                            Filesize

                                                            1.8MB

                                                            Download

                                                          • memory/1708-948-0x0000000010000000-0x0000000010114000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/1708-976-0x0000000010000000-0x0000000010114000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/2124-1722-0x000001CD32290000-0x000001CD322DA000-memory.dmp

                                                            Filesize

                                                            296KB

                                                            Download

                                                          • memory/2124-1731-0x000001CD31EA0000-0x000001CD31EBC000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/2124-1720-0x000001CD319D0000-0x000001CD31A04000-memory.dmp

                                                            Filesize

                                                            208KB

                                                            Download

                                                          • memory/2124-1735-0x000001CD322E0000-0x000001CD322F8000-memory.dmp

                                                            Filesize

                                                            96KB

                                                            Download

                                                          • memory/2124-1739-0x000001CD4ABA0000-0x000001CD4ABEA000-memory.dmp

                                                            Filesize

                                                            296KB

                                                            Download

                                                          • memory/2124-1736-0x000001CD31EC0000-0x000001CD31ECA000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/2468-88-0x000002BD2AC50000-0x000002BD2AC8C000-memory.dmp

                                                            Filesize

                                                            240KB

                                                            Download

                                                          • memory/2468-71-0x000002BD2A7C0000-0x000002BD2A7E6000-memory.dmp

                                                            Filesize

                                                            152KB

                                                            Download

                                                          • memory/2468-83-0x000002BD44E00000-0x000002BD44E98000-memory.dmp

                                                            Filesize

                                                            608KB

                                                            Download

                                                          • memory/2468-87-0x000002BD2ABC0000-0x000002BD2ABD2000-memory.dmp

                                                            Filesize

                                                            72KB

                                                            Download

                                                          • memory/3052-118-0x00000266CFD30000-0x00000266CFDE2000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/3052-124-0x00000266CFC70000-0x00000266CFC92000-memory.dmp

                                                            Filesize

                                                            136KB

                                                            Download

                                                          • memory/3052-132-0x00000266CFCF0000-0x00000266CFD28000-memory.dmp

                                                            Filesize

                                                            224KB

                                                            Download

                                                          • memory/3436-1710-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/3436-1711-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/3436-1258-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/3492-43-0x0000000005570000-0x0000000005602000-memory.dmp

                                                            Filesize

                                                            584KB

                                                            Download

                                                          • memory/3492-42-0x0000000005A30000-0x0000000005FD4000-memory.dmp

                                                            Filesize

                                                            5.6MB

                                                            Download

                                                          • memory/3492-41-0x0000000005470000-0x0000000005478000-memory.dmp

                                                            Filesize

                                                            32KB

                                                            Download

                                                          • memory/3492-37-0x0000000005430000-0x000000000545E000-memory.dmp

                                                            Filesize

                                                            184KB

                                                            Download

                                                          • memory/3632-1081-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/3632-1084-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/3632-1246-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/3632-1257-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/4432-1738-0x0000020ACBF40000-0x0000020ACC01C000-memory.dmp

                                                            Filesize

                                                            880KB

                                                            Download

                                                          • memory/4432-1719-0x0000020AB3510000-0x0000020AB355A000-memory.dmp

                                                            Filesize

                                                            296KB

                                                            Download

                                                          • memory/4432-1717-0x0000020AB2B40000-0x0000020AB2B50000-memory.dmp

                                                            Filesize

                                                            64KB

                                                            Download

                                                          • memory/4432-1729-0x0000020AB2F30000-0x0000020AB2F4C000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/4432-1745-0x0000020ACC020000-0x0000020ACC0D2000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/4452-277-0x00000287FB590000-0x00000287FB598000-memory.dmp

                                                            Filesize

                                                            32KB

                                                            Download

                                                          • memory/4452-281-0x00000287FB700000-0x00000287FB72A000-memory.dmp

                                                            Filesize

                                                            168KB

                                                            Download

                                                          • memory/4452-266-0x00000287FB490000-0x00000287FB4DC000-memory.dmp

                                                            Filesize

                                                            304KB

                                                            Download

                                                          • memory/4452-264-0x00000287E2CF0000-0x00000287E2D0C000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/4452-269-0x00000287E2BC0000-0x00000287E2BC8000-memory.dmp

                                                            Filesize

                                                            32KB

                                                            Download

                                                          • memory/4452-262-0x00000287FB440000-0x00000287FB48A000-memory.dmp

                                                            Filesize

                                                            296KB

                                                            Download

                                                          • memory/4452-259-0x00000287E2320000-0x00000287E2384000-memory.dmp

                                                            Filesize

                                                            400KB

                                                            Download

                                                          • memory/4452-275-0x00000287FB430000-0x00000287FB438000-memory.dmp

                                                            Filesize

                                                            32KB

                                                            Download

                                                          • memory/4452-270-0x00000287E2D10000-0x00000287E2D1A000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/4452-284-0x00000287FC5B0000-0x00000287FC5EA000-memory.dmp

                                                            Filesize

                                                            232KB

                                                            Download

                                                          • memory/4452-285-0x00000287FB6D0000-0x00000287FB6F6000-memory.dmp

                                                            Filesize

                                                            152KB

                                                            Download

                                                          • memory/4452-274-0x00000287FB890000-0x00000287FB942000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/4452-276-0x00000287FB580000-0x00000287FB588000-memory.dmp

