Overview

overview

10

Static

static

10

PDF-523.msi

windows7-x64

10

PDF-523.msi

windows10-2004-x64

10

Resubmissions

12/01/2025, 13:14

250112-qgl6estlet 10

12/01/2025, 11:16

250112-nc4tkasncl 10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2025, 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PDF-523.msi

  • Size

    2.9MB

  • MD5

    156ff43b54310c6f8eb4d1a7fda1a90f

  • SHA1

    1f00b3e593a63abb8dc0e6aec58fc41f40a0a977

  • SHA256

    9f38e1f504a6dfdbe946619e02696c34ec37e4ee9cb992281f05d8bb103246f3

  • SHA512

    bf57a64120e3d026b5112706a3e1e7c11718f1a9aca61a301334a917de41b1b979bdea29710ebea6b1b13aa300baf5972dd21d12e34daf99566657553cf0bd64

  • SSDEEP

    49152:C+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:C+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

    Run Powershell to get system information.

    execution
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 9 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\PDF-523.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5044
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:5108
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding B866A6FDF0E8120B50778793DB96E993
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4148
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF29D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240645031 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4964
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF609.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240645687 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:2724
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIFC15.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240647203 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3964
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIA05.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240650781 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1364
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 7CBAC9A4A569D6BD7CB043FCE61E1A7A E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2076
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1000
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:1944
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4940
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000008BLFqIAO" /AgentId="5397a0c8-8457-48d0-ac59-eb8b009ded1d"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:3588
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 98AF241628293595ECEBADAF997973A3 E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:1776
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3129CEF2-7609-4E0E-85C2-31FD2DC8D95F}
          3⤵
          • Executes dropped EXE
          PID:4388
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3A573442-1258-467C-ACC1-1576DC2D325D}
          3⤵
          • Executes dropped EXE
          PID:3452
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7E8D0DB1-C5E9-484E-8CA4-708F629C04BD}
          3⤵
          • Executes dropped EXE
          PID:4280
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C9396716-E2C2-402E-8542-E67599A81BDA}
          3⤵
          • Executes dropped EXE
          PID:1832
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0926146C-AB54-4100-B5FA-86C75F725CF0}
          3⤵
          • Executes dropped EXE
          PID:672
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4E79074C-3769-4495-A12A-F53EBAFBC57E}
          3⤵
          • Executes dropped EXE
          PID:3672
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AEF2B9A6-5A2D-4E99-AD3D-355236CD9F0B}
          3⤵
          • Executes dropped EXE
          PID:432
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3842F7E9-18C5-4BD8-B324-43528292A7AF}
          3⤵
          • Executes dropped EXE
          PID:5068
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A33C2A06-289C-4F7F-AF09-4E104A38A164}
          3⤵
          • Executes dropped EXE
          PID:3728
        • C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe
          C:\Windows\TEMP\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_is4CB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FC69D50F-8DE4-44A7-B46F-64F7C2E953E2}
          3⤵
          • Executes dropped EXE
          PID:2148
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3960
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1672
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1664
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4780
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:432
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2892
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4740
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1940
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3432
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1872
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5072
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4652
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2076
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2388
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3912
          • C:\Windows\System32\Conhost.exe
            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            4⤵
              PID:3452
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:596
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:3628
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAudioChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:3996
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:5108
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRVirtualDisplay.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:228
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A3ADB8C-1E32-4CDB-AD68-4A0A778CEA0A}
            3⤵
            • Executes dropped EXE
            PID:4120
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{81853A4A-E636-441E-A270-D4493BCD41DC}
            3⤵
            • Executes dropped EXE
            PID:4044
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E55A5516-EC32-47D1-ABB4-DF0FFBE78DA0}
            3⤵
            • Executes dropped EXE
            PID:4964
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD519601-6FF1-4957-8FE8-58D9505E05EA}
            3⤵
            • Executes dropped EXE
            PID:2148
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6081E31-0549-4461-B62F-C989EF403B74}
            3⤵
            • Executes dropped EXE
            PID:1964
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{346BA4DC-0684-4675-AB8F-60B7FA06F073}
            3⤵
            • Executes dropped EXE
            PID:5104
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E93B3922-078C-4111-B109-634922E40C1E}
            3⤵
            • Executes dropped EXE
            PID:4064
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3AAD00E5-3860-4916-BE25-CE82858776A7}
            3⤵
            • Executes dropped EXE
            PID:4652
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82FF953F-7FC1-4E6E-8D4D-C14B7CDE72DF}
            3⤵
            • Executes dropped EXE
            PID:2848
          • C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
            C:\Windows\TEMP\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CFD8CBBF-4456-4265-9C02-F94660B7648A}
            3⤵
            • Executes dropped EXE
            PID:4212
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D68C195-7BF9-4679-9B96-514104359909}
            3⤵
            • Executes dropped EXE
            PID:2892
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2A3EDC24-B82A-41D5-A176-0E23DC799E39}
            3⤵
            • Executes dropped EXE
            PID:4756
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9678C433-B971-4723-B7FB-2FDD125253B5}
            3⤵
            • Executes dropped EXE
            PID:2152
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C6A813E-7DFF-4984-BC98-C32AF6B13005}
            3⤵
            • Executes dropped EXE
            PID:4940
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F4AB8AF2-C496-4159-84E3-E54E97CD8702}
            3⤵
            • Executes dropped EXE
            PID:1872
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{353F3365-59AE-4343-A584-2758AE81C853}
            3⤵
            • Executes dropped EXE
            PID:1728
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BDDFB59C-E69C-4F25-A0FE-338EA77B52BA}
            3⤵
            • Executes dropped EXE
            PID:4924
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{405FECD4-D6B9-43DD-8CFD-C1EB069B0779}
            3⤵
            • Executes dropped EXE
            PID:4092
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3F38C620-2D96-4E5E-BDE7-1C8DF50A9BCB}
            3⤵
            • Executes dropped EXE
            PID:2748
          • C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe
            C:\Windows\TEMP\{F42E9256-D6DA-4BA4-8D49-8A78FCB516EA}\_is7ABB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{23BA5922-5927-4313-85A0-20DA736BCFC9}
            3⤵
            • Executes dropped EXE
            PID:4312
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3292
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2416
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:4120
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:1944
              • C:\Windows\system32\cmd.exe
                "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
                4⤵
                  PID:1964
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:4416
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{83BE8B19-6871-42B6-B0A2-93E4D99C749E}
                3⤵
                • Executes dropped EXE
                PID:852
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{02151F65-FBE8-4294-9F52-B5F07C512418}
                3⤵
                • Executes dropped EXE
                PID:208
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{77B34E7F-F372-4A13-8AA8-EC6F6E3DC58B}
                3⤵
                • Executes dropped EXE
                PID:2360
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AD394FA4-260A-4E87-B42B-761B70B0BBE2}
                3⤵
                • Executes dropped EXE
                PID:2748
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6C9C00F-14F7-43BE-8BB4-22E972DE8447}
                3⤵
                • Executes dropped EXE
                PID:3832
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7497A1B1-F615-437D-AE1D-521AB569AC4F}
                3⤵
                • Executes dropped EXE
                PID:2892
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{62C2C93E-B26B-48E1-922A-284797AE7D81}
                3⤵
                • Executes dropped EXE
                PID:1364
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CAF3AF74-A9AC-4E08-9101-3A7869FDB9A1}
                3⤵
                • Executes dropped EXE
                PID:4264
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D0F737C-DC10-4240-85E0-DAA24D435E6B}
                3⤵
                • Executes dropped EXE
                PID:4936
              • C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe
                C:\Windows\TEMP\{8AE633A6-E12F-46A4-8A41-D5BAF4F411CB}\_is900A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{26AE7224-03A9-41C5-8D4A-1258FE501477}
                3⤵
                • Executes dropped EXE
                PID:228
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
                3⤵
                • Drops file in Program Files directory
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                PID:2848
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9995260A-14F2-445C-B630-1F65BD8FEFD3}
                3⤵
                • Executes dropped EXE
                PID:5012
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DB8834F3-A201-4D53-9ED1-1C9A85F5B585}
                3⤵
                • Executes dropped EXE
                PID:1364
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{20BAE8D3-2609-4788-87B3-0CC6FE7F7D87}
                3⤵
                • Executes dropped EXE
                PID:4384
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B556813C-8997-41A4-9FF7-3176CE73AD72}
                3⤵
                • Executes dropped EXE
                PID:3076
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7E2F0C39-0A54-4330-95C3-DFE11554CB12}
                3⤵
                • Executes dropped EXE
                PID:852
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D8FD435-34EB-46D3-8098-ACEBC3F4251E}
                3⤵
                • Executes dropped EXE
                PID:1888
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE30FCE4-966D-4CEC-855C-9CA11936A6B9}
                3⤵
                • Executes dropped EXE
                PID:1712
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8937A351-0DF4-4DAC-82E6-53501509EF07}
                3⤵
                • Executes dropped EXE
                PID:2756
              • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9CA193C3-DA49-43F6-97CE-19B20A88F6A4}
                3⤵
                  PID:3856
                • C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe
                  C:\Windows\TEMP\{3A662A59-5AC2-4795-8C0D-2F927F7BEA76}\_is9645.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{84369479-A3BD-467D-B756-5939F6081999}
                  3⤵
                    PID:1756
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                    3⤵
                    • Drops file in Program Files directory
                    • System Location Discovery: System Language Discovery
                    PID:4552
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 58F4371A33A93F788211D9B487CE28F9 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:5744
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIBD62.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240696875 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                    3⤵
                    • Drops file in System32 directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5572
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIBF76.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240697203 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5928
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIC39E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240698250 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                    3⤵
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:6140
                  • C:\Windows\SysWOW64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:5456
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:5544
                  • C:\Windows\SysWOW64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:4280
                  • C:\Windows\syswow64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:2028
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:2952
                  • C:\Windows\syswow64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:4280
                    • C:\Windows\System32\Conhost.exe
                      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      4⤵
                        PID:5932
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSIF594.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240711046 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                      3⤵
                      • Blocklisted process makes network request
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:5244
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                    2⤵
                    • Drops file in System32 directory
                    PID:3676
                  • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="768fc42d-23e6-4408-8517-275ed96df571"
                    2⤵
                    • Drops file in System32 directory
                    PID:5484
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 0E71015508F40F42D39A30541DEDAE8C E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:5596
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding A17F586F0C2F443EF4C5EC7D8B0DA4D6 E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:5644
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 27E77062B489C159776867A00DF1C4F4 E Global\MSI0000
                    2⤵
                      PID:5236
                  • C:\Windows\system32\vssvc.exe
                    C:\Windows\system32\vssvc.exe
                    1⤵
                    • Checks SCSI registry key(s)
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4932
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                    1⤵
                    • Drops file in System32 directory
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Modifies system certificate store
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:3920
                    • C:\Windows\System32\sc.exe
                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      2⤵
                      • Launches sc.exe
                      PID:4080
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "21311721-6832-46e5-b403-0bad4567967d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000008BLFqIAO
                      2⤵
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2836
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "87912553-29d2-4506-b874-cca366442f3b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000008BLFqIAO
                      2⤵
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3260
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "e78ea0b8-854b-4ad1-b1ae-63eafae55e4a" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q3000008BLFqIAO
                      2⤵
                      • Executes dropped EXE
                      PID:4940
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "cdf73a45-a2e2-4103-8e73-0d4b1b36c084" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q3000008BLFqIAO
                      2⤵
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:1416
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible "
                        3⤵
                        • Command and Scripting Interpreter: PowerShell
                        • Drops file in System32 directory
                        • Modifies data under HKEY_USERS
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3268
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        3⤵
                        • Suspicious use of WriteProcessMemory
                        PID:2848
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          PID:4780
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "426b1c81-3882-4139-b6d9-b8d124b31f58" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q3000008BLFqIAO
                      2⤵
                      • Drops file in System32 directory
                      • Drops file in Program Files directory
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:4996
                      • C:\Windows\TEMP\SplashtopStreamer.exe
                        "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                        3⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Modifies data under HKEY_USERS
                        • Suspicious use of SetWindowsHookEx
                        • Suspicious use of WriteProcessMemory
                        PID:876
                        • C:\Windows\Temp\unpack\PreVerCheck.exe
                          "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                          4⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of WriteProcessMemory
                          PID:4592
                          • C:\Windows\SysWOW64\msiexec.exe
                            msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                            5⤵
                            • System Location Discovery: System Language Discovery
                            PID:2188
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "c31e655c-7838-4426-b890-bddc96fc7451" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q3000008BLFqIAO
                      2⤵
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:1748
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                    1⤵
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:448
                    • C:\Windows\System32\sc.exe
                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      2⤵
                      • Launches sc.exe
                      PID:3932
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "8e3b457b-f941-4c6d-bdc3-d8e6e7fa165f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q3000008BLFqIAO
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4412
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible "
                        3⤵
