Overview

overview

10

Static

static

10

Internatio...ar.msi

windows7-x64

10

Internatio...ar.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-11-2024 14:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    International webinar.msi

  • Size

    2.9MB

  • MD5

    dc9945e4be642c2a40019008b53800cf

  • SHA1

    4270855a7a9e998a5d57d111d27e35074929badf

  • SHA256

    4a4db999c37c5cc6e098acd2b7dcbdb7c3e7cdf0de9ecb8eaac93b6abcd8f452

  • SHA512

    3fa911b43080e1848cfb2ba7ecedbcc7cca3fae9de6534334dabacbcc9de09feb6df43199c39bd6932ac8b0c29cb510a02fefbbf845afd7e60ccf1b98c0b120d

  • SSDEEP

    49152:Q+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:Q+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoverypersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 42 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 4 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 59 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 2 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\International webinar.msi"
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1240
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3708
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 4B5A3E98986436BCCC68149D5DD8F30F
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3436
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIB1CB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240628453 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3464
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIB825.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240629828 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:716
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIC0D1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240632031 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3632
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSID112.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240636250 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3488
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding F7E19370FD663627B3DBC82C42B24B68 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1524
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4256
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3144
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:1312
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NkGFsIAN" /AgentId="9ed9bd12-6b3d-4d01-8905-64731d7509f6"
      2⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2144
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding C5F56C82D9F4709767A86B94E42E668F E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      PID:4756
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{05E23CD6-11DA-4A53-80EC-11E6BC88D377}
        3⤵
        • Executes dropped EXE
        PID:3440
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0C8A5A58-EB0B-41CF-9066-E5EE01B7DCA3}
        3⤵
        • Executes dropped EXE
        PID:4492
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EF45607F-70B3-4EA3-B3E3-E8F7E7C9D964}
        3⤵
        • Executes dropped EXE
        PID:1716
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E8CF960E-D4B9-47B3-8F0F-42FC40B0F635}
        3⤵
        • Executes dropped EXE
        PID:388
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B5EDF27-B111-4715-9EA8-2120F594244B}
        3⤵
        • Executes dropped EXE
        PID:2880
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9440DB4B-222C-4D0E-B24D-8C2B45CBD003}
        3⤵
        • Executes dropped EXE
        PID:428
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{829ABD65-61C4-4F90-972A-94589DC16808}
        3⤵
        • Executes dropped EXE
        PID:3920
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{99961D55-B996-4C7F-8F11-7E04D438EEB5}
        3⤵
        • Executes dropped EXE
        PID:3908
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D0D00B23-2547-485E-8A74-457A383B39D2}
        3⤵
        • Executes dropped EXE
        PID:1444
      • C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe
        C:\Windows\TEMP\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_is7589.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{453E5928-9601-4F6F-8820-07E886D26824}
        3⤵
        • Executes dropped EXE
        PID:1300
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3440
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:992
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1796
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:388
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3088
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:664
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4968
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1312
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2140
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4492
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1616
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4988
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1684
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3920
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4960
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3140
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2032
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:512
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3572
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:756
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3FAF4DA0-E4F0-4603-9EEF-FBF2B0B18894}
        3⤵
        • Executes dropped EXE
        PID:1308
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{85061235-64E0-4725-8D3F-21D723C5D92A}
        3⤵
        • Executes dropped EXE
        PID:1456
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A449D17B-D12A-49D2-9DE0-7BB92EBF0F0D}
        3⤵
        • Executes dropped EXE
        PID:3828
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1BFAE17E-42CD-4C24-B3F3-240BDF597CC9}
        3⤵
        • Executes dropped EXE
        PID:4472
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A2B01184-5B26-4B63-A5D2-0DF1A83868E9}
        3⤵
        • Executes dropped EXE
        PID:1012
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{12D850AE-14A3-4D61-B37B-43272385B667}
        3⤵
        • Executes dropped EXE
        PID:428
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{510D71F3-1904-41CA-B8D9-D7570A124D13}
        3⤵
        • Executes dropped EXE
        PID:4320
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{295B3EBC-735F-405B-B14A-C05F1D6AB9A2}
        3⤵
        • Executes dropped EXE
        PID:2304
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{03434D17-7D99-4A95-9223-AC2E581D26AD}
        3⤵
        • Executes dropped EXE
        PID:1644
      • C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
        C:\Windows\TEMP\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D3EFA123-42A6-43F2-A34F-7FA262742005}
        3⤵
        • Executes dropped EXE
        PID:4212
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F3EA09C1-6F03-4335-ACDE-2ABC9B87E6B1}
        3⤵
        • Executes dropped EXE
        PID:3660
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DC2373EE-9E7F-4EDA-B480-F5538F19AD20}
        3⤵
        • Executes dropped EXE
        PID:4472
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{63226DFE-54B9-40C5-ABDA-4E92F2F5F6C2}
        3⤵
        • Executes dropped EXE
        PID:388
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4DF1B8DF-4633-4D3A-AEE5-919FF9953B55}
        3⤵
        • Executes dropped EXE
        PID:3084
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{688B330A-DD40-43F0-BB89-EEA832E6CF5E}
        3⤵
        • Executes dropped EXE
        PID:4412
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2696CBF1-4F7F-4784-8E1D-95AE1F392604}
        3⤵
        • Executes dropped EXE
        PID:5020
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2BD7AD5B-6A9F-455B-8B43-1D9AFCEE5FE3}
        3⤵
        • Executes dropped EXE
        PID:4384
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E1F5DFFA-F8BD-4D92-95D8-CB0CCD77610C}
        3⤵
        • Executes dropped EXE
        PID:4820
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B156E7C-51F4-46EB-9977-5ADB98F18F89}
        3⤵
        • Executes dropped EXE
        PID:860
      • C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe
        C:\Windows\TEMP\{004A6DE7-4A1C-4442-8AD2-2A82B3393BC4}\_is9315.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D937F6F-5C45-4E64-B2A9-A276E071CC0D}
        3⤵
        • Executes dropped EXE
        PID:2964
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1016
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3100
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:4368
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:4820
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:3488
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:1880
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5C830E4D-E02E-4F3C-8B7C-5F251B91AF0D}
            3⤵
            • Executes dropped EXE
            PID:3092
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B216134-2FF3-461B-A6EA-776C68BDFEDB}
            3⤵
            • Executes dropped EXE
            PID:2568
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9F26EEB8-765F-41AD-B95D-CC07066B5116}
            3⤵
            • Executes dropped EXE
            PID:4792
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C25B058E-FB57-4055-A9BA-34C459AF8C49}
            3⤵
            • Executes dropped EXE
            PID:2304
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BDCDE65C-192C-4390-B012-107AF326BE8B}
            3⤵
            • Executes dropped EXE
            PID:4432
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D7297606-B4C8-45A1-8FB1-409A0521F030}
            3⤵
            • Executes dropped EXE
            PID:3688
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A3988323-8672-4FBE-BC8A-9F49D2390390}
            3⤵
            • Executes dropped EXE
            PID:3424
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C49812E6-F195-44C2-84CF-7B6E2DBDDDD3}
            3⤵
            • Executes dropped EXE
            PID:1680
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B386839F-1268-4771-A99E-077EFB3C063D}
            3⤵
            • Executes dropped EXE
            PID:1700
          • C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe
            C:\Windows\TEMP\{F35A197A-2755-4072-9DA2-A63A63A9D5A9}\_isA670.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{98313DC6-B9C3-42A6-B86B-47B2D682B0E4}
            3⤵
            • Executes dropped EXE
            PID:4384
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:4576
          • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
            C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0DC2FC52-5D47-4329-A286-3266EA158305}
            3⤵
            • Executes dropped EXE
            PID:4776
          • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
            C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F836E015-B6EA-4D5B-9CF2-3327A850FC47}
            3⤵
            • Executes dropped EXE
            PID:396
          • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
            C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE2CA246-7F2F-4CC7-A697-8CDB865A259E}
            3⤵
            • Executes dropped EXE
            PID:4988
          • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
            C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CEA57F74-AE6D-4448-9F60-A52FD56E0E72}
            3⤵
            • Executes dropped EXE
            PID:3424
          • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
            C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37280BFF-77C0-471F-B90B-59FCADC7D5EB}
            3⤵
            • Executes dropped EXE
            PID:1680
          • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
            C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B8BAD224-DCDD-4694-BFE0-366DE525EDCF}
            3⤵
            • Executes dropped EXE
            PID:828
          • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
            C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E897A2C2-2535-4FD6-86BF-51E24BAA86AA}
            3⤵
              PID:2688
            • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
              C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CF94B5D4-EC46-49B9-B7FA-2D6C68524429}
              3⤵
                PID:320
              • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
                C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{243E4F21-0E77-4CA8-BF3B-809EDD8298A6}
                3⤵
                  PID:3084
                • C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe
                  C:\Windows\TEMP\{A5F1B541-B564-42CE-86E8-665B90097C03}\_isAB34.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{89D8D518-F15B-4010-92FB-2269116F914A}
                  3⤵
                    PID:4324
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:1152
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding CBBF8877D049CCA6ABBB5A716C3D8533 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:4032
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI2BEB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240725000 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                    3⤵
                    • Drops file in System32 directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5536