                                                            Filesize

                                                            32KB

                                                            Download

                                                          • memory/4452-268-0x00000287FB4E0000-0x00000287FB528000-memory.dmp

                                                            Filesize

                                                            288KB

                                                            Download

                                                          • memory/4452-272-0x00000287FB7B0000-0x00000287FB88C000-memory.dmp

                                                            Filesize

                                                            880KB

                                                            Download

                                                          • memory/4452-279-0x00000287FB740000-0x00000287FB7A8000-memory.dmp

                                                            Filesize

                                                            416KB

                                                            Download

                                                          • memory/4488-176-0x0000016319570000-0x00000163195A0000-memory.dmp

                                                            Filesize

                                                            192KB

                                                            Download

                                                          • memory/4488-181-0x0000016319970000-0x000001631998C000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/4488-179-0x0000016332740000-0x00000163327F0000-memory.dmp

                                                            Filesize

                                                            704KB

                                                            Download

                                                          • memory/4524-1227-0x00000199F72A0000-0x00000199F72B2000-memory.dmp

                                                            Filesize

                                                            72KB

                                                            Download

                                                          • memory/4524-1541-0x00000199F83C0000-0x00000199F8414000-memory.dmp

                                                            Filesize

                                                            336KB

                                                            Download

                                                          • memory/4524-1229-0x00000199F8480000-0x00000199F8532000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/4524-1228-0x00000199F7B30000-0x00000199F7B4C000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/4836-1150-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/4836-3083-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/4836-2245-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/4836-2040-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/4836-2039-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/4836-1066-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/4836-2244-0x0000000073020000-0x000000007313C000-memory.dmp

                                                            Filesize

                                                            1.1MB

                                                            Download

                                                          • memory/4836-1151-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/4836-3084-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/4836-1067-0x0000000072C50000-0x000000007301D000-memory.dmp

                                                            Filesize

                                                            3.8MB

                                                            Download

                                                          • memory/5356-1713-0x000001B07F8D0000-0x000001B07F8E4000-memory.dmp

                                                            Filesize

                                                            80KB

                                                            Download

                                                          • memory/5356-1416-0x000001B07F550000-0x000001B07F560000-memory.dmp

                                                            Filesize

                                                            64KB

                                                            Download

                                                          • memory/5356-1451-0x000001B07F8B0000-0x000001B07F8D0000-memory.dmp

                                                            Filesize

                                                            128KB

                                                            Download

                                                          • memory/5356-1630-0x000001B07FA40000-0x000001B07FAF2000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/5356-1705-0x000001B07F980000-0x000001B07F9E6000-memory.dmp

                                                            Filesize

                                                            408KB

                                                            Download

                                                          • memory/5516-1740-0x000001DCA5D90000-0x000001DCA5DAC000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/5516-1737-0x000001DCBE680000-0x000001DCBE732000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/5516-1550-0x000001DCA5490000-0x000001DCA54CA000-memory.dmp

                                                            Filesize

                                                            232KB

                                                            Download

                                                          • memory/5516-1744-0x000001DCBE610000-0x000001DCBE658000-memory.dmp

                                                            Filesize

                                                            288KB

                                                            Download

                                                          • memory/5640-1549-0x00000241D6860000-0x00000241D6870000-memory.dmp

                                                            Filesize

                                                            64KB

                                                            Download

                                                          • memory/5640-1734-0x00000241F0630000-0x00000241F0676000-memory.dmp

                                                            Filesize

                                                            280KB

                                                            Download

                                                          • memory/5640-1718-0x00000241EF8C0000-0x00000241EF8E0000-memory.dmp

                                                            Filesize

                                                            128KB

                                                            Download

                                                          • memory/5640-1732-0x00000241F0C40000-0x00000241F129C000-memory.dmp

                                                            Filesize

                                                            6.4MB

                                                            Download

                                                          • memory/5640-1714-0x00000241EF980000-0x00000241EFA32000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/5640-1631-0x00000241D6C20000-0x00000241D6C30000-memory.dmp

                                                            Filesize

                                                            64KB

                                                            Download

                                                          • memory/5920-1712-0x0000015269380000-0x000001526938A000-memory.dmp

                                                            Filesize

                                                            40KB

                                                            Download

                                                          • memory/5920-1715-0x0000015269BC0000-0x0000015269BDA000-memory.dmp

                                                            Filesize

                                                            104KB

                                                            Download

                                                          • memory/5920-1723-0x000001526A540000-0x000001526A5F2000-memory.dmp

                                                            Filesize

                                                            712KB

                                                            Download

                                                          • memory/6020-1728-0x00000203651B0000-0x00000203651CC000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download

                                                          • memory/6020-1725-0x0000020365230000-0x000002036527A000-memory.dmp

                                                            Filesize

                                                            296KB

                                                            Download

                                                          • memory/6020-1724-0x0000020364970000-0x000002036497C000-memory.dmp

                                                            Filesize

                                                            48KB

                                                            Download

                                                          • memory/6140-1730-0x0000027767D60000-0x0000027767D72000-memory.dmp

                                                            Filesize

                                                            72KB

                                                            Download

                                                          • memory/6140-1733-0x0000027768240000-0x000002776828A000-memory.dmp

                                                            Filesize

                                                            296KB

                                                            Download

                                                          • memory/6140-1746-0x0000027768210000-0x000002776822C000-memory.dmp

                                                            Filesize

                                                            112KB

                                                            Download