                        • Command and Scripting Interpreter: PowerShell
                        • Modifies data under HKEY_USERS
                        PID:4928
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        3⤵
                          PID:5932
                          • C:\Windows\system32\cscript.exe
                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                            4⤵
                            • Modifies data under HKEY_USERS
                            PID:4736
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "c099f218-f4d3-4898-a786-6c98b46aacac" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000008BLFqIAO
                        2⤵
                        • Drops file in System32 directory
                        PID:4052
                        • C:\Windows\System32\Conhost.exe
                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          3⤵
                            PID:5012
                          • C:\Windows\SYSTEM32\msiexec.exe
                            "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                            3⤵
                              PID:5540
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "cb669dff-f9a3-447a-8df0-bd4d0673f9de" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q3000008BLFqIAO
                            2⤵
                            • Drops file in System32 directory
                            PID:3312
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "b50dba3f-ef37-4b6d-a8f2-f13210e8910b" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q3000008BLFqIAO
                            2⤵
                            • Drops file in System32 directory
                            PID:5460
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "2a6bce06-f3f7-4a56-aae9-40e328a9df62" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q3000008BLFqIAO
                            2⤵
                            • Drops file in System32 directory
                            PID:5948
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "52a51ff8-2dcd-4ac6-935a-1aacf1d701ed" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q3000008BLFqIAO
                            2⤵
                              PID:4740
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "750f4e11-7f89-4037-8ada-11767ddb88ab" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q3000008BLFqIAO
                              2⤵
                                PID:5316
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "b309b103-d0ba-4817-a18b-f0a9b4d07cf1" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q3000008BLFqIAO
                                2⤵
                                • Drops file in System32 directory
                                PID:1752
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "fd181a23-014d-475c-9d2a-c7ae8265fc08" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q3000008BLFqIAO
                                2⤵
                                • Drops file in System32 directory
                                PID:5904
                                • C:\Windows\SYSTEM32\cmd.exe
                                  "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                  3⤵
                                  • System Time Discovery
                                  PID:5696
                                  • C:\Program Files\dotnet\dotnet.exe
                                    dotnet --list-runtimes
                                    4⤵
                                    • System Time Discovery
                                    PID:1464
                                • C:\Program Files\dotnet\dotnet.exe
                                  "C:\Program Files\dotnet\dotnet" --list-runtimes
                                  3⤵
                                  • System Time Discovery
                                  PID:5460
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:5632
                                  • C:\Windows\Temp\{80568C52-159A-44FB-8685-B324FF49F99B}\.cr\8-0-11.exe
                                    "C:\Windows\Temp\{80568C52-159A-44FB-8685-B324FF49F99B}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=584 -burn.filehandle.self=700 /repair /quiet /norestart
                                    4⤵
                                    • System Time Discovery
                                    PID:3820
                                    • C:\Windows\Temp\{42FCBB5C-7C08-4F8D-B62C-3B19F7B319F5}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                      "C:\Windows\Temp\{42FCBB5C-7C08-4F8D-B62C-3B19F7B319F5}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{02D66949-BE6B-43EC-A657-07B682F07006} {2164A094-8196-42A9-8F6C-95077C3554C7} 3820
                                      5⤵
                                      • Adds Run key to start application
                                      • System Location Discovery: System Language Discovery
                                      • System Time Discovery
                                      • Modifies registry class
                                      PID:3928
                                • C:\Windows\SYSTEM32\cmd.exe
                                  "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                  3⤵
                                  • System Time Discovery
                                  PID:5396
                                  • C:\Program Files\dotnet\dotnet.exe
                                    dotnet --list-runtimes
                                    4⤵
                                    • System Time Discovery
                                    PID:6096
                                • C:\Windows\SYSTEM32\cmd.exe
                                  "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                  3⤵
                                  • System Time Discovery
                                  PID:5572
                                  • C:\Program Files\dotnet\dotnet.exe
                                    dotnet --list-runtimes
                                    4⤵
                                    • System Time Discovery
                                    PID:4352
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "638b441b-165d-4f21-9e74-de4ac1f5041f" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q3000008BLFqIAO
                                2⤵
                                • Writes to the Master Boot Record (MBR)
                                • Modifies data under HKEY_USERS
                                PID:2396
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "f03adc74-62f4-43b8-8ca5-06299897e7dc" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q3000008BLFqIAO
                                2⤵
                                • Drops file in System32 directory
                                • Drops file in Program Files directory
                                PID:4316
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "826be96d-e1f4-45df-8830-17c994106099" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q3000008BLFqIAO
                                2⤵
                                • Drops file in System32 directory
                                PID:2436
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "d10b3baa-b742-4cf5-8f66-fe1ad0d47023" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q3000008BLFqIAO
                                2⤵
                                • Drops file in System32 directory
                                PID:5348
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "6178426e-1a33-4f8e-926f-d30ac178733e" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q3000008BLFqIAO
                                2⤵
                                • Drops file in System32 directory
                                • Drops file in Program Files directory
                                PID:1204
                                • C:\Windows\TEMP\Agent.Package.Availability\Agent.Package.Availability.exe
                                  "C:\Windows\TEMP\Agent.Package.Availability\Agent.Package.Availability.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d 6178426e-1a33-4f8e-926f-d30ac178733e agent-api.atera.com/Production 443 or8ixLi90Mf connect 001Q3000008BLFqIAO
                                  3⤵
                                    PID:3044
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "08c45f5e-f3a0-428e-bfa7-10e0c98b2a4b" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q3000008BLFqIAO
                                  2⤵
                                    PID:5464
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=ea0d99d8d9af61e170fa39dbdeebbfac&rmm_session_pwd_ttl=86400"
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:2416
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3672
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                    2⤵
                                    • Drops file in System32 directory
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    • Modifies data under HKEY_USERS
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3060
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                      -h
                                      3⤵
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SetWindowsHookEx
                                      PID:3268
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                      3⤵
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      PID:456
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                        4⤵
                                          PID:5720
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:408
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:4940
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                          SRUtility.exe -r
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:5276
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5452
                                        • C:\Windows\System32\cmd.exe
                                          "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                          4⤵
                                            PID:4016
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c ver
                                              5⤵
                                                PID:3820
                                              • C:\Windows\system32\sc.exe
                                                sc query ddmgr
                                                5⤵
                                                • Launches sc.exe
                                                PID:2360
                                              • C:\Windows\system32\sc.exe
                                                sc query lci_proxykmd
                                                5⤵
                                                • Launches sc.exe
                                                PID:1640
                                              • C:\Windows\system32\rundll32.exe
                                                rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                                5⤵
                                                • Drops file in System32 directory
                                                • Checks SCSI registry key(s)
                                                • Modifies data under HKEY_USERS
                                                PID:2208
                                      • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                        1⤵
                                        • Drops file in Program Files directory
                                        PID:5768
                                        • C:\Windows\System32\sc.exe
                                          "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                          2⤵
                                          • Launches sc.exe
                                          PID:3240
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "36bebfef-c917-416c-8faa-33b5a59694eb" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q3000008BLFqIAO
                                          2⤵
                                            PID:3592
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "ff8a7b7c-376d-4c12-ba9b-5c38e80f4818" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q3000008BLFqIAO
                                            2⤵
                                              PID:5888
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "2a3f89c1-7307-40f7-a526-6b0c8c2b3b34" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q3000008BLFqIAO
                                              2⤵
                                                PID:5132
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "c90c5103-3a0d-4959-8a0a-b8244ed7ce6f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q3000008BLFqIAO
                                                2⤵
                                                  PID:3856
                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    "powershell.exe" -NoProfile -Command " ################################################################################################ # Windows 11 Compatibility Check Script # ################################################################################################ # Compatibility flag $IsCompatible = $true # Check if current OS is Windows 10 $OSVersion = (Get-CimInstance -Class Win32_OperatingSystem).Caption if (-not $OSVersion.Contains('Windows 10')) { return } # Architecture x64 $Arch = (Get-CimInstance -Class CIM_ComputerSystem).SystemType $ArchValue = 'x64-based PC' if ($Arch -ne $ArchValue) { $IsCompatible = $false } # Screen Resolution $ScreenInfo = (Get-CimInstance -ClassName Win32_VideoController).CurrentVerticalResolution $ValueMin = 720 if ($ScreenInfo -le $ValueMin) { $IsCompatible = $false } # CPU composition $Core = (Get-CimInstance -Class CIM_Processor | Select-Object *).NumberOfCores $CoreValue = 2 $Frequency = (Get-CimInstance -Class CIM_Processor | Select-Object *).MaxClockSpeed $FrequencyValue = 1000 if (-not (($Core -ge $CoreValue) -and ($Frequency -ge $FrequencyValue))) { $IsCompatible = $false } # TPM $TPM2 = $false if ((Get-Tpm).ManufacturerVersionFull20) { $TPM2 = -not (Get-Tpm).ManufacturerVersionFull20.Contains('not supported') } if ($TPM2 -contains $false) { $IsCompatible = $false } # Secure Boot $SecureBoot = Confirm-SecureBootUEFI if ($SecureBoot -ne $true) { $IsCompatible = $false } # RAM available $Memory = (Get-CimInstance -Class CIM_ComputerSystem).TotalPhysicalMemory $SetMinMemory = 4294967296 if ($Memory -lt $SetMinMemory) { $IsCompatible = $false } # Storage available $ListDisk = Get-CimInstance -Class Win32_LogicalDisk | Where-Object { $_.DriveType -eq '3' } $SetMinSizeLimit = 64GB $DiskCompatible = $false foreach ($Disk in $ListDisk) { if ($Disk.FreeSpace -ge $SetMinSizeLimit) { $DiskCompatible = $true } } if (-not $DiskCompatible) { $IsCompatible = $false } # Output final result $IsCompatible "
                                                    3⤵
                                                    • Command and Scripting Interpreter: PowerShell
                                                    • Modifies data under HKEY_USERS
                                                    PID:5888
                                                  • C:\Windows\System32\cmd.exe
                                                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                    3⤵
                                                      PID:6016
                                                      • C:\Windows\system32\cscript.exe
                                                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                        4⤵
                                                        • Modifies data under HKEY_USERS
                                                        PID:2396
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "ad2e16e8-cc51-4d2a-b408-9a8f52c76ce4" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q3000008BLFqIAO
                                                    2⤵
                                                    • Modifies data under HKEY_USERS
                                                    PID:5880
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "cd90e31b-ab3e-4d04-bab7-63f3cb650347" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q3000008BLFqIAO
                                                    2⤵
                                                    • Drops file in Program Files directory
                                                    PID:5892
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "2c85a888-ca00-4654-9669-83b90e9a04d2" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q3000008BLFqIAO
                                                    2⤵
                                                      PID:3408
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "768466cb-d918-41f1-ac88-a85a955c9774" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q3000008BLFqIAO
                                                      2⤵
                                                        PID:4552
                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=ea0d99d8d9af61e170fa39dbdeebbfac&rmm_session_pwd_ttl=86400"
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5732
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "93203f56-d3a8-4002-ba51-22678edaac78" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q3000008BLFqIAO
                                                        2⤵
                                                          PID:3860
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "f989ac5d-ab1d-444b-a5d7-36598bb6d449" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q3000008BLFqIAO
                                                          2⤵
                                                          • Writes to the Master Boot Record (MBR)
                                                          PID:4736
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "5c45905d-a7e1-4d28-8de0-b62c59f3f64a" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q3000008BLFqIAO
                                                          2⤵
                                                          • Modifies registry class
                                                          PID:2768
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "15bfbd43-6b81-448b-a4ea-77da62643b58" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q3000008BLFqIAO
                                                          2⤵
                                                            PID:5204
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 5397a0c8-8457-48d0-ac59-eb8b009ded1d "45e3a486-4d61-40d9-9b67-371c337ea7eb" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000008BLFqIAO
                                                            2⤵
                                                              PID:1492
                                                              • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "5397a0c8-8457-48d0-ac59-eb8b009ded1d" "45e3a486-4d61-40d9-9b67-371c337ea7eb" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q3000008BLFqIAO"
                                                                3⤵
                                                                  PID:5888
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                              1⤵
                                                              • Checks SCSI registry key(s)
                                                              PID:2496
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000154" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                2⤵
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                • Modifies data under HKEY_USERS
                                                                PID:1104
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000100" "WinSta0\Default" "000000000000013C" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                2⤵
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                PID:5560
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "000000000000017C"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Drops file in System32 directory
                                                                • Checks SCSI registry key(s)
                                                                PID:5708
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Checks SCSI registry key(s)
                                                                PID:5536