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI2C98.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240725156 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5880
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI2F67.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240725843 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                    3⤵
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:1592
                  • C:\Windows\SysWOW64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:5456
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:5840
                  • C:\Windows\SysWOW64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:4732
                  • C:\Windows\syswow64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:5984
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:1532
                  • C:\Windows\syswow64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:5236
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI4F3D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240733984 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                    3⤵
                    • Blocklisted process makes network request
                    • System Location Discovery: System Language Discovery
                    PID:1816
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                  2⤵
                  • Drops file in System32 directory
                  PID:6140
                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="d732183a-55e1-49b1-a252-1309249fc4a4"
                  2⤵
                  • Drops file in System32 directory
                  • Modifies data under HKEY_USERS
                  PID:4576
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                • Checks SCSI registry key(s)
                • Suspicious use of AdjustPrivilegeToken
                PID:1128
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in System32 directory
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Modifies system certificate store
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4948
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:3144
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "750581d7-1d77-4608-98f2-a926dd54cd71" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NkGFsIAN
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  PID:2192
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "5ff88da8-b08b-4b36-a4f8-5cfeff00188d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NkGFsIAN
                  2⤵
                  • Executes dropped EXE
                  PID:3624
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "16c94e38-2a25-48f2-9644-66740a838a24" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000NkGFsIAN
                  2⤵
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Suspicious use of WriteProcessMemory
                  PID:1704
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:3892
                    • C:\Windows\system32\cscript.exe
                      cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      4⤵
                      • Modifies data under HKEY_USERS
                      PID:696
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "20510cb6-2a40-4464-ad71-9078a5bf5daf" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000NkGFsIAN
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1460
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "cbdf2162-a897-4331-ab22-4e612723886d" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000NkGFsIAN
                  2⤵
                  • Executes dropped EXE
                  PID:3560
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "5fe4e454-5ba7-47d8-b5ed-6c7d08428eca" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000NkGFsIAN
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:1704
                  • C:\Windows\TEMP\SplashtopStreamer.exe
                    "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Modifies data under HKEY_USERS
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:348
                    • C:\Windows\Temp\unpack\PreVerCheck.exe
                      "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      4⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:1512
                      • C:\Windows\SysWOW64\msiexec.exe
                        msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:3564
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Suspicious use of WriteProcessMemory
                PID:928
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:3432
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "cbdf2162-a897-4331-ab22-4e612723886d" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000NkGFsIAN
                  2⤵
                  • Executes dropped EXE
                  PID:1716
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Suspicious use of WriteProcessMemory
                PID:4428
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:1916
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "d4fe7c3d-ce1e-427e-96cd-b27eea0d933b" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000NkGFsIAN
                  2⤵
                  • Modifies data under HKEY_USERS
                  PID:2308
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer/?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=4d4f35ad79fdaacceac5d50608166646&rmm_session_pwd_ttl=86400"
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:5884
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "b04ebfe0-d47e-4fec-bdd3-01c5e3f629c3" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000NkGFsIAN
                  2⤵
                    PID:4228
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                        PID:5856
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          PID:5128
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "05910e61-c0d9-44d2-b658-806f3a5c5e66" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000NkGFsIAN
                      2⤵
                      • Writes to the Master Boot Record (MBR)
                      PID:3648
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "7223c499-d76f-41ca-a2bb-23dcbbab1efd" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000NkGFsIAN
                      2⤵
                      • Drops file in System32 directory
                      PID:1684
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "14ce11d5-6411-47ef-8b69-789c57da9273" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000NkGFsIAN
                      2⤵
                      • Drops file in System32 directory
                      • Drops file in Program Files directory
                      PID:3312
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "e683fb07-5414-40bc-be3c-2d6da3cdbd39" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000NkGFsIAN
                      2⤵
                      • Drops file in System32 directory
                      PID:3564
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "809b20cc-83dd-4132-8d5f-9ce7f2dee56a" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjp0cnVlLFx1MDAyMlJlcGVhdEludGVydmFsTWludXRlc1x1MDAyMjoxMCxcdTAwMjJEYXlzSW50ZXJ2YWxcdTAwMjI6MSxcdTAwMjJSZXBlYXREdXJhdGlvbkRheXNcdTAwMjI6MX0ifQ==" 001Q300000NkGFsIAN
                      2⤵
                        PID:3580
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "63c115ba-a16c-4810-991c-1db095177905" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000NkGFsIAN
                        2⤵
                        • Drops file in System32 directory
                        PID:5152
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "4ff216ab-9903-4552-89b4-b7a7f575cdfd" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000NkGFsIAN
                        2⤵
                        • Drops file in System32 directory
                        PID:5412
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "5e28aec7-c7f1-4d13-82a8-a00cf47dd558" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiNi4wLjM1IiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU4OTc4Y2ViLTVkZTMtNDllMi1iNTcxLTk3MjgyNWIwOGYwYS9mMWJkOWIxYmI1YjI1YjhjOWNlZTQwZWQ5YTNkODAyMy9kb3RuZXQtcnVudGltZS02LjAuMzUtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8yNjkyMDY2NC1kNzU0LTRmNzYtOWM5OS1lNjkxMTYzNDhlODIvYTQwMzE1MzcxY2M2MDdjOWYxODQ3OGM5M2YyYTY3NmEvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2EyMjNjNDViLTQ3NzctNDA1Ni1hZWEyLTY1M2M1NzZkODExNS9iZjhhZjYzYzZlNjI1YmU0YWZhODVlYzA5M2U4MWU2NS9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci9jNGY2NTYyMS1iMzZiLTQ2YTktODM4MC1kNWI2NjBiZWYyN2UvMDE4NWZkNzIwNTVkY2RjYTg2MTY2Yjk5YWRkNzE2ODYvZG90bmV0LXJ1bnRpbWUtNi4wLjM1LXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E5MGZiNWRjLWY0ODgtNDAwZS04NWNhLTg0M2ExMzY0MGY1Ni80ODNkMjQ2MzhjYzJiZWRhZGRhYjQzNzM0YWEyZTQ0Ny9kb3RuZXQtcnVudGltZS02LjAuMzUtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6IlVlSmJHR0dWb2NwZmdpckU2eDVNN29MQzhBS2NOSjk4SDNFcmJ0L0taS0dPdWxpQ1Flc1x1MDAyQmx6Wno5XHUwMDJCcnQwdXJMZ2FEeng0cmtXZm0veWg5UWI1RFRKUT09IiwiTWFjWDY0Q2hlY2tzdW0iOiJaZFZQVmRFSG40ZXFkdlNPUksxRUpXcjdnOUt5b0RZSXp6czQzOUxKeHYvZkFRdG5iTjk3OE8yTm1pNGtRSFNkdlJJazEvNFx1MDAyQjlycTZPMEx2Q2FnL1d3PT0iLCJXaW5BUk1DaGVja3N1bSI6IldlTGhodXU3Vi96NEs2WGVubDBINDVWWDExb0ZhdHdvV1BNa2pEQ2dobmhrTm5US2tqZjc0eUFcdTAwMkJcdTAwMkJ0Ri9VU1ZDZXE2T2dRbHI2V1Y1dU1rRWwxUVdqUT09IiwiV2luWDY0Q2hlY2tzdW0iOiJEREtSSlRFanp6XHUwMDJCSWUxMldTM2Y0aHVKQlNpeXR4TkRwQlI2SXpFeHpkM2ZBb0toNVV5MkEwbTlKOFU0ZVh5VmJxeEhjZzB3M25hWW1FZFNFeEwzMEZnPT0iLCJXaW5YODZDaGVja3N1bSI6IjdtSUF5bG9IeWxIVFVJakhud3NXeVVOXHUwMDJCVWU0alk3eXBrZVx1MDAyQnEyM2xNbEdzR0hpVUc1b21scW1LOVEvYVViODhLXHUwMDJCTnBGMWNaUVpXQjVJb3ZtTzVucWN3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000NkGFsIAN
                        2⤵
                        • Drops file in System32 directory
                        • Drops file in Program Files directory
                        PID:5820
                        • C:\Windows\SYSTEM32\cmd.exe
                          "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                          3⤵
                          • System Time Discovery
                          PID:5140
                          • C:\Program Files\dotnet\dotnet.exe
                            dotnet --list-runtimes
                            4⤵
                            • System Time Discovery
                            PID:5712
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "318c20b4-e58a-4000-930c-0fd8b3acc533" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000NkGFsIAN
                        2⤵
                        • Drops file in System32 directory
                        PID:5988
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "c47402d3-00a1-43c1-859b-f630c343b412" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000NkGFsIAN
                        2⤵
                        • Drops file in Program Files directory
                        PID:6000
                        • C:\Windows\SYSTEM32\msiexec.exe
                          "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                          3⤵
                            PID:548
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "71d79231-dcec-4f04-9560-ba37d054c58b" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000NkGFsIAN
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:6092
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 9ed9bd12-6b3d-4d01-8905-64731d7509f6 "cde77271-6485-4933-b74d-199d5a324a25" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000NkGFsIAN
                          2⤵
                          • Modifies registry class
                          PID:1512
                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                        1⤵
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4776
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          • Loads dropped DLL
                          • System Location Discovery: System Language Discovery
                          • Modifies data under HKEY_USERS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4208
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                            -h
                            3⤵
                            • Loads dropped DLL
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SetWindowsHookEx
                            PID:4792
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                            3⤵
                            • Drops file in Program Files directory
                            • Loads dropped DLL
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5084
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                              4⤵
                                PID:4324
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of SetWindowsHookEx
                              PID:1440
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:752
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                SRUtility.exe -r
                                4⤵
                                • System Location Discovery: System Language Discovery
                                PID:5036
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of SetWindowsHookEx
                              PID:732
                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                          "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                          1⤵
                          • Modifies data under HKEY_USERS
                          PID:1460
                          • C:\Windows\System32\sc.exe
                            "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                            2⤵
                            • Launches sc.exe
                            PID:5780