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Reconnaissance

                                                            Resource Development

                                                            Initial Access

                                                            Execution

                                                            Command and Scripting Interpreter

                                                            1
                                                            T1059

                                                            PowerShell

                                                            1
                                                            T1059.001

                                                            Persistence

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Event Triggered Execution

                                                            2
                                                            T1546

                                                            Component Object Model Hijacking

                                                            1
                                                            T1546.015

                                                            Installer Packages

                                                            1
                                                            T1546.016

                                                            Pre-OS Boot

                                                            1
                                                            T1542

                                                            Bootkit

                                                            1
                                                            T1542.003

                                                            Privilege Escalation

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Event Triggered Execution

                                                            2
                                                            T1546

                                                            Component Object Model Hijacking

                                                            1
                                                            T1546.015

                                                            Installer Packages

                                                            1
                                                            T1546.016

                                                            Defense Evasion

                                                            Modify Registry

                                                            2
                                                            T1112

                                                            Pre-OS Boot

                                                            1
                                                            T1542

                                                            Bootkit

                                                            1
                                                            T1542.003

                                                            Subvert Trust Controls

                                                            1
                                                            T1553

                                                            Install Root Certificate

                                                            1
                                                            T1553.004

                                                            System Binary Proxy Execution

                                                            1
                                                            T1218

                                                            Msiexec

                                                            1
                                                            T1218.007

                                                            Credential Access

                                                            Discovery

                                                            Peripheral Device Discovery

                                                            2
                                                            T1120

                                                            Query Registry

                                                            4
                                                            T1012

                                                            System Information Discovery

                                                            3
                                                            T1082

                                                            System Location Discovery

                                                            1
                                                            T1614

                                                            System Language Discovery

                                                            1
                                                            T1614.001

                                                            System Time Discovery

                                                            1
                                                            T1124

                                                            Lateral Movement

                                                            Collection

                                                            Command and Control

                                                            Exfiltration

                                                            Impact

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Config.Msi\e57f212.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              f15d132d59714d7f1615c7f8c0166670

                                                              SHA1

                                                              2b7328e2f9ef67b5a7180449be9d030be231c75c

                                                              SHA256

                                                              61ade77db890ac4146b2febcd842e4a1717c4714e7b5dc64c123c556d773b85a

                                                              SHA512

                                                              efba8e6fc48bb3aadbb98d56eab3fb43da826123fcf391e80689231d63ad636d802e33ae3126dab41efd83e77edc03674970aae4ad1b530edd64596db4ce7259

                                                              Download Submit

                                                            • C:\Config.Msi\e57f217.rbs
                                                              Filesize

                                                              74KB

                                                              MD5

                                                              f4bc7c20ebb3f73a7ceee031857a96ad

                                                              SHA1

                                                              0d774217599b07f79f79b39f6ad9ce745b14ded4

                                                              SHA256

                                                              80fd3d03ae0bf55ad833c6a02361e60e4cbf93b65b7b100e6580db622252fda6

                                                              SHA512

                                                              99986d2563b32262334734a7df2fd8106d8335e9423439758410798c61478da003318aac66926da422512384d7bd30a2381d4b689198b2567e4fa14bdde4e5ae

                                                              Download Submit

                                                            • C:\Config.Msi\e57f219.rbs
                                                              Filesize

                                                              464B

                                                              MD5

                                                              c22bd372391e1eb560a74119dbd6d558

                                                              SHA1

                                                              6653ecf88d7e0d7450601cd4add7dc9270de81fa

                                                              SHA256

                                                              f028332414a41d050a213273c619752fc499d73cdf8c7e1501dd29e71384a580

                                                              SHA512

                                                              fb1a4457cf1db2d74502306caeca823b6b3915f447c61779182d0f8234f447697aff846788837748498791079848ec7ad555e6fe942cd3f39e02ac54df49b345

                                                              Download Submit

                                                            • C:\Config.Msi\e57f21f.rbs
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              8318740207d1b699c0d0d8716716a97d

                                                              SHA1

                                                              49000794f4e082113a8673f149159647d47ab2c3

                                                              SHA256

                                                              e6a1f9bf861466aed35236545af64b66d569e978790c3806b2472f74a525a878

                                                              SHA512

                                                              8f52cfffe87ae2424c5a524aadfa734dffea4278dad2a562b776e6bd2035d90a9f1d783ec8d04e9a04af864f401017bd3bdf1d8d0f6eec426e92ba2067180aa0

                                                              Download Submit

                                                            • C:\Config.Msi\e57f227.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              ae173b734880aab7b9a37e60c9aec68a

                                                              SHA1

                                                              b9cc81d4c06be7eba53ac84c06d1d8792cabd99d

                                                              SHA256

                                                              051039d79a00fdd158287ab76a5fe3aebd2e1c378fa51969ffb78c0131b3a545

                                                              SHA512

                                                              1ad630ee3f3276604dd27d4db8049706d21b2c8d6c07e9199a86cedc3e50a6d454bb4502615947235b5b209c10a3795a356856dbe2efbde5e0b553411d805378

                                                              Download Submit

                                                            • C:\Config.Msi\e57f22c.rbs
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              14e8be920ee1218353a5b5e404347365

                                                              SHA1

                                                              3c1bbf1518dfdd3bfae0339f2cc969a39128e9d3

                                                              SHA256

                                                              66fcc6734c7cfdd89e4bdab9828b7400daf4dcd6c965692a65a68f3b3fd67934

                                                              SHA512

                                                              cdba5f5c0be0586f5faa364efd36447c24c7e29311f684699470a140c9b85ab077c5613ec625493c63a392ab8ab7ddc299beb29a6785ad67f54f14ee5bcd4e1a

                                                              Download Submit

                                                            • C:\Config.Msi\e57f231.rbs
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              66406fba97c13f74beae7a06edf811b2

                                                              SHA1

                                                              9935773d4d239821e3f5a26d7268d78d71f456bb

                                                              SHA256

                                                              a6972eaea794ab93cb94f2681e4591c2ed54eaefae343a4eebefd6d33e162d4f

                                                              SHA512

                                                              009e34c6c3e6de3380f3efb8301937d0ce12341a3d87dc45cbf359e23d0082f97cb541edeb30d0e357f4f858d1a4a9843cfe048671f83e95358789b028fabf32

                                                              Download Submit

                                                            • C:\Config.Msi\e57f236.rbs
                                                              Filesize

                                                              11KB

                                                              MD5

                                                              336319dfc54240541576e79e08f92fc0

                                                              SHA1

                                                              b3d0480127973c1ac2d8a423d0d6ebedb3859bd9

                                                              SHA256

                                                              7b2b7811763cc426bf3f2be167faf55551c8fbc9f33b3d14b8e478a0bbb21246

                                                              SHA512

                                                              521bf2b8cf37b216a89188fd9dc427c32de41d05b15eb6d77ebabe44723786656853dce568dad2c86d024adc11d81cd8758925081652431bf308b27e64f2d407

                                                              Download Submit

                                                            • C:\Config.Msi\e57f23b.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              4878c1a462298bbb6ac9c10263f4f409

                                                              SHA1

                                                              a18789db4e39901c7cf2f70772c92dcd7d15e00c

                                                              SHA256

                                                              8ad74792c020d931bd9565cc8393f26b1b0deac941ebe7d62aafd0aff88cb660

                                                              SHA512

                                                              2745cd3a1e0cbb185632da4676c903d2687c9f136c17a94fa69b7e5931287e6907c7b51e4600b6cfea1d4559107358668597b12daf10fc7bf1696760dd3f8843

                                                              Download Submit

                                                            • C:\Config.Msi\e57f23c.rbf
                                                              Filesize

                                                              143KB

                                                              MD5

                                                              33b4c87f18b4c49114d7a8980241657a

                                                              SHA1

                                                              254c67b915e45ad8584434a4af5e06ca730baa3b

                                                              SHA256

                                                              587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                              SHA512

                                                              42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                              Download Submit

                                                            • C:\Config.Msi\e57f23d.rbf
                                                              Filesize

                                                              3B

                                                              MD5

                                                              21438ef4b9ad4fc266b6129a2f60de29

                                                              SHA1

                                                              5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                              SHA256

                                                              13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                              SHA512

                                                              37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              753B

                                                              MD5

                                                              8298451e4dee214334dd2e22b8996bdc

                                                              SHA1

                                                              bc429029cc6b42c59c417773ea5df8ae54dbb971

                                                              SHA256

                                                              6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

                                                              SHA512

                                                              cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              3840b31c383fdf49bfd6740d945c9032

                                                              SHA1

                                                              a6f50164a69718bcef4664d7c47534f0d721866a

                                                              SHA256

                                                              1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

                                                              SHA512

                                                              f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                              Filesize

                                                              142KB

                                                              MD5

                                                              477293f80461713d51a98a24023d45e8

                                                              SHA1

                                                              e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                              SHA256

                                                              a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                              SHA512

                                                              23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              b3bb71f9bb4de4236c26578a8fae2dcd

                                                              SHA1

                                                              1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                              SHA256

                                                              e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                              SHA512

                                                              fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                              Filesize

                                                              210KB

                                                              MD5

                                                              c106df1b5b43af3b937ace19d92b42f3

                                                              SHA1

                                                              7670fc4b6369e3fb705200050618acaa5213637f

                                                              SHA256

                                                              2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                              SHA512

                                                              616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                              Filesize

                                                              693KB

                                                              MD5

                                                              2c4d25b7fbd1adfd4471052fa482af72

                                                              SHA1

                                                              fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                              SHA256

                                                              2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                              SHA512

                                                              f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                              Filesize

                                                              158KB

                                                              MD5

                                                              1922740d2479c7d0cd6fb57c3d739543

                                                              SHA1

                                                              877a807a396156be1d0c2782391cabc29ea15760

                                                              SHA256

                                                              20443f66e184311fd412158cb162e36b0172332cd6d401cec9ee5fe17df75e58

                                                              SHA512

                                                              d624bad0fcd8afc190a5de241da341a3f39d6aaa0e5eacdf8b14e8e74515b688f06e2cdc75da0634880ea98238a1d26cd2d2bfaedb6d92067dace99d0963975c

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                              Filesize

                                                              145KB

                                                              MD5

                                                              2b9beb2fdbc41afc48d68d32ef41dd08

                                                              SHA1

                                                              4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                              SHA256

                                                              977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                              SHA512

                                                              3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                              Filesize

                                                              51KB

                                                              MD5

                                                              3180c705182447f4bcc7ce8e2820b25d

                                                              SHA1

                                                              ad6486557819a33d3f29b18d92b43b11707aae6e

                                                              SHA256

                                                              5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                              SHA512

                                                              228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                              Filesize

                                                              12B

                                                              MD5

                                                              3fa173e4e1e00396a06e409935a1e7f9

                                                              SHA1

                                                              089b85e04c266edd6dbb678ee91da656b19674b3

                                                              SHA256

                                                              297a53db6da22aa3ee4ce849c9952f08bb7296303a170c9ddc7acede10b64c25

                                                              SHA512

                                                              d0c34b51e5599c01edf4ca6acc89186bcea5b97a598c4f120b3063c171b9a1668ba5ff87014565360471973b30733a5521783fa3446bf376332aad23a4325d26

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                              Filesize

                                                              182KB

                                                              MD5

                                                              9d8d50d2789c2a8d847d7953518a96f6

                                                              SHA1

                                                              42621852b40f3f068da5494c9879f846b4869399

                                                              SHA256

                                                              76aefe9205bce78d4533500e6839e892b7d80edc39abcd30ca67952925302b29

                                                              SHA512

                                                              91ea7152762f00fdfbc6cb8d5d15c2e07bc298af8958406b0b0fb652ee3d4a4da9d79ca7dde47dc7700285b20cba089f35745c2b3b84b9dc0d258bd9bdc89f56

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                              Filesize

                                                              546B

                                                              MD5

                                                              158fb7d9323c6ce69d4fce11486a40a1

                                                              SHA1

                                                              29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                              SHA256

                                                              5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                              SHA512

                                                              7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                              Filesize

                                                              94KB

                                                              MD5

                                                              93d5e2aafbe16cada057bf880002b2f7

                                                              SHA1

                                                              095832afb05852d692bd40d5f77ebbdd339bc545

                                                              SHA256

                                                              83333ce938e943ac54ea0428722d8f9d64d2be993502cd0e95b39e2d78956484

                                                              SHA512

                                                              2e2391c315fd173634f262011a25c9e397bc8a1dac8e86a039f52ff733534f57f2e00adc995900823448a45933864e814e89549f41271fc9d7effd116bbf3854

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                              Filesize

                                                              688KB

                                                              MD5

                                                              50e3f5a0e04cbd99d4be8cfe914c7bbe

                                                              SHA1

                                                              19d99ae964f490e055942d516c60dfdedc585825

                                                              SHA256

                                                              89ed8cbc24723d67ac7e47d0d018ea293f15fc210d9b3e26dc555f464e9b15cd

                                                              SHA512

                                                              2f67dbb41631b6134414d1685815daea7f38120d88f83cb8f83763cf18b1f6aa2b9a5a7eaef816eb8a24998536556128c15128b4e301b765c859a9741d69ba25

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                              Filesize

                                                              27KB

                                                              MD5

                                                              797c9554ec56fd72ebb3f6f6bef67fb5

                                                              SHA1

                                                              40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                              SHA256

                                                              7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                              SHA512

                                                              4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                              Filesize

                                                              214KB

                                                              MD5

                                                              01807774f043028ec29982a62fa75941

                                                              SHA1

                                                              afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                              SHA256

                                                              9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                              SHA512

                                                              33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                              Filesize

                                                              37KB

                                                              MD5

                                                              efb4712c8713cb05eb7fe7d87a83a55a

                                                              SHA1

                                                              c94d106bba77aecf88540807da89349b50ea5ae7

                                                              SHA256

                                                              30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                              SHA512

                                                              3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                              Filesize

                                                              3.4MB

                                                              MD5

                                                              93e4c198656fc267f392de11dee01cd0

                                                              SHA1

                                                              e92cb59486745ee7564f5b374e790a065e1f4678

                                                              SHA256

                                                              88b220f9f9bf25f856dda714aa1a1ae998720780cd3ec5b968154e03834fa965

                                                              SHA512

                                                              3a04a02982dbbbb9d54b6c5674f2f2c10e0cbce580e3974cd924cc9131cd94aece71c7b975c9abaae82f057c70243fb016d31339e8700c96bd55c434bb98105f

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                              Filesize

                                                              397KB

                                                              MD5

                                                              810f893e58861909b134fa72e3bc90cd

                                                              SHA1

                                                              524977f32836634132d23997b23304574d8d156a

                                                              SHA256

                                                              b83b6c1f64b6700d7444586a6214858a1479c58571f5e7bf4f023166c9016733

                                                              SHA512

                                                              db463d34a37403a9248d463ae63989b40a0172d9543bda922dacb10a624eb603700628a67d9c86df2605c36d789902ec79228aa29f26c49be0195c54a9e4a191

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              155af6d02bfd25e422e6b467abcd852e

                                                              SHA1

                                                              39d6f47abe61e45d6ec8774947f251758e13a952

                                                              SHA256

                                                              bfb6e3673305233fbf3bd3edff05d0ab2a1b7b5c67521f8d6f4d3b2ca34606f8

                                                              SHA512

                                                              7171349c813daf74d6871ea1c18e85edaac9f2d929f0f4506203ed5e4aaf4885075dd2562238fadb735eeaf1e56f42b8513be4995751557ba110b5cc3bd33a79

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                              Filesize

                                                              197KB

                                                              MD5

                                                              d0d21e16e57a1a73056eae228da1e287

                                                              SHA1

                                                              ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                              SHA256

                                                              3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                              SHA512

                                                              470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                              Filesize

                                                              56KB

                                                              MD5

                                                              cb9890b01a396f64d702ad10f441003a

                                                              SHA1

                                                              44c086ce6bb8078e252f41f5becc1cb650ff2f33

                                                              SHA256

                                                              1a7194e86b266261501b7ed1ad3ea13fe73dfeeddcd1ba884894a0155bdbe2ea

                                                              SHA512

                                                              6cea4a2e31bd33cc13a9f5ea4d162b75bed863db2569b0ed46c7389f3bcdba3333cdddcf2ea83c95ce3678458796d4a476f151705cf256e0f4edba6cd1cac952

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              9d1528a2ce17522f6de064ae2c2b608e

                                                              SHA1

                                                              2f1ce8b589e57ab300bb93dde176689689f75114

                                                              SHA256

                                                              11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                              SHA512

                                                              a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                              Filesize

                                                              809B

                                                              MD5

                                                              8b6737800745d3b99886d013b3392ac3

                                                              SHA1

                                                              bb94da3f294922d9e8d31879f2d145586a182e19

                                                              SHA256

                                                              86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                              SHA512

                                                              654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.4316.update
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              14ffcf07375b3952bd3f2fe52bb63c14

                                                              SHA1

                                                              ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                              SHA256

                                                              6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                              SHA512

                                                              14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              57f81e9f8503a5767d7d3ba0152f09cb

                                                              SHA1

                                                              0776b1a042f48a14b890f6401c513c468f4d39a4

                                                              SHA256

                                                              27cad33c475ef2e18726aa6124ed917d3102ad5bde6b99913855a4535e66859b

                                                              SHA512

                                                              cb4e824fccb257da41a8f5d89dd0eff1c0b507d0299f48c5ccf90b9848701e2dd69dc200066469940362136ae896a0f61be8663303ca1fb8a673f28da3741a35