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Config.Msi\e57b0f2.rbs
                          Filesize

                          8KB

                          MD5

                          e2006f010eb7b2107f3c5ee2ea703c27

                          SHA1

                          71404882be62eec946a8ad7005615aa650f81530

                          SHA256

                          d53e2ba6f85d2aa7e572f646a2acf7e2a43e6bb9dfb9d31954ab95aa485a5107

                          SHA512

                          7d75596b2d62ae02e65c3f743bfe91c26213e8524dabcad484fa838c33cf751ea0d265a4cabc3f99937df0050925231dc6bf67a52ea2473d99eaba9bfec4a48b

                          Download Submit

                        • C:\Config.Msi\e57b0f7.rbs
                          Filesize

                          74KB

                          MD5

                          3ae976ac1ef87e20b90758adc4d070e7

                          SHA1

                          0dcc82884bbeca4e185aa61c0f70a0841327b3bb

                          SHA256

                          bf097a0aafea25785df2c1e5ae25bb3f8dc2dbf50cf33998734bc58ac4ff1950

                          SHA512

                          6245018c2e1deff548317dab3ca064eb1df55e03c9b889c0f944fec546aaca362297da6dd8f7768bb25537a2f007d6f773a4da159cee89c0bb425bf5207e4215

                          Download Submit

                        • C:\Config.Msi\e57b0f9.rbs
                          Filesize

                          464B

                          MD5

                          51ffddd61adb5a4804d6eedfc5483b01

                          SHA1

                          e9cbc5be5526044abf0e70afad360db244d7efa3

                          SHA256

                          bee42659069ff753718ca324376e07eac1e0c83524ef0ba11b657a0398910fd0

                          SHA512

                          7c28565989de98b3bec6239eeeb8add4a7e219f2dc311e54698923249be81b91218a044eae72cdefaccd99bd7c938cb582fe76255335faeebd078239bd98a17f

                          Download Submit

                        • C:\Config.Msi\e57b0ff.rbs
                          Filesize

                          9KB

                          MD5

                          cb6108c080461a73c607fa0ebe1ddab3

                          SHA1

                          c1049fd7c72efd0140827c799faa24de8c91dd0c

                          SHA256

                          dc4d4e383cf6b6b7fc51e02336de071f5b4f790309fdb59a3e9d79d7e8151fcb

                          SHA512

                          d536609c6b549459f8930cc0f167a9914de8de5b56c7d44466654c903f8c3d8e8bdd0c92c1647d5b6f7a43beed5f19ccd5e551a667682a9605e884af48599202

                          Download Submit

                        • C:\Config.Msi\e57b107.rbs
                          Filesize

                          8KB

                          MD5

                          3619423c10b60cf70dd6091f524cfdb8

                          SHA1

                          cbf3c57b7fa27dff98518540def65fe12ae2d6c7

                          SHA256

                          56862883d917338476906dee2485fcbb696572cc15e1cc322ebed037e45924c8

                          SHA512

                          1361675938d0e32349ef54f234b48382a0a0620563bcaacfbb9993a67ccc3abf0dd334756c52ccebe522883bb1c9c94dc3054889628ac8818fe15dbb4a683793

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                          Filesize

                          753B

                          MD5

                          8298451e4dee214334dd2e22b8996bdc

                          SHA1

                          bc429029cc6b42c59c417773ea5df8ae54dbb971

                          SHA256

                          6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

                          SHA512

                          cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                          Filesize

                          1KB

                          MD5

                          337079222a6f6c6edf58f3f981ff20ae

                          SHA1

                          1f705fc0faa84c69e1fe936b34783b301323e255

                          SHA256

                          ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                          SHA512

                          ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                          Filesize

                          142KB

                          MD5

                          477293f80461713d51a98a24023d45e8

                          SHA1

                          e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                          SHA256

                          a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                          SHA512

                          23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                          Filesize

                          1KB

                          MD5

                          b3bb71f9bb4de4236c26578a8fae2dcd

                          SHA1

                          1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                          SHA256

                          e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                          SHA512

                          fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                          Filesize

                          210KB

                          MD5

                          c106df1b5b43af3b937ace19d92b42f3

                          SHA1

                          7670fc4b6369e3fb705200050618acaa5213637f

                          SHA256

                          2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                          SHA512

                          616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                          Filesize

                          693KB

                          MD5

                          2c4d25b7fbd1adfd4471052fa482af72

                          SHA1

                          fd6cd773d241b581e3c856f9e6cd06cb31a01407

                          SHA256

                          2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                          SHA512

                          f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                          Filesize

                          157KB

                          MD5

                          242d415e238789fbc57c5ac7e8ca5d02

                          SHA1

                          09c1e25e035be67c9fbfa23b336e26bfd2c76d04

                          SHA256

                          7f3ded5bf167553a5a09ca8a9d80a451eb71ccecc043bda1dd8080a2cbe35fa2

                          SHA512

                          ac55d401951ecf0112051db033cc9014e824ab6a5ed9ea129a8793408d9bf2446cb3c15711e59a8577e0f60d858a4639e99e38d6232315f0f39df2c40217ea40

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                          Filesize

                          51KB

                          MD5

                          3180c705182447f4bcc7ce8e2820b25d

                          SHA1

                          ad6486557819a33d3f29b18d92b43b11707aae6e

                          SHA256

                          5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                          SHA512

                          228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                          Filesize

                          12B

                          MD5

                          eb053699fc80499a7185f6d5f7d55bfe

                          SHA1

                          9700472d22b1995c320507917fa35088ae4e5f05

                          SHA256

                          bce3dfdca8f0b57846e914d497f4bb262e3275f05ea761d0b4f4b778974e6967

                          SHA512

                          d66fa39c69d9c6448518cb9f98cbdad4ce5e93ceef8d20ce0deef91fb3e512b5d5a9458f7b8a53d4b68d693107872c5445e99f87c948878f712f8a79bc761dbf

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                          Filesize

                          173KB

                          MD5

                          fd9df72620bca7c4d48bc105c89dffd2

                          SHA1

                          2e537e504704670b52ce775943f14bfbaf175c1b

                          SHA256

                          847d0cd49cce4975bafdeb67295ed7d2a3b059661560ca5e222544e9dfc5e760

                          SHA512

                          47228cbdba54cd4e747dba152feb76a42bfc6cd781054998a249b62dd0426c5e26854ce87b6373f213b4e538a62c08a89a488e719e2e763b7b968e77fbf4fc02

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                          Filesize

                          546B

                          MD5

                          158fb7d9323c6ce69d4fce11486a40a1

                          SHA1

                          29ab26f5728f6ba6f0e5636bf47149bd9851f532

                          SHA256

                          5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                          SHA512

                          7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                          Filesize

                          688KB

                          MD5

                          3ef8d12aa1d48dec3ac19a0ceabd4fd8

                          SHA1

                          c81b7229a9bd55185a0edccb7e6df3b8e25791cf

                          SHA256

                          18c1ddbdbf47370cc85fa2cf7ba043711ab3eadbd8da367638686dfd6b735c85

                          SHA512

                          0ff2e8dbfef7164b22f9ae9865e83154096971c3f0b236d988ab947e803c1ed03d86529ab80d2be9ff33af305d34c9b30082f8c26e575f0979ca9287b415f9f9

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          Filesize

                          27KB

                          MD5

                          797c9554ec56fd72ebb3f6f6bef67fb5

                          SHA1

                          40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                          SHA256

                          7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                          SHA512

                          4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                          Filesize

                          214KB

                          MD5

                          01807774f043028ec29982a62fa75941

                          SHA1

                          afc25cf6a7a90f908c0a77f2519744f75b3140d4

                          SHA256

                          9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                          SHA512

                          33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                          Filesize

                          37KB

                          MD5

                          efb4712c8713cb05eb7fe7d87a83a55a

                          SHA1

                          c94d106bba77aecf88540807da89349b50ea5ae7

                          SHA256

                          30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                          SHA512

                          3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                          Filesize

                          389KB

                          MD5

                          5e3252e0248b484e76fcdbf8b42a645d

                          SHA1

                          11ae92fd16ac87f6ab755911e85e263253c16516

                          SHA256

                          01f464fbb9b0bfd0e16d4ad6c5de80f7aad0f126e084d7f41fef36be6ec2fc8e

                          SHA512

                          540d6b3ca9c01e3e09673601514af701a41e7d024070de1257249c3c077ac53852bd04ab4ac928a38c9c84f423a6a3a89ab0676501a9edc28f95de83818fb699

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                          Filesize

                          48KB

                          MD5

                          2842c8771c36e8e092f28771a087ce55

                          SHA1

                          f425fcb47583c5832f6a9eaf0c1d232796e6646f

                          SHA256

                          d5c921bcada6ec7834bc3923702ebd9957ad7307a4b459d33e4cc212bd1c1b59

                          SHA512

                          7ab91b4ddda2209f8bc8fc6eda53ba72ee64d36c57b8d404c87d976a2c0d8fa6aa32efc57158bbb03c2614ca841a36e0d5cc42927e3b99768225d6874ca51f7a

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                          Filesize

                          196KB

                          MD5

                          680bac4393da4dafe0100d9483d3b6e4

                          SHA1

                          ed211ef61232c5aacee7ca168659f02f9d4f4e53

                          SHA256

                          c085580ab859de8fedba47ca694ab475fad9b87d4093586db3524e60d8383f73

                          SHA512

                          5756c46b3cf0c55957c4d885f7cba9fa71e051e1050fdbc18b6871db044109755e9e936ce984e9e3bd30cc6bae2902b9b618f895cc95ad3d605d9586ca5ac01b

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                          Filesize

                          56KB

                          MD5

                          0f33a7acb33960d1306ba418405d8264

                          SHA1

                          bc24c37727b00d514446c8b5fb6c04f36254a067

                          SHA256

                          a43f099127bfe1640deca971252e573fe1745b04f29aa6b2fd672226799739c6

                          SHA512

                          72a99786acd4b1322e63eb253bbc651d5ec0fee83984e5214c3faf7aff489389375bf724ecfcfce5e78905bdb3e7d8a99dbae424a59b73d38a55be0657c1ec33

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                          Filesize

                          9KB

                          MD5

                          9d1528a2ce17522f6de064ae2c2b608e

                          SHA1

                          2f1ce8b589e57ab300bb93dde176689689f75114

                          SHA256

                          11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                          SHA512

                          a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.6092.update
                          Filesize

                          9KB

                          MD5

                          14ffcf07375b3952bd3f2fe52bb63c14

                          SHA1

                          ab2eadde4c614eb8f1f2cae09d989c5746796166

                          SHA256

                          6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                          SHA512

                          14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                          Filesize

                          7KB

                          MD5

                          39b0bd42c9af4735a144de16cc40b875

                          SHA1

                          4bb5c05829e73b36f5b582fe0e234388ee2a6a6b

                          SHA256

                          5a76f7ea86089b6c2fb729044de44845a13326f4c58609beebec8b13e2cd2830

                          SHA512

                          b7eaf47b923aa009cbd456570fe5b57448d0a28239155567c40f25f1a0511883e498398ca207423a110998ae8e15e5edd414cfc6569f68eb25a6d46f9dd0d3a6

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                          Filesize

                          2B

                          MD5

                          81051bcc2cf1bedf378224b0a93e2877

                          SHA1

                          ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                          SHA256

                          7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                          SHA512

                          1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                          Filesize

                          54KB

                          MD5

                          77c613ffadf1f4b2f50d31eeec83af30

                          SHA1

                          76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                          SHA256

                          2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                          SHA512

                          29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                          Filesize

                          72KB

                          MD5

                          749c51599fbf82422791e0df1c1e841c

                          SHA1

                          bba9a471e9300bcd4ebe3359d3f73b53067b781d

                          SHA256

                          c176f54367f9de7272b24fd4173271fd00e26c2dbdbf944b42d7673a295a65e6

                          SHA512

                          f0a5059b326446a7bd8f4c5b1ba5858d1affdc48603f6ce36355daeaab4ed3d1e853359a2440c69c5dee3d47e84f7bf38d7adf8707c277cd056f6ebca5942cc5

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                          Filesize

                          50KB

                          MD5

                          254dcbee3213189461b66e962ce8cc05

                          SHA1

                          cf970344713cdfad9e35f85acdb0fa1e1721ca1c

                          SHA256

                          e2e7190e062d57287e242730c9daa32f32eeec26836f75290e66fc566f1ea119

                          SHA512

                          7955ba42cbf7b36831e663be7c9591656f7ad2b4ea5e8249a5458a1598a226bb28f1e7130f135cf590011170117ddcf425acf93c0725899b4e4ca54404a93be4

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                          Filesize

                          32KB

                          MD5

                          f531d3157e9ff57eea92db36c40e283e

                          SHA1

                          d0e49925476af438875fa9b1ccfb9077fa371ecc

                          SHA256

                          30aa4b3e85e20ada6fe045c7e93fee0d4642dcabd358a9987d7289c2c5582251

                          SHA512

                          27d247ab93ef313ce06ff5c1deca4b0819b688839c46808a6be709c205c81b93562181926a36a45a7da9570baea3b3152b6673a3bcce0b9326c7d3599a3d63c8

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                          Filesize