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              3aa77a4a0db798cc0b9a27650c959af3

                                                              SHA1

                                                              8b8a83b23093585b241309138cb9b4d4993e70e1

                                                              SHA256

                                                              dd376d676b44818e67a686beefdd209f87233866dfd7cafff4c039612102f1f8

                                                              SHA512

                                                              1b5850556c4b61bfe5a61ad59f1d10d9c6d932b4b3f78c5f54c7c6e4200d29d003f46f889168647fe98504298d33be4f9171ebe9986c99c418b6c16593376284

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                              Filesize

                                                              2B

                                                              MD5

                                                              81051bcc2cf1bedf378224b0a93e2877

                                                              SHA1

                                                              ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                              SHA256

                                                              7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                              SHA512

                                                              1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                              Filesize

                                                              54KB

                                                              MD5

                                                              77c613ffadf1f4b2f50d31eeec83af30

                                                              SHA1

                                                              76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                              SHA256

                                                              2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                              SHA512

                                                              29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                              Filesize

                                                              334KB

                                                              MD5

                                                              09447f135f7f4486c165061cf443c569

                                                              SHA1

                                                              3ad4264db3112f845d35c112aabea9cbb2e21afa

                                                              SHA256

                                                              0142e2ca4f93c9631591065dc53944a86e4b961620f4faf1fe8b61a8b2867c9b

                                                              SHA512

                                                              be678fb5ca389198a5cc474c8e9e9d0c79a92a582cb81325b13d8be226725ad04faa6ecc3b4b7cecaedaa6f15ec13f01c0276100ee19faaf0a1b1dd7d061f31b

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                              Filesize

                                                              71KB

                                                              MD5

                                                              67fef41237025021cd4f792e8c24e95a

                                                              SHA1

                                                              c47a5a33f182c8244798819e2dc5a908d51703e8

                                                              SHA256

                                                              c936879fbb1aa6d51fe1cdc0e351f933f835c0bf0e30aef99a4e19a07a920029

                                                              SHA512

                                                              232015fe6bee6637d915648a256474fc3df79415ac90babdfc2e3ded06c2f36fce85573ec7670f2a05126aa5f24a570b36885e386061666d9eaa1f0da67a093e

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                              Filesize

                                                              50KB

                                                              MD5

                                                              5bb0687e2384644ea48f688d7e75377b

                                                              SHA1

                                                              44e4651a52517570894cfec764ec790263b88c4a

                                                              SHA256

                                                              963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                              SHA512

                                                              260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                              Filesize

                                                              32KB

                                                              MD5

                                                              2ec1d28706b9713026e8c6814e231d7c

                                                              SHA1

                                                              7ef12a01182d28a5ebf049cc1cb80619cd1e391a

                                                              SHA256

                                                              c9514bf67df87ac6cc1002f3585d5b6f7d4093a7a794d524fa8c635f052733de

                                                              SHA512

                                                              9e23588dc6d721f42e309974c3f3089f845f10d1dee87fb26213ba3810ee3c272d758632cf1c9157f6862ba0e582afc49c1ee51540461f41840650f216f35aeb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                              Filesize

                                                              56KB

                                                              MD5

                                                              e9794f785780945d2dde78520b9bb59f

                                                              SHA1

                                                              293cae66cedbc7385cd49819587d3d5a61629422

                                                              SHA256

                                                              0568e0d210de9b344f9ce278291acb32106d8425bdd467998502c1a56ac92443

                                                              SHA512

                                                              1a3c15e18557a14f0df067478f683e8b527469126792fae7b78361dad29317ff7b9d307b5a35e303487e2479d34830aa7e894f2906efff046436428ada9a4534

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                              Filesize

                                                              588KB

                                                              MD5

                                                              17d74c03b6bcbcd88b46fcc58fc79a0d

                                                              SHA1

                                                              bc0316e11c119806907c058d62513eb8ce32288c

                                                              SHA256

                                                              13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                              SHA512

                                                              f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                              Filesize

                                                              222B

                                                              MD5

                                                              3771674996f2e448f4636921047828c3

                                                              SHA1

                                                              28c932b9cd81d2e54e3ae441fd99c90487bd9464

                                                              SHA256

                                                              f198818fda77646f58d314daa7a1d61b339f8390f0fbd2e36e61fecb2f1e0342

                                                              SHA512

                                                              dc3ec9c36e39b3f52e141caf8464b39041d475480b082f8ad39235677346694b1c89b8681011e7db1542a8186a3a0d104038a8d49b8c291d6c81e2dad745294a

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              1ef7574bc4d8b6034935d99ad884f15b

                                                              SHA1

                                                              110709ab33f893737f4b0567f9495ac60c37667c

                                                              SHA256

                                                              0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                              SHA512

                                                              947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              f512536173e386121b3ebd22aac41a4e

                                                              SHA1

                                                              74ae133215345beaebb7a95f969f34a40dda922a

                                                              SHA256

                                                              a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                              SHA512

                                                              1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                              Filesize

                                                              76KB

                                                              MD5

                                                              b40fe65431b18a52e6452279b88954af

                                                              SHA1

                                                              c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                              SHA256

                                                              800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                              SHA512

                                                              e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                              Filesize

                                                              80KB

                                                              MD5

                                                              3904d0698962e09da946046020cbcb17

                                                              SHA1

                                                              edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                              SHA256

                                                              a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                              SHA512

                                                              c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                              Filesize

                                                              96KB

                                                              MD5

                                                              a484adcf705b7ad8e9bf7cc85270833b

                                                              SHA1

                                                              0c34e1d589d2f48f6a89f6e18180a05a8f8e2a6d

                                                              SHA256

                                                              fc52f776dd2cac4a38a812330715ced6fcecc06cb052e05c8ea9debc9fdcf7ea

                                                              SHA512

                                                              70ea2b2acc30faee0ddbe04253560bc6f6a65a439ea84d890da3327094a0980d606a8d9e7dcd15f7ff065a9a7669276f4e1811a1bea037ae109b1b718c97fe4b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              287B

                                                              MD5

                                                              fcad4da5d24f95ebf38031673ddbcdb8

                                                              SHA1

                                                              3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                              SHA256

                                                              7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                              SHA512

                                                              1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              717B

                                                              MD5

                                                              ef0a07aec4367a64c16c581da2657aa9

                                                              SHA1

                                                              13011a5abcbadb3424fb6ecee560665556bb1d24

                                                              SHA256

                                                              f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                                                              SHA512

                                                              35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              362ce475f5d1e84641bad999c16727a0

                                                              SHA1

                                                              6b613c73acb58d259c6379bd820cca6f785cc812

                                                              SHA256

                                                              1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                              SHA512

                                                              7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              5ed9543e9f5826ead203316ef0a8863d

                                                              SHA1

                                                              8235c0e7568ec42d6851c198adc76f006883eb4b

                                                              SHA256

                                                              33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                              SHA512

                                                              5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              9a9b1fd85b5f1dcd568a521399a0d057

                                                              SHA1

                                                              34ed149b290a3a94260d889ba50cb286f1795fa6

                                                              SHA256

                                                              88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                              SHA512

                                                              7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                              Filesize

                                                              375KB

                                                              MD5

                                                              698975ae4ab57fed99cc170dab8a3e36

                                                              SHA1

                                                              04b0067bf8584f9d41ef156f75fe28982bfb1286

                                                              SHA256

                                                              20ffbcf807587c9a0b13c46406b52927bf0a9965efe12db25fcb729e6f1ce7b7

                                                              SHA512

                                                              172e65c7657d1fe250aeaf422230c104d03f16356aa32d7b1077abdd558b69ac4f4f434fa551117af1cf6fdb74364237e50ef693b2f4201c8475439b6de77aa6

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                              Filesize

                                                              321KB

                                                              MD5

                                                              d3901e62166e9c42864fe3062cb4d8d5

                                                              SHA1

                                                              c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                              SHA256

                                                              dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                              SHA512

                                                              ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                              Filesize

                                                              814KB

                                                              MD5

                                                              9b1f97a41bfb95f148868b49460d9d04

                                                              SHA1

                                                              768031d5e877e347a249dfdeab7c725df941324b

                                                              SHA256

                                                              09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                              SHA512

                                                              9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                              Filesize

                                                              1.2MB

                                                              MD5

                                                              e74d2a16da1ddb7f9c54f72b8a25897c

                                                              SHA1

                                                              32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                              SHA256

                                                              a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                              SHA512

                                                              52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                              Filesize

                                                              11B

                                                              MD5

                                                              5eda46a55c61b07029e7202f8cf1781c

                                                              SHA1

                                                              862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                              SHA256

                                                              12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                              SHA512

                                                              4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              a6bd887ee94e12d3c42a5d47b4c73826

                                                              SHA1

                                                              6b30541a5b528ff8a8befdb5cab0b9dccf4b2491

                                                              SHA256

                                                              643d32f1b400e5cdc5b76067eac006167c07b321d5abd06b30f1a45e9fe2253c

                                                              SHA512

                                                              ec86b4beda8995c13f550ce0f1c60b7bf384f706d37c516a12c6e6d6e0040bc11f72e9af09117d78b46bb799e9e41f4f6b2e78b84c2cf087ac76a1eb94986171

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              b4a865268d5aca5f93bab91d7d83c800

                                                              SHA1

                                                              95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                              SHA256

                                                              5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                              SHA512

                                                              c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              3029193b6394e0b833668110f30aa182

                                                              SHA1

                                                              da43f2884c1671550b2ef838d09c51568f3abf6e

                                                              SHA256

                                                              fb81810d3395b650d7b363d91a8759e08cfe659be8d71793a1a1f8835a00ef55

                                                              SHA512

                                                              05dd6c1f7c9482b22dd6d395c03c060f739c99bb0ee5d3d128ca5d32939db913f3726c3f86dbe9a341f46631c7f1eab69522fc013dac12e125e8048d99f4b0ec

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              6b8314ab77f73184d3d99dc31dbbe209

                                                              SHA1

                                                              b8d9f709077746413ee7ecbc84b34f137bd64f02

                                                              SHA256

                                                              0d1e72664b5e5309c69dd2b5071843953b19e02dc85a287fc5353833b8647f81

                                                              SHA512

                                                              c7911f1819d2092e7e0044905fde435433a40895a96c4c358c8dcba81efe8e659ab8e15f128c707b4e3985d940c4b9840b4aa195d428430a6faa9c3375d80976

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                              Filesize