                          56KB

                          MD5

                          e9794f785780945d2dde78520b9bb59f

                          SHA1

                          293cae66cedbc7385cd49819587d3d5a61629422

                          SHA256

                          0568e0d210de9b344f9ce278291acb32106d8425bdd467998502c1a56ac92443

                          SHA512

                          1a3c15e18557a14f0df067478f683e8b527469126792fae7b78361dad29317ff7b9d307b5a35e303487e2479d34830aa7e894f2906efff046436428ada9a4534

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                          Filesize

                          588KB

                          MD5

                          17d74c03b6bcbcd88b46fcc58fc79a0d

                          SHA1

                          bc0316e11c119806907c058d62513eb8ce32288c

                          SHA256

                          13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                          SHA512

                          f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                          Download Submit

                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                          Filesize

                          216B

                          MD5

                          54a3e738bcaddb61daf2cfb36a65f138

                          SHA1

                          d63096714ed1b2a542245c40581ab6c4b397e2c9

                          SHA256

                          0761431f03929e558b6150dc44fdffa79744c3030327c802789e935451bd966b

                          SHA512

                          6f0724c248cca09a687d0c4786174a6b18da1fc1bf4292ed07730a7733e2b3cba87661b981e249b97686aa005556dc2df771b326d641490f241c48134b7849af

                          Download Submit

                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                          Filesize

                          9KB

                          MD5

                          1ef7574bc4d8b6034935d99ad884f15b

                          SHA1

                          110709ab33f893737f4b0567f9495ac60c37667c

                          SHA256

                          0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                          SHA512

                          947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                          Download Submit

                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                          Filesize

                          10KB

                          MD5

                          f512536173e386121b3ebd22aac41a4e

                          SHA1

                          74ae133215345beaebb7a95f969f34a40dda922a

                          SHA256

                          a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                          SHA512

                          1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                          Download Submit

                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                          Filesize

                          76KB

                          MD5

                          b40fe65431b18a52e6452279b88954af

                          SHA1

                          c25de80f00014e129ff290bf84ddf25a23fdfc30

                          SHA256

                          800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                          SHA512

                          e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                          Download Submit

                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                          Filesize

                          80KB

                          MD5

                          3904d0698962e09da946046020cbcb17

                          SHA1

                          edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                          SHA256

                          a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                          SHA512

                          c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                          Download Submit

                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                          Filesize

                          96KB

                          MD5

                          c381332ad5ed882aec0fbd96e81b8452

                          SHA1

                          eff755a566a03e3bfb54276ca2b18ab6fb0766bc

                          SHA256

                          68395ca449fd7b0e26c83c2a9a6d4369855bcb2d30eb862053a6b84d50591b1e

                          SHA512

                          12c5c923ab7eb7962fc392f4f3a08613738fb94200609b720dfbb41d60d77f10a7268a6e145fac24123fdc7b3d8b83a9fda6cc76cf62648a0c4d6c09ac606415

                          Download Submit

                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                          Filesize

                          287B

                          MD5

                          fcad4da5d24f95ebf38031673ddbcdb8

                          SHA1

                          3f68c81b47e6b4aebd08100c97de739c98f57deb

                          SHA256

                          7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                          SHA512

                          1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                          Download Submit

                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                          Filesize

                          717B

                          MD5

                          ef0a07aec4367a64c16c581da2657aa9

                          SHA1

                          13011a5abcbadb3424fb6ecee560665556bb1d24

                          SHA256

                          f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                          SHA512

                          35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                          Download Submit

                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                          Filesize

                          7KB

                          MD5

                          362ce475f5d1e84641bad999c16727a0

                          SHA1

                          6b613c73acb58d259c6379bd820cca6f785cc812

                          SHA256

                          1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                          SHA512

                          7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                          Download Submit

                        • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\b4925479638f557d613d74ee324892e6
                          Filesize

                          16KB

                          MD5

                          b2e89027a140a89b6e3eb4e504e93d96

                          SHA1

                          f3b1b34874b73ae3032decb97ef96a53a654228f

                          SHA256

                          5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                          SHA512

                          93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                          Filesize

                          471B

                          MD5

                          eef4d122f8bf1654f2fa39587b4bc772

                          SHA1

                          44a154a863d3284a00dd52881534b35d0eedd6d0

                          SHA256

                          90dfae0c893bcfeca726e1c5ee01121213f1bf56f365ebcd24f8a2173b6b06d6

                          SHA512

                          27402871d4e035000ac1b9259d9631cc30815fe1982f6b2d2c1d6db082e2496f8d55547f65bb2dbfd77b3521fd66fc438bed7ddc5efe90e9914cdee5e2eeb4d5

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                          Filesize

                          727B

                          MD5

                          5ab1255fd274ae79eb44be803b678e64

                          SHA1

                          0be7d5e8aa006538ca46d847abb289c577f117af

                          SHA256

                          2b31a503e5da50ef9b83a2466f62818f8fc6cf38305b1d6d98c01fa53ea6cf9f

                          SHA512

                          0c963635b63bf757301d3723ab2fd0802cc7c14d81d4250e50158f8fe8e38f85a9f2f8f51f095ae79d9c9c47c37179762edde6619de013205631f9d899b51b12

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                          Filesize

                          727B

                          MD5

                          397ff398089ad38f837ed86c42e78205

                          SHA1

                          8aeb6f8664552b8486b41cbf7546219c5fc5e7d7

                          SHA256

                          712f75d7057e41be9228c2c7267c39993f3bd618b468d1e44c233bbe76cfed1d

                          SHA512

                          3ac2414e49638504a079a4e2b6ea08441fed868d1c3a3c0ae3ee99e64c6c61f03118483609751dab9da3ff5d7fa08c887661205017afd6e011d433bcbd26d0be

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                          Filesize

                          400B

                          MD5

                          516ff2bcd97dafde090f8d247b11e46c

                          SHA1

                          ee922f7378fb88ac456a73dbbbeda8f90c13be26

                          SHA256

                          11c7fb9d5bc53afb3660a531ae029071b6f46dade1a9f9530f5121429ab86dfb

                          SHA512

                          40432735e01bf34b03e16b51896ec4dc92570fd15d7c4b87a63e0cc6cb313f5270eaa3faddb50a9c26b5b544172c087bd14f3e60a6cdc48458c3e115ee73108f

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                          Filesize

                          404B

                          MD5

                          0e50fde90f9a0013c1148ffcf4ec4078

                          SHA1

                          ea36353e40914e5cac904eb6f4b150461eb682c8

                          SHA256

                          0817383b997e5b2cd7bb9e1ddfad95c4464bdf4ae62b7556677ed33029ef5ca5

                          SHA512

                          bda48c7c86d8ae5f1776d7a10794a7e07b4d3122104e0e12b337502ae2c25374d9441e6f275d95e3eda0bea2a9d2e4aa60ff44aaeb58bb52f3e733df7529801b

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                          Filesize

                          412B

                          MD5

                          0132aa9a0de07ba339e3ed0dff0d9c49

                          SHA1

                          921e5d135892825ffa4c7eb9ac0f47743a89f016

                          SHA256

                          85b832022bdc44f482155d8c618f0faf252f3057e486277e7adab091a21318b9

                          SHA512

                          37fdc3812a9fd9877e3041fb581a79f5653b5ee3ebfb099b74cae2b8473115922b531078573f552aebeab17e63f0ed704598bfdc5538ec2c8e197ee95072ea4e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                          Filesize

                          651B

                          MD5

                          9bbfe11735bac43a2ed1be18d0655fe2

                          SHA1

                          61141928bb248fd6e9cd5084a9db05a9b980fb3a

                          SHA256

                          549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                          SHA512

                          a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                          Download Submit

                        • C:\Windows\Installer\MSI2BEB.tmp-\System.Management.dll
                          Filesize

                          60KB

                          MD5

                          878e361c41c05c0519bfc72c7d6e141c

                          SHA1

                          432ef61862d3c7a95ab42df36a7caf27d08dc98f

                          SHA256

                          24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                          SHA512

                          59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                          Download Submit

                        • C:\Windows\Installer\MSI919B.tmp
                          Filesize

                          4.5MB

                          MD5

                          2207f96731ce2f9d9327c0baaf4959ef

                          SHA1

                          f56ea992c59ad669ec8ee5d6a827adc472159cc0

                          SHA256

                          e4ceddd5c37c90f8fc7787663a9bed31518fba82413e80b21230425e380c42db

                          SHA512

                          7e4bd781f879b593f722277839175aa895c863b2015d691c85c8eec4fe635d233cd94d2b0dce46cd058f08a005caa73888809df414983ff2a4c938770ef71fd4

                          Download Submit

                        • C:\Windows\Installer\MSIB1CB.tmp
                          Filesize

                          509KB

                          MD5

                          88d29734f37bdcffd202eafcdd082f9d

                          SHA1

                          823b40d05a1cab06b857ed87451bf683fdd56a5e

                          SHA256

                          87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                          SHA512

                          1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                          Download Submit

                        • C:\Windows\Installer\MSIB1CB.tmp-\AlphaControlAgentInstallation.dll
                          Filesize

                          25KB

                          MD5

                          aa1b9c5c685173fad2dabebeb3171f01

                          SHA1

                          ed756b1760e563ce888276ff248c734b7dd851fb

                          SHA256

                          e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                          SHA512

                          d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                          Download Submit

                        • C:\Windows\Installer\MSIB1CB.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                          Filesize

                          179KB

                          MD5

                          1a5caea6734fdd07caa514c3f3fb75da

                          SHA1

                          f070ac0d91bd337d7952abd1ddf19a737b94510c

                          SHA256

                          cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                          SHA512

                          a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                          Download Submit

                        • C:\Windows\Installer\MSIB825.tmp-\CustomAction.config
                          Filesize

                          1KB

                          MD5

                          bc17e956cde8dd5425f2b2a68ed919f8

                          SHA1

                          5e3736331e9e2f6bf851e3355f31006ccd8caa99

                          SHA256

                          e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                          SHA512

                          02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                          Download Submit

                        • C:\Windows\Installer\MSIB825.tmp-\Newtonsoft.Json.dll
                          Filesize

                          695KB

                          MD5

                          715a1fbee4665e99e859eda667fe8034

                          SHA1

                          e13c6e4210043c4976dcdc447ea2b32854f70cc6

                          SHA256

                          c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                          SHA512

                          bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                          Download Submit

                        • C:\Windows\Installer\MSIC3C1.tmp
                          Filesize

                          211KB

                          MD5

                          a3ae5d86ecf38db9427359ea37a5f646

                          SHA1

                          eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                          SHA256

                          c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                          SHA512

                          96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                          Download Submit

                        • C:\Windows\Installer\e57b0f1.msi
                          Filesize

                          2.9MB

                          MD5

                          dc9945e4be642c2a40019008b53800cf

                          SHA1

                          4270855a7a9e998a5d57d111d27e35074929badf

                          SHA256

                          4a4db999c37c5cc6e098acd2b7dcbdb7c3e7cdf0de9ecb8eaac93b6abcd8f452

                          SHA512

                          3fa911b43080e1848cfb2ba7ecedbcc7cca3fae9de6534334dabacbcc9de09feb6df43199c39bd6932ac8b0c29cb510a02fefbbf845afd7e60ccf1b98c0b120d

                          Download Submit

                        • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-15-00-52.dat
                          Filesize

                          602B

                          MD5

                          ccadf85953fea883d71dc7b45d2a6231

                          SHA1

                          c9474342bf8a2103596e8f9143c8f07cb8c62ca6

                          SHA256

                          27032d68514030b2a00c908ac34f903e75ea3f7b35520b5d8ad17de698203a03

                          SHA512

                          bd67eacfe3515f7ced7b31a22f61e8c9bbdc3cf2bc48ca200cc4c60d28c71ce43f106f0e9d5b8c00a92fc005181b8cdd5b1f964ae13ac7ac81910ab1a69a7945

                          Download Submit

                        • C:\Windows\Temp\InstallUtil.log
                          Filesize

                          4KB

                          MD5

                          161bef537188b7a3f335f63a8bf60674

                          SHA1

                          f385e73d1b91678d3e522c8085c331db11aad61a

                          SHA256

                          24ca995223c64ef6803176e21d0962144c7aebbd428e158ea573e4717bb6f9b0

                          SHA512

                          09fcc5c043679a93d62e65be8cf8be73382217f6db3862b0737b73a2b83af1f7fc17d97009f514ed03c56f8c24ccc1702c910ad9fe2c0dc762c5db8f2fe0ff11

                          Download Submit

                        • C:\Windows\Temp\InstallUtil.log
                          Filesize

                          708B

                          MD5

                          2188d6889962efb6f302649d6676f288

                          SHA1

                          d078239be074318d58e46d66629bca4edaaec796

                          SHA256

                          98a08133ce7e70509e78d109346b8632e92b10359eb6c9190b84375a3e2f7ca6

                          SHA512

                          8ac10be7af6a43f0a489f38c6d5f10d6bc62a45b971759b807008d3005209dacb7c15c98f5901a13fccba7ee96322b059986d071f88cf8efe559626c3847c27a

                          Download Submit

                        • C:\Windows\Temp\InstallUtil.log
                          Filesize

                          1KB

                          MD5

                          2c0d92e9b7e9ba41b964377ad25c9967

                          SHA1

                          1f2bf14b54f0b5d491802d77487b08bd1a0c0e25

                          SHA256

                          3e2945171ab1cdebaefb1c481d3b764ba3418bf492fc15a02834cb40651c9155

                          SHA512

                          d82f19193d75b41c36ee7b82b5a4763fdb4ee80c87cf06d671093d793bcdd3acaaccc62ba198a257698f6b09f2e2b0b156b25fbc6bbc76f753b3a70912ddf703

                          Download Submit

                        • C:\Windows\Temp\PreVer.log
                          Filesize

                          2KB

                          MD5

                          a091483ae3a683778420ac454f84adea

                          SHA1

                          47a6100d833076247ec6fb8176044356376328f2

                          SHA256

                          f03bdd938b40244e08601d06a3bc42cfdd754f837ed7f3d51f1ec41647eb4e42

                          SHA512

                          049e168de48e1787fce8459eb71185c63edf027aa6bf1862db9a72413caeaa28ddcb39ac06e7aed4c7c863b93fbeeba43983c77b9c2247a578d8c07df32ab215

                          Download Submit

                        • C:\Windows\Temp\unpack.log
                          Filesize

                          2KB

                          MD5

                          57c28802752b414956fed73a86d66452

                          SHA1

                          daef69f17d25c6bbe4e34f703fae9ab76c8cf791

                          SHA256

                          910eb8e8fde8b0f6ce670174b3f5f93fa7471c610820243e7c21f49b43e918fc

                          SHA512

                          de4df01659468853c819ad0a3abf0d00f745f7eb4b8db52dc9eac4ba5c2186d6cf3b3a6414f215301c30e96c5f9a8cbb66a4eaed8afd51847b9fa67d63d0447b

                          Download Submit

                        • C:\Windows\Temp\unpack.log
                          Filesize

                          4KB

                          MD5

                          a8132ccdbaac378617ceca22384a3fad

                          SHA1

                          ea83171bcf62e29b62e685cf0266aa66e328675c

                          SHA256

                          9279fa4528cf79e7e48f5d8580e313f33bd40f7bec12db4f9a50f018d1bf2e62

                          SHA512

                          f70f6e53542f99087cf65d00b4a42fa9347e8d407555558be5f030dfed2dffc1ee6b66a21dbb932d938c293f58a032e50e602c91e42338475f1afe2d145ff8dc

                          Download Submit

                        • C:\Windows\Temp\unpack\PreVerCheck.exe
                          Filesize

                          3.2MB

                          MD5

                          a7ce785b6cd1c9657040ca9b6cbeed10

                          SHA1

                          4b254fee47cc8a9eaec6ce7b714a2ce05b6ed8ec

                          SHA256

                          7ba6e401b8e78ab28e1ccf38d2cd05e12751f960661e159b4e35bc63d3544b4d

                          SHA512

                          39202f477017daa9428a0c1bbe1daae30aa1b7b9f57b04832c44a7b28af0144ff47edfc1ad3d6a940ad1c49471dfe190077b594c337bacc115c552d91a24c2d9

                          Download Submit

                        • C:\Windows\Temp\{A5320037-00BE-468C-A861-24BF3233ADF3}\IsConfig.ini
                          Filesize