                                                              2.8MB

                                                              MD5

                                                              ab8d85c093d6f0180bf09ec0f466b78b

                                                              SHA1

                                                              1daf355d14d45b1e411f96fa394a98a84c09e53e

                                                              SHA256

                                                              d1e08c8dbf3bfc34e3fdfc390d2e7f5b871f95376e7dda93e3dd0051d580db40

                                                              SHA512

                                                              2882292301e1fb85b410570ece6cf05f3e89968a02450dba192a1f97282f1c08ed30819e3d36c524fba3baeb6a2c22a10a762c8313e8823c07554b4b975cc00e

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              108bc29224053a4735170bcb644cc73c

                                                              SHA1

                                                              9a4b8929e890443dc8204fccbf4bdb6c6c853a3e

                                                              SHA256

                                                              7c7c62702b5a6ca58084c1ec776116d1a7d697d7a104f2bb705676088c8614c8

                                                              SHA512

                                                              883d76dd6b1395bb545461ec0a88cf797524f922e8787abb27ca681ed72fe75c57732c5e17c7181509f98242871b7afc0398f69d7b04a043edc21b57dc88482a

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                              Filesize

                                                              541B

                                                              MD5

                                                              d0efb0a6d260dbe5d8c91d94b77d7acd

                                                              SHA1

                                                              e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                              SHA256

                                                              7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                              SHA512

                                                              a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              b22628235c1f44ae054091c8fdc82d23

                                                              SHA1

                                                              70c8e5abd9d2d8a18b769f6e71819fb53b273b9b

                                                              SHA256

                                                              b31673e38897d5d84558e2745d02c553649a50063a9f0e7de7e71bba89916232

                                                              SHA512

                                                              c1097690938f3edcba20802dfb77880fb29d1f8b70c62fa76d1828613d57355fd04c0b3d26da90128db2df2e63e4e30c8e195b84452c0931b8cb2f043d5bba98

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                              Filesize

                                                              670KB

                                                              MD5

                                                              96e50bbca30d75af7b8b40acf8dda817

                                                              SHA1

                                                              4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                              SHA256

                                                              a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                              SHA512

                                                              0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                              Filesize

                                                              3.1MB

                                                              MD5

                                                              8e70af11d0ee2abe139b40d67e70b73c

                                                              SHA1

                                                              18582e88e16255d5d267904bdf0357ec9ff333e0

                                                              SHA256

                                                              5c687adaa48b83de220e8489e0ceb0093be1f94260750c8d94a1b8497781327e

                                                              SHA512

                                                              3a845ed4ab368b0dde7e98d77fb796e9070f6bb9472ea833e52b19eb5bd47260e0b288fd3c8d19235bd9ded6f7b11ea10985ad871c8f5c82751249301d3ee4a6

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              9a5e9a329e4e73e0c499371205a810db

                                                              SHA1

                                                              5b6d85657d4acd89867283fbe372e9e85c30686f

                                                              SHA256

                                                              d109087c4ca318cad74b7560c32594d37181885adbdc9348ba1dd35d47b35b92

                                                              SHA512

                                                              02bd5261b9e795ed5a07badd65a6cf71d18751452fb44bdd424dfcc6c50ba7441e0066b125e731018fd6f1a8a002ac4e6961c7eff21c36fbda58c8015a100c43

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                              Filesize

                                                              570KB

                                                              MD5

                                                              b50834694383960830cf48d9836e1108

                                                              SHA1

                                                              adc80813181b98a8296befa2960a55f939f3bfee

                                                              SHA256

                                                              370a259808052366888284b0cc4c91ff8f23e8008003959b8d0efb1adbf00cd6

                                                              SHA512

                                                              f87be933e87275b000be031aa5df7536dfd5fe9b99a607ce0904f206e074d3a0687a00654b9b78edaa2fccf3d30526e0ee5bd7dcba4a5daafd6fc60eeaaa15c5

                                                              Download Submit

                                                            • C:\Program Files\dotnet\dotnet.exe
                                                              Filesize

                                                              143KB

                                                              MD5

                                                              71026b098f8fb39c88b003df746d9fa0

                                                              SHA1

                                                              013ca259f551ad6f33db53fff0e121e74408e20e

                                                              SHA256

                                                              11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                              SHA512

                                                              9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                              Download Submit

                                                            • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\50a7bef90770622f8cef1f15ff5c79d1
                                                              Filesize

                                                              16KB

                                                              MD5

                                                              b2e89027a140a89b6e3eb4e504e93d96

                                                              SHA1

                                                              f3b1b34874b73ae3032decb97ef96a53a654228f

                                                              SHA256

                                                              5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                              SHA512

                                                              93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                              Download Submit

                                                            • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              46ae87d0ebc15cdf4a49321c4d456a79

                                                              SHA1

                                                              cb309ac6db2e8948b378b39e2acbfff38027bdee

                                                              SHA256

                                                              a173677d08db1f8a94ba245f61cba5fcf88c499ee4998106d2c3f7014a886e17

                                                              SHA512

                                                              40de46eea115608c524ddbc2bd98a50c9ae465134a59686c1978fbbda49ac07a0dc180dc0b6c22f382cf933146500bb9e2852eab64b72498377a4419a2507267

                                                              Download Submit

                                                            • C:\ProgramData\chocolatey\tools\7z.exe.manifest
                                                              Filesize

                                                              513B

                                                              MD5

                                                              8f89387331c12b55eaa26e5188d9e2ff

                                                              SHA1

                                                              537fdd4f1018ce8d08a3d151ad07b55d96e94dd2

                                                              SHA256

                                                              6b7368ce5e38f6e0ee03ca0a9d1a2322cc0afc07e8de9dcc94e156853eae5033

                                                              SHA512

                                                              04c10ae52f85d3a27d4b05b3d1427ddc2afaccfe94ed228f8f6ae4447fd2465d102f2dd95caf1b617f8c76cb4243716469d1da3dac3292854acd4a63ce0fd239

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                              Filesize

                                                              471B

                                                              MD5

                                                              01469d86975d80da48c7adbe1c3727cf

                                                              SHA1

                                                              7d4d07f80a88928d7b8e54ba6fb59e9b7e3d5c1c

                                                              SHA256

                                                              902833a88c63bf18bc32baebf9f2f987380a740f21a6e1f7ea60d0ff0554638b

                                                              SHA512

                                                              c4e27e3dbcd463969a2793736a9126c8910e40556151f30d890b7f6c4422344f65e98c127c4113608fa5e3e7d0f06505772c11085e8e3c6ae9b45910d3fe451c

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              727B

                                                              MD5

                                                              cb77da1a8d1d7c8badda6a840695c0ac

                                                              SHA1

                                                              c92973c3f996af5ecf80a86cf66058cffe7f57c5

                                                              SHA256

                                                              6f5e29604b09f2e1ca21de6d6550551970d7a5e317bd081bb2a054310f96dd54

                                                              SHA512

                                                              e12da22c99afae6e728c77670c6d8a1aa93033e4f64d594af8f61f980faa8e3c01b91997e66f0860205fb7e1ce62cb70e804e060ea44c53e1405e2a1bc35763f

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              727B

                                                              MD5

                                                              760573ce1a12683f473b76bfe22c6b43

                                                              SHA1

                                                              aed150af5b6cb595cb9a29b7148115212b2c8d5e

                                                              SHA256

                                                              0d861e3ab4e6f20c901785f10e14617841f665c8eb36ef2ed5cba6dce364683f

                                                              SHA512

                                                              6685d42a75a1b7b8fb94ea739b184728fb1b38afbdc2e5ead35838a3e3d7532678c162f20d8338875c8c679c6b76129b277887edc2d6ef4504a9a3526e93dfc4

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                              Filesize

                                                              400B

                                                              MD5

                                                              7295d892be3c87ddcc529bb2ecfb4906

                                                              SHA1

                                                              1cc9d0e9fe5f557f29577e74e80e0529d1bcc0ff

                                                              SHA256

                                                              94952126047cf39307ea9c138825ba6d377e16a0bfc3b56f6838e486555d52e5

                                                              SHA512

                                                              e148e4d842abc2b31e25416dd16d7d4badcbb1d39bbf1617e94fe7fe6594af56f2a6d7bff3b08acd3018709c92c908efa3d41311510e8dc999dff90fc1dbe71e

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              404B

                                                              MD5

                                                              3f883c7d3715214852c3ea8dc316ea32

                                                              SHA1

                                                              3417e6ebc469627331829c5002b601da3d8ce5b4

                                                              SHA256

                                                              516ba785c347ad53ddd209201bcb206a3f1e6b4a7ce225fd272af67b195ba74f

                                                              SHA512

                                                              548033ab494da7ad1efdec89ee6b4ce027fafc977e3b48ed18dc5934db2ba6d2d52c4a07e94dd39635bb5135ad6e83b76efec72348efd1a0c6e47a2d0f209bfb

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              412B

                                                              MD5

                                                              f95b0a73f2d6b0cc9a9a2c4565a5f242

                                                              SHA1

                                                              b9493e951b355415623c07f5d22511d6443cebce

                                                              SHA256

                                                              371f8dbc282eb8d56ce5677fb6dad9f01acabd3ad004da8c7c63668695b64934

                                                              SHA512

                                                              c6a361c75b27a3bfce05f5f5d95f1962c37476a3d9aa5c2492868e10ac4078dd13cad11897b3c5fd09685fbc93e0b519fa26f2388a669eb90a890c2092698a29

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                              Filesize

                                                              651B

                                                              MD5

                                                              9bbfe11735bac43a2ed1be18d0655fe2

                                                              SHA1

                                                              61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                              SHA256

                                                              549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                              SHA512

                                                              a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                              Download Submit

                                                            • C:\Windows\Installer\MSI796F.tmp
                                                              Filesize

                                                              4.5MB

                                                              MD5

                                                              08211c29e0d617a579ffa2c41bde1317

                                                              SHA1

                                                              4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                              SHA256

                                                              3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                              SHA512

                                                              d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIBD62.tmp-\System.Management.dll
                                                              Filesize

                                                              60KB

                                                              MD5

                                                              878e361c41c05c0519bfc72c7d6e141c

                                                              SHA1

                                                              432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                              SHA256

                                                              24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                              SHA512

                                                              59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIDB54.tmp
                                                              Filesize

                                                              219KB

                                                              MD5

                                                              928f4b0fc68501395f93ad524a36148c

                                                              SHA1

                                                              084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                              SHA256

                                                              2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                              SHA512

                                                              7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIF29D.tmp
                                                              Filesize

                                                              509KB

                                                              MD5

                                                              88d29734f37bdcffd202eafcdd082f9d

                                                              SHA1

                                                              823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                              SHA256

                                                              87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                              SHA512

                                                              1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIF29D.tmp-\AlphaControlAgentInstallation.dll
                                                              Filesize

                                                              25KB

                                                              MD5

                                                              aa1b9c5c685173fad2dabebeb3171f01

                                                              SHA1

                                                              ed756b1760e563ce888276ff248c734b7dd851fb

                                                              SHA256

                                                              e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                              SHA512

                                                              d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIF29D.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              1a5caea6734fdd07caa514c3f3fb75da

                                                              SHA1

                                                              f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                              SHA256

                                                              cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                              SHA512

                                                              a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIF609.tmp-\CustomAction.config
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              bc17e956cde8dd5425f2b2a68ed919f8

                                                              SHA1

                                                              5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                              SHA256

                                                              e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                              SHA512

                                                              02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIF609.tmp-\Newtonsoft.Json.dll
                                                              Filesize

                                                              695KB

                                                              MD5

                                                              715a1fbee4665e99e859eda667fe8034

                                                              SHA1

                                                              e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                              SHA256

                                                              c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                              SHA512

                                                              bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIFE59.tmp
                                                              Filesize

                                                              211KB

                                                              MD5

                                                              a3ae5d86ecf38db9427359ea37a5f646

                                                              SHA1

                                                              eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                              SHA256

                                                              c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                              SHA512

                                                              96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                              Download Submit

                                                            • C:\Windows\Installer\e57f211.msi
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              156ff43b54310c6f8eb4d1a7fda1a90f

                                                              SHA1

                                                              1f00b3e593a63abb8dc0e6aec58fc41f40a0a977

                                                              SHA256

                                                              9f38e1f504a6dfdbe946619e02696c34ec37e4ee9cb992281f05d8bb103246f3

                                                              SHA512

                                                              bf57a64120e3d026b5112706a3e1e7c11718f1a9aca61a301334a917de41b1b979bdea29710ebea6b1b13aa300baf5972dd21d12e34daf99566657553cf0bd64

                                                              Download Submit

                                                            • C:\Windows\Installer\e57f22d.msi
                                                              Filesize

                                                              26.3MB

                                                              MD5

                                                              b9c6d23462adef092b8a5b7880531b03

                                                              SHA1

                                                              9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                              SHA256

                                                              2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                              SHA512

                                                              18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                              Download Submit

                                                            • C:\Windows\Installer\e57f22e.msi
                                                              Filesize

                                                              772KB

                                                              MD5

                                                              d73de5788ab129f16afdd990d8e6bfa9

                                                              SHA1

                                                              88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                              SHA256

                                                              4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                              SHA512

                                                              bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{ae960652-e34b-194b-ab81-c1269f971f79}\lci_iddcx.cat
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              62458e58313475c9a3642a392363e359

                                                              SHA1

                                                              e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                              SHA256

                                                              85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                              SHA512

                                                              49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{ae960652-e34b-194b-ab81-c1269f971f79}\lci_iddcx.inf
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              1cec22ca85e1b5a8615774fca59a420b

                                                              SHA1

                                                              049a651751ef38321a1088af6a47c4380f9293fc

                                                              SHA256

                                                              60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                              SHA512

                                                              0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{ae960652-e34b-194b-ab81-c1269f971f79}\x64\lci_iddcx.dll
                                                              Filesize

                                                              52KB

                                                              MD5

                                                              01e8bc64139d6b74467330b11331858d

                                                              SHA1

                                                              b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                              SHA256

                                                              148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                              SHA512

                                                              4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{f5761437-d5fb-4e42-a961-9c397a33f9a7}\lci_proxywddm.cat
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              8e16d54f986dbe98812fd5ec04d434e8

                                                              SHA1

                                                              8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                              SHA256

                                                              7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                              SHA512

                                                              e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{f5761437-d5fb-4e42-a961-9c397a33f9a7}\lci_proxywddm.inf
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              0315a579f5afe989154cb7c6a6376b05

                                                              SHA1

                                                              e352ff670358cf71e0194918dfe47981e9ccbb88

                                                              SHA256

                                                              d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                              SHA512

                                                              c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{f5761437-d5fb-4e42-a961-9c397a33f9a7}\x64\lci_proxyumd.dll
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              4dc11547a5fc28ca8f6965fa21573481

                                                              SHA1

                                                              d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                              SHA256

                                                              e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                              SHA512

                                                              bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{f5761437-d5fb-4e42-a961-9c397a33f9a7}\x64\lci_proxyumd32.dll
                                                              Filesize

                                                              135KB

                                                              MD5

                                                              67ae7b2c36c9c70086b9d41b4515b0a8

                                                              SHA1

                                                              ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                              SHA256

                                                              79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                              SHA512

                                                              4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{f5761437-d5fb-4e42-a961-9c397a33f9a7}\x64\lci_proxywddm.sys
                                                              Filesize

                                                              119KB

                                                              MD5

                                                              b9b0e9b4d93b18b99ece31a819d71d00

                                                              SHA1

                                                              2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                              SHA256

                                                              0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                              SHA512

                                                              465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                              Download Submit

                                                            • C:\Windows\Temp\Agent.Package.Availability\data\iot_conf.json
                                                              Filesize

                                                              189B

                                                              MD5

                                                              221d833885c325dcef543df283fa64dc

                                                              SHA1

                                                              1b2fed115fc90c6142a5da369aded0bd5dc364b3

                                                              SHA256

                                                              73bdcd052192c08b6b14e1494f0bf371012ec54a255577eea7311ff799279835

                                                              SHA512

                                                              2bab93901079e135b518221ba2893a776855858b6939906cc0bc292bceff4e3c5e55c82d9804e5b68c587f635ecfe872ca620f33ed12f28246fdd11687625c07

                                                              Download Submit

                                                            • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-11-16-46.dat
                                                              Filesize

                                                              602B

                                                              MD5

                                                              7836839360258edc9392e1f7116515f5

                                                              SHA1

                                                              12d75483d23b2984d64420ff45dc2bb27e43eb87

                                                              SHA256

                                                              124507278d44f646e4506aa19f12ef12fab1a8167ec7f68d29358a3654a8e0f6

                                                              SHA512

                                                              289ef45bde8658dc98431119d4e48001519459581e57186b062963bab5edac0efbf59404df205b4edc94c22fe2444bcea76d2d661429a895de50a4b2020bdc73

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              2df45692c9b1efefa1979280d4a9afe2

                                                              SHA1

                                                              da89877af7f0b92271330b94404d0e00fa5118b3

                                                              SHA256

                                                              d32cfe92b7ff8380b68238d6c4fc8345f935f2f4b9cc7bb2e04540bae4f79050

                                                              SHA512

                                                              65799e4808161196e9d9fb4dd291e8312cb82f26048d3a032b478a46707b8916b05367df5987fbfb35f549db52a57a27d58f64a2adcf5bba86b4d6e6b3403bf0

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              976B

                                                              MD5

                                                              8b32d4ade88e4e1c99d34d45e9f9e0ac

                                                              SHA1

                                                              a370d87fe860b90921e9c37d75905fe1d01d8647

                                                              SHA256

                                                              d676a90282048c72ed2ac21de7d1deabf2c5c787510ba7d871f5b3322dcf9997

                                                              SHA512

                                                              684ed5c6f46488642ae0ee8877f91c42acc617c05a3ec890c620af122a33c54c72ac7dcaf4b12f315e62a5b9cc291727a9589db07a045627c24ec15639d6ccc7

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              7410386c742344dad225230a08c50786

                                                              SHA1

                                                              37b3f3ddcda5b508fc1f9a4dff14a99d382282fa

                                                              SHA256

                                                              ad7084a3968296f780974fb8b1783bd1875da5a4586c057df8a32156b38c2e52

                                                              SHA512

                                                              acd3d85179829b8817118e8bf0834274f28e910d32a8c40eeaca6354f4d5ef7da7fda02f1b4af296484b6968a8f873b8fb1689816b292ed0910f24a20035daa6

                                                              Download Submit

                                                            • C:\Windows\Temp\PreVer.log
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              75fa63760ff5ddaff501f0adf6c6cbab

                                                              SHA1

                                                              cc57a24e50da68621b1255b6867b5492c57bab9e

                                                              SHA256

                                                              ada21aff8a273d7e625a73c2f127d3af436a0d5a226454481ca2bc0c50b1768c

                                                              SHA512

                                                              6738b88798150e2a6753e0ee13fa1c1b0385d938fcc19b5ea0a6333aa4cdbdecd230a59334580a60c4608abd9b90a6ffdd5cde33f13f944c13e6ef2d8e65896a

                                                              Download Submit

                                                            • C:\Windows\Temp\TmpBCC3.tmp
                                                              Filesize

                                                              3KB

                                                              MD5

                                                              560af444a6a7faa0b0ca94dc16ca2a58

                                                              SHA1

                                                              df31453fafde354870a0a9a8ca50b18e284c32e4

                                                              SHA256

                                                              94739ca46676bd602a78671257fbfce39feaabc9664c6326bf4970a0108e3429

                                                              SHA512

                                                              7c853176c088d56a517e52c6687b6debf08f6f9726376720ade9d13fafc9be0ca72f0f2b35562a61ece653aeb789c838c60447f463b2bbe70c21bfc8c039b681

                                                              Download Submit

                                                            • C:\Windows\Temp\__PSScriptPolicyTest_zke23s20.cwo.ps1
                                                              Filesize

                                                              60B

                                                              MD5

                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                              SHA1

                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                              SHA256

                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                              SHA512

                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              Download Submit

                                                            • C:\Windows\Temp\unpack.log
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              fd9383e134cd90fbdbf1552acaa4eab9

                                                              SHA1

                                                              a634c0f557cf6ce37566a4d26cf1511779ab811e

                                                              SHA256

                                                              3ab1d984e07a640cd2ea464aeab4e917ccb5534e1ed5f5c436209982058f7bb7

                                                              SHA512

                                                              49fe089b32974021156e6dcf918ab02293bdd4ecba30371ce0311837ece21f138afc6ba57b094183e22c34a71e397a909e579db1b1cbe127ef56682cf71bba16

                                                              Download Submit

                                                            • C:\Windows\Temp\unpack.log
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              96d1cc548e5abaee7320b99896e898c3

                                                              SHA1

                                                              db778375cd64a9e25a17943a357faf328b74c50e

                                                              SHA256

                                                              d2f21953bbb69b0bc5da708119fc9878772e8eb2b3e37f72ff988a5df0e3329a

                                                              SHA512

                                                              b8a11be7b9660223b7263e6d6d3db5d91a124f3ce08d3227b1f5291be6d44a8b6e6bbb1041b7ddea128cfba5da49c9d972c2106f89fdabd748aefcaaa324d0e6

                                                              Download Submit

                                                            • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                              Filesize

                                                              3.2MB

                                                              MD5

                                                              2c18826adf72365827f780b2a1d5ea75

                                                              SHA1

                                                              a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                              SHA256

                                                              ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                              SHA512