                          571B

                          MD5

                          38370175ce7d8dd5c3581030a9104259

                          SHA1

                          bbc1b4254c3e3da692c2667b4c5092d687ad8dc9

                          SHA256

                          ee90ca3f30aa75fe1c3b095ddd2b24680bd3b081829094c18d9c78ebed206b83

                          SHA512

                          e11494869b04a2206d3dda67411be294106f6363408399d9363b27720c6fe88fd393ae90fc2ab7cd4909e940e98f273c8869532b65a1f0b0f4b8b18a24589748

                          Download Submit

                        • C:\Windows\Temp\{A5320037-00BE-468C-A861-24BF3233ADF3}\String1033.txt
                          Filesize

                          182KB

                          MD5

                          37a2c4ef0ff41955f1cb884b7790699f

                          SHA1

                          8e7dad0bc6ae65dfaec9fc29d0ef6e260dd83e9d

                          SHA256

                          6b629fdf1520ba40bb0d7bc8d9a7bb231624fd190e03bcacc607f248222b3c63

                          SHA512

                          fb3a109395872e6f116a75b39566f4b9efe0486512620deb33ef83ac0ac3165d96dbefbe3023ece1d3d0d6be7c8eb8abb58da90f01f225e1ed2d4add2b544d42

                          Download Submit

                        • C:\Windows\Temp\{A5320037-00BE-468C-A861-24BF3233ADF3}\_is851A.exe
                          Filesize

                          179KB

                          MD5

                          7a1c100df8065815dc34c05abc0c13de

                          SHA1

                          3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                          SHA256

                          e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                          SHA512

                          bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                          Download Submit

                        • C:\Windows\Temp\{A5320037-00BE-468C-A861-24BF3233ADF3}\setup.inx
                          Filesize

                          345KB

                          MD5

                          0376dd5b7e37985ea50e693dc212094c

                          SHA1

                          02859394164c33924907b85ab0aaddc628c31bf1

                          SHA256

                          c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                          SHA512

                          69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                          Download Submit

                        • C:\Windows\Temp\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\ISRT.dll
                          Filesize

                          427KB

                          MD5

                          85315ad538fa5af8162f1cd2fce1c99d

                          SHA1

                          31c177c28a05fa3de5e1f934b96b9d01a8969bba

                          SHA256

                          70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                          SHA512

                          877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                          Download Submit

                        • C:\Windows\Temp\{ABC6B92F-DABD-4006-AAD1-F8B5620AB1DD}\_isres_0x0409.dll
                          Filesize

                          1.8MB

                          MD5

                          befe2ef369d12f83c72c5f2f7069dd87

                          SHA1

                          b89c7f6da1241ed98015dc347e70322832bcbe50

                          SHA256

                          9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                          SHA512

                          760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                          Download Submit

                        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                          Filesize

                          404B

                          MD5

                          cc2b9c856801367584371cd0345c5697

                          SHA1

                          3f5f892600404670dd904a12608892d1bf7e03c1

                          SHA256

                          018f363a272c125b677a84b61a8bf3058b064844cf7fa3a17fb9d2d521b3633d

                          SHA512

                          a5dc2b2dfce6434209465d7ab5cff05c44eb7a6fc1dd4f36febcefb041ad5d0d1efd6be1e74f69096885c652fbdeff9048cf06418a6ff6d4e2eab38a1735d7b5

                          Download Submit

                        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                          Filesize

                          412B

                          MD5

                          eacefed3cc2f709fa4dbaeb5be9d1c2e

                          SHA1

                          4f44f638910fcc483bd45342b4f3c7e491a52a75

                          SHA256

                          f44a5968c1929d771c2dfde08e00312e6df6b11da4f4c43efdc7610adc996237

                          SHA512

                          48c1ee89f646a73f811a524890ff294a8f596326d36c85bc38ba2275bfe7251c0e68e052724a17d0f42d5e4f5ba0489903eb245b7353e0d9e7fe86138ef21526

                          Download Submit

                        • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                          Filesize

                          24.1MB

                          MD5

                          22df49816d7f1615675e169d800e1135

                          SHA1

                          ebf73cf20043250fe2112c623b1ee38bd14defbc

                          SHA256

                          aadbdd7b2e90e23d2b595b0b12e02195cd9fe0a5c19da04ace051ac5c9411d25

                          SHA512

                          8f1c918752b125bf9f3536412f3b0c405729a43ab96f91252fac3cf044b9bbf57c285a227273fb0ec8f4d0e11268df66fe16b6500f89dc2d2217953c6afe85ff

                          Download Submit

                        • \??\Volume{fb297ba4-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{1403a86f-dcc1-4264-9068-c3d767b6c53d}_OnDiskSnapshotProp
                          Filesize

                          6KB

                          MD5

                          7ec8c7195346867f776954a65d960829

                          SHA1

                          08cd0d6bcf1eb062569fa30ce7136672221d078d

                          SHA256

                          d2cee65f4d4b928d952fbad8177107b7c999e1ed7ef0f35307f70857c86bd24c

                          SHA512

                          df2b0068f12a90ea6c0e54da5d94ed2d9aa63923a2d4be887e55023bf3482af6c05bc97e68248b2eacb9fc71b9405cb54bd7a8279728d750a436ac85d54d60a6

                          Download Submit

                        • memory/716-82-0x0000000005480000-0x00000000057D4000-memory.dmp

                          Filesize

                          3.3MB

                          Download

                        • memory/716-81-0x0000000005350000-0x0000000005372000-memory.dmp

                          Filesize

                          136KB

                          Download

                        • memory/716-78-0x00000000053C0000-0x0000000005472000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/928-495-0x000001F770B50000-0x000001F770C52000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1460-323-0x000001855AEB0000-0x000001855AF14000-memory.dmp

                          Filesize

                          400KB

                          Download

                        • memory/1460-328-0x000001855B780000-0x000001855B788000-memory.dmp

                          Filesize

                          32KB

                          Download

                        • memory/1460-324-0x000001855B7C0000-0x000001855B80A000-memory.dmp

                          Filesize

                          296KB

                          Download

                        • memory/1460-325-0x000001855B750000-0x000001855B76C000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/1460-326-0x0000018574070000-0x00000185740BC000-memory.dmp

                          Filesize

                          304KB

                          Download

                        • memory/1460-327-0x00000185740C0000-0x0000018574108000-memory.dmp

                          Filesize

                          288KB

                          Download

                        • memory/1460-329-0x000001855B790000-0x000001855B79A000-memory.dmp

                          Filesize

                          40KB

                          Download

                        • memory/1460-330-0x00000185742F0000-0x00000185743CC000-memory.dmp

                          Filesize

                          880KB

                          Download

                        • memory/1460-331-0x00000185743D0000-0x0000018574482000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/1460-332-0x0000018574210000-0x0000018574218000-memory.dmp

                          Filesize

                          32KB

                          Download

                        • memory/1460-373-0x00000185751E0000-0x00000185752E2000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1460-338-0x0000018574240000-0x0000018574266000-memory.dmp

                          Filesize

                          152KB

                          Download

                        • memory/1460-333-0x0000018574220000-0x0000018574228000-memory.dmp

                          Filesize

                          32KB

                          Download

                        • memory/1460-337-0x0000018574540000-0x000001857457A000-memory.dmp

                          Filesize

                          232KB

                          Download

                        • memory/1460-334-0x0000018574230000-0x0000018574238000-memory.dmp

                          Filesize

                          32KB

                          Download

                        • memory/1460-2724-0x000001D57DE40000-0x000001D57DF42000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1460-336-0x0000018574270000-0x000001857429A000-memory.dmp

                          Filesize

                          168KB

                          Download

                        • memory/1460-335-0x0000018574490000-0x00000185744F8000-memory.dmp

                          Filesize

                          416KB

                          Download

                        • memory/1684-1336-0x0000021BB4D10000-0x0000021BB4D2A000-memory.dmp

                          Filesize

                          104KB

                          Download

                        • memory/1684-1335-0x0000021BB44D0000-0x0000021BB44DA000-memory.dmp

                          Filesize

                          40KB

                          Download

                        • memory/1684-1337-0x0000021BCD710000-0x0000021BCD7C2000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/1684-1392-0x0000021BCDE30000-0x0000021BCE358000-memory.dmp

                          Filesize

                          5.2MB

                          Download

                        • memory/1684-1410-0x0000021BCD900000-0x0000021BCDA02000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/1704-395-0x000002811AB50000-0x000002811AC02000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/1704-396-0x00000281022C0000-0x00000281022DC000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/1704-394-0x0000028101A40000-0x0000028101A56000-memory.dmp

                          Filesize

                          88KB

                          Download

                        • memory/2144-167-0x0000029AEA0A0000-0x0000029AEA0DC000-memory.dmp

                          Filesize

                          240KB

                          Download

                        • memory/2144-150-0x0000029ACFC80000-0x0000029ACFCA8000-memory.dmp

                          Filesize

                          160KB

                          Download

                        • memory/2144-162-0x0000029AEA2D0000-0x0000029AEA368000-memory.dmp

                          Filesize

                          608KB

                          Download

                        • memory/2144-166-0x0000029AD00A0000-0x0000029AD00B2000-memory.dmp

                          Filesize

                          72KB

                          Download

                        • memory/2192-274-0x0000025D998B0000-0x0000025D998E0000-memory.dmp

                          Filesize

                          192KB

                          Download

                        • memory/2192-277-0x0000025D9A2D0000-0x0000025D9A380000-memory.dmp

                          Filesize

                          704KB

                          Download

                        • memory/2192-278-0x0000025D9A240000-0x0000025D9A25C000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/3312-1365-0x0000021096430000-0x000002109646A000-memory.dmp

                          Filesize

                          232KB

                          Download

                        • memory/3312-1411-0x00000210AF6D0000-0x00000210AF782000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/3312-1459-0x0000021096DC0000-0x0000021096E08000-memory.dmp

                          Filesize

                          288KB

                          Download

                        • memory/3312-1412-0x0000021096990000-0x00000210969AC000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/3464-41-0x0000000004790000-0x00000000047BE000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/3464-45-0x00000000047D0000-0x00000000047DC000-memory.dmp

                          Filesize

                          48KB

                          Download

                        • memory/3564-1567-0x0000020C1F4F0000-0x0000020C1F53A000-memory.dmp

                          Filesize

                          296KB

                          Download

                        • memory/3564-1764-0x0000020C06DC0000-0x0000020C06DC8000-memory.dmp

                          Filesize

                          32KB

                          Download

                        • memory/3564-1739-0x0000020C1F710000-0x0000020C1F7C2000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/3564-1574-0x0000020C06D70000-0x0000020C06D8C000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/3564-1663-0x0000020C1F7F0000-0x0000020C1F8CC000-memory.dmp

                          Filesize

                          880KB

                          Download

                        • memory/3564-1563-0x0000020C06420000-0x0000020C06430000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/3632-112-0x0000000005030000-0x0000000005096000-memory.dmp

                          Filesize

                          408KB

                          Download

                        • memory/3648-1334-0x0000021366340000-0x0000021366366000-memory.dmp

                          Filesize

                          152KB

                          Download

                        • memory/3648-2500-0x0000021367660000-0x0000021367762000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/4208-1235-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/4208-1247-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4208-1234-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4208-1146-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4208-1248-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/4208-1147-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/4428-896-0x000001D83C7A0000-0x000001D83C8A2000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/4756-487-0x0000000010000000-0x0000000010114000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4756-912-0x0000000010000000-0x0000000010114000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4756-522-0x0000000010000000-0x0000000010114000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4756-490-0x0000000003050000-0x0000000003217000-memory.dmp

                          Filesize

                          1.8MB

                          Download

                        • memory/4756-915-0x0000000003090000-0x0000000003257000-memory.dmp

                          Filesize

                          1.8MB

                          Download

                        • memory/4756-999-0x0000000010000000-0x0000000010114000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4756-1093-0x0000000010000000-0x0000000010114000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4756-1056-0x0000000010000000-0x0000000010114000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4792-1249-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4792-2501-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4792-1160-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/4792-1159-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/4792-1250-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/4792-2502-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/4948-243-0x000001EFE9620000-0x000001EFE9658000-memory.dmp

                          Filesize

                          224KB

                          Download

                        • memory/4948-203-0x000001EFE8D60000-0x000001EFE8D82000-memory.dmp

                          Filesize

                          136KB

                          Download

                        • memory/4948-280-0x000001EFE90D0000-0x000001EFE91D2000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/4948-202-0x000001EFE9010000-0x000001EFE90C2000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/5084-1251-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/5084-1162-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/5084-1252-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/5084-1161-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/5152-1740-0x00000266FEFF0000-0x00000266FF03A000-memory.dmp

                          Filesize

                          296KB

                          Download

                        • memory/5152-1693-0x00000266E5F00000-0x00000266E5F0C000-memory.dmp

                          Filesize

                          48KB

                          Download

                        • memory/5152-1781-0x00000266FF230000-0x00000266FF2E0000-memory.dmp

                          Filesize

                          704KB

                          Download

                        • memory/5152-2037-0x00000266FF3C0000-0x00000266FF4C2000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/5152-1758-0x00000266E6740000-0x00000266E675C000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/5412-2727-0x000002243BE80000-0x000002243BF82000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/5412-1762-0x0000022423060000-0x00000224230AA000-memory.dmp

                          Filesize

                          296KB

                          Download

                        • memory/5412-1759-0x0000022422650000-0x0000022422684000-memory.dmp

                          Filesize

                          208KB

                          Download

                        • memory/5412-1766-0x0000022422B60000-0x0000022422B78000-memory.dmp

                          Filesize

                          96KB

                          Download

                        • memory/5412-1767-0x0000022422B20000-0x0000022422B2A000-memory.dmp

                          Filesize

                          40KB

                          Download

                        • memory/5412-1777-0x000002243B7F0000-0x000002243B83A000-memory.dmp

                          Filesize

                          296KB

                          Download

                        • memory/5412-1765-0x0000022422B40000-0x0000022422B5C000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/5820-1770-0x00000195A38B0000-0x00000195A38FA000-memory.dmp

                          Filesize

                          296KB

                          Download

                        • memory/5820-2040-0x00000195BC650000-0x00000195BC752000-memory.dmp

                          Filesize

                          1.0MB

                          Download

                        • memory/5820-1768-0x00000195A3020000-0x00000195A3032000-memory.dmp

                          Filesize

                          72KB

                          Download

                        • memory/5820-1780-0x00000195A3880000-0x00000195A389C000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/5884-1791-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/5884-1790-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/5884-1778-0x0000000072D10000-0x00000000730DD000-memory.dmp

                          Filesize

                          3.8MB

                          Download

                        • memory/5884-1775-0x00000000730E0000-0x00000000731FC000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/5988-1782-0x000002B068D60000-0x000002B068E12000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/5988-1776-0x000002B068040000-0x000002B068060000-memory.dmp

                          Filesize

                          128KB

                          Download

                        • memory/5988-1793-0x000002B068060000-0x000002B068074000-memory.dmp

                          Filesize

                          80KB

                          Download

                        • memory/5988-1792-0x000002B068CA0000-0x000002B068D06000-memory.dmp

                          Filesize

                          408KB

                          Download

                        • memory/5988-1769-0x000002B067B80000-0x000002B067B90000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/6000-1771-0x0000024F5F550000-0x0000024F5F562000-memory.dmp

                          Filesize

                          72KB

                          Download

                        • memory/6000-1772-0x0000024F5FDA0000-0x0000024F5FDBC000-memory.dmp

                          Filesize

                          112KB

                          Download

                        • memory/6000-1773-0x0000024F78760000-0x0000024F78812000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/6092-1774-0x0000019D81B00000-0x0000019D81B12000-memory.dmp

                          Filesize

                          72KB

                          Download

                        • memory/6092-1779-0x0000019D82340000-0x0000019D82350000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/6092-1783-0x0000019D9AD00000-0x0000019D9ADB2000-memory.dmp

                          Filesize

                          712KB

                          Download

                        • memory/6092-1784-0x0000019D82370000-0x0000019D82390000-memory.dmp

                          Filesize

                          128KB

                          Download