                                                              474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                              Download Submit

                                                            • C:\Windows\Temp\{42FCBB5C-7C08-4F8D-B62C-3B19F7B319F5}\.ba\bg.png
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              9eb0320dfbf2bd541e6a55c01ddc9f20

                                                              SHA1

                                                              eb282a66d29594346531b1ff886d455e1dcd6d99

                                                              SHA256

                                                              9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                              SHA512

                                                              9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                              Download Submit

                                                            • C:\Windows\Temp\{42FCBB5C-7C08-4F8D-B62C-3B19F7B319F5}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                              Filesize

                                                              607KB

                                                              MD5

                                                              669de3ab32955e69decfe13a3c89891e

                                                              SHA1

                                                              ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                              SHA256

                                                              2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                              SHA512

                                                              be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                              Download Submit

                                                            • C:\Windows\Temp\{8B298865-F420-4C16-83C4-FC72C17D39FA}\IsConfig.ini
                                                              Filesize

                                                              571B

                                                              MD5

                                                              d239b8964e37974225ad69d78a0a8275

                                                              SHA1

                                                              cf208e98a6f11d1807cd84ca61504ad783471679

                                                              SHA256

                                                              0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                              SHA512

                                                              88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                              Download Submit

                                                            • C:\Windows\Temp\{8B298865-F420-4C16-83C4-FC72C17D39FA}\String1033.txt
                                                              Filesize

                                                              182KB

                                                              MD5

                                                              99bbffd900115fe8672c73fb1a48a604

                                                              SHA1

                                                              8f587395fa6b954affef337c70781ce00913950e

                                                              SHA256

                                                              57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                              SHA512

                                                              d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                              Download Submit

                                                            • C:\Windows\Temp\{8B298865-F420-4C16-83C4-FC72C17D39FA}\_is64A2.exe
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              7a1c100df8065815dc34c05abc0c13de

                                                              SHA1

                                                              3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                              SHA256

                                                              e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                              SHA512

                                                              bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                              Download Submit

                                                            • C:\Windows\Temp\{8B298865-F420-4C16-83C4-FC72C17D39FA}\setup.inx
                                                              Filesize

                                                              345KB

                                                              MD5

                                                              0376dd5b7e37985ea50e693dc212094c

                                                              SHA1

                                                              02859394164c33924907b85ab0aaddc628c31bf1

                                                              SHA256

                                                              c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                              SHA512

                                                              69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                              Download Submit

                                                            • C:\Windows\Temp\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\ISRT.dll
                                                              Filesize

                                                              427KB

                                                              MD5

                                                              85315ad538fa5af8162f1cd2fce1c99d

                                                              SHA1

                                                              31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                              SHA256

                                                              70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                              SHA512

                                                              877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                              Download Submit

                                                            • C:\Windows\Temp\{8EBF4629-10F8-4496-A2A0-B77D7AD27D79}\_isres_0x0409.dll
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              befe2ef369d12f83c72c5f2f7069dd87

                                                              SHA1

                                                              b89c7f6da1241ed98015dc347e70322832bcbe50

                                                              SHA256

                                                              9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                              SHA512

                                                              760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                              Download Submit

                                                            • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              404B

                                                              MD5

                                                              fce1e2b82f66f85755d113fb336a5d15

                                                              SHA1

                                                              d073c21b12fa5bdd642b25a06d52e9c513fb0606

                                                              SHA256

                                                              40721d69f9fe46ac44a2fb72ebef2195617ac6ee464c4eb5edb59e9c8b71fadb

                                                              SHA512

                                                              cd5a7414d99be7a8543b7fe617c57c454974a0bf1347ef610ceef5ac707efeeb7499e138c18428956302db99333f39e6ccaef268a95192b90c446414f67566e8

                                                              Download Submit

                                                            • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              412B

                                                              MD5

                                                              9db8094c5b7ae3bf7bb85896bffcdcfc

                                                              SHA1

                                                              2c83697a755d706c005cac4c5f828a701174ea89

                                                              SHA256

                                                              a37cbbf0447233eaed21c3cb2b78fd37e44f0a52b275d299c9957495b790e296

                                                              SHA512

                                                              020934fadedbe2ab9b90d9dfc0d687fe444f9966f96aab692b91cd43074fb786a9d5ebaf561b57ec0da338373584bcc7d3a80dc4dd35f070c6fb400b5469f8e6

                                                              Download Submit

                                                            • memory/456-1217-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/456-2398-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/456-2397-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/456-2176-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/456-1216-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/456-2175-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/1748-373-0x0000026653210000-0x000002665325C000-memory.dmp

                                                              Filesize

                                                              304KB

                                                              Download

                                                            • memory/1748-379-0x000002663AA20000-0x000002663AA28000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/1748-370-0x000002663A0A0000-0x000002663A108000-memory.dmp

                                                              Filesize

                                                              416KB

                                                              Download

                                                            • memory/1748-371-0x000002663A9B0000-0x000002663A9FA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/1748-372-0x000002663A5A0000-0x000002663A5BC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/1748-385-0x0000026653430000-0x0000026653456000-memory.dmp

                                                              Filesize

                                                              152KB

                                                              Download

                                                            • memory/1748-374-0x0000026653370000-0x00000266533B8000-memory.dmp

                                                              Filesize

                                                              288KB

                                                              Download

                                                            • memory/1748-383-0x0000026653460000-0x000002665348A000-memory.dmp

                                                              Filesize

                                                              168KB

                                                              Download

                                                            • memory/1748-376-0x000002663A970000-0x000002663A97A000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/1748-375-0x000002663A960000-0x000002663A968000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/1748-377-0x00000266534F0000-0x00000266535CC000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/1748-378-0x00000266535D0000-0x0000026653682000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/1748-380-0x0000026653410000-0x0000026653418000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/1748-384-0x0000026653740000-0x000002665377A000-memory.dmp

                                                              Filesize

                                                              232KB

                                                              Download

                                                            • memory/1748-382-0x0000026653690000-0x00000266536F8000-memory.dmp

                                                              Filesize

                                                              416KB

                                                              Download

                                                            • memory/1748-381-0x0000026653420000-0x0000026653428000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/1752-1831-0x00000202D2980000-0x00000202D2998000-memory.dmp

                                                              Filesize

                                                              96KB

                                                              Download

                                                            • memory/1752-1828-0x00000202D2010000-0x00000202D201C000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/1752-1837-0x00000202EB1A0000-0x00000202EB252000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/1752-1854-0x00000202D29A0000-0x00000202D29C0000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/1776-1121-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/1776-517-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/1776-1120-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/1776-1088-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/1776-944-0x00000000030A0000-0x0000000003267000-memory.dmp

                                                              Filesize

                                                              1.8MB

                                                              Download

                                                            • memory/1776-941-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/1776-553-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/1776-520-0x0000000003060000-0x0000000003227000-memory.dmp

                                                              Filesize

                                                              1.8MB

                                                              Download

                                                            • memory/2436-1865-0x0000022777B20000-0x0000022777BD2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/2436-1856-0x0000022776930000-0x0000022776940000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/2436-1869-0x0000022776E30000-0x0000022776E44000-memory.dmp

                                                              Filesize

                                                              80KB

                                                              Download

                                                            • memory/2436-1866-0x0000022777240000-0x00000227772A6000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/2436-1862-0x0000022776CF0000-0x0000022776D10000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/2724-79-0x0000000004E20000-0x0000000004E42000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/2724-80-0x0000000005000000-0x0000000005354000-memory.dmp

                                                              Filesize

                                                              3.3MB

                                                              Download

                                                            • memory/2724-76-0x0000000004F40000-0x0000000004FF2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/2836-275-0x000001D5A58A0000-0x000001D5A5950000-memory.dmp

                                                              Filesize

                                                              704KB

                                                              Download

                                                            • memory/2836-272-0x000001D58C760000-0x000001D58C792000-memory.dmp

                                                              Filesize

                                                              200KB

                                                              Download

                                                            • memory/2836-277-0x000001D58D000000-0x000001D58D01C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/3060-2324-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3060-2161-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3060-2160-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3060-3029-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3060-3030-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3060-1174-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3060-1175-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3060-2323-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3268-328-0x00000231AC4D0000-0x00000231AC585000-memory.dmp

                                                              Filesize

                                                              724KB

                                                              Download

                                                            • memory/3268-3032-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3268-330-0x00000231AC700000-0x00000231AC72A000-memory.dmp

                                                              Filesize

                                                              168KB

                                                              Download

                                                            • memory/3268-1215-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3268-1214-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3268-329-0x00000231AC4A0000-0x00000231AC4AA000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/3268-327-0x00000231AC4B0000-0x00000231AC4CC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/3268-3769-0x0000000072E00000-0x00000000731CD000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3268-3768-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3268-331-0x00000231AC700000-0x00000231AC724000-memory.dmp

                                                              Filesize

                                                              144KB

                                                              Download

                                                            • memory/3268-424-0x00000231AC6D0000-0x00000231AC6EC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/3268-430-0x00000231AC4B0000-0x00000231AC4BA000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/3268-3031-0x00000000731D0000-0x00000000732EC000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3312-1634-0x00000194D5CF0000-0x00000194D5D0A000-memory.dmp

                                                              Filesize

                                                              104KB

                                                              Download

                                                            • memory/3312-1657-0x00000194EEA50000-0x00000194EEB02000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/3312-1858-0x00000194EF140000-0x00000194EF668000-memory.dmp

                                                              Filesize

                                                              5.2MB

                                                              Download

                                                            • memory/3312-1626-0x00000194D5850000-0x00000194D585A000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/3588-160-0x0000023F38370000-0x0000023F38408000-memory.dmp

                                                              Filesize

                                                              608KB

                                                              Download

                                                            • memory/3588-148-0x0000023F1DD70000-0x0000023F1DD98000-memory.dmp

                                                              Filesize

                                                              160KB

                                                              Download

                                                            • memory/3588-164-0x0000023F1E170000-0x0000023F1E182000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/3588-165-0x0000023F1F9B0000-0x0000023F1F9EC000-memory.dmp

                                                              Filesize

                                                              240KB

                                                              Download

                                                            • memory/3920-205-0x0000027424DD0000-0x0000027424DF2000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/3920-200-0x0000027424E20000-0x0000027424ED2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/3920-241-0x00000274253B0000-0x00000274253E8000-memory.dmp

                                                              Filesize

                                                              224KB

                                                              Download

                                                            • memory/3964-110-0x0000000004BB0000-0x0000000004C16000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/4052-1580-0x00000235E76E0000-0x00000235E7734000-memory.dmp

                                                              Filesize

                                                              336KB

                                                              Download

                                                            • memory/4052-1212-0x00000235E7660000-0x00000235E767C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/4052-1213-0x00000235FFEA0000-0x00000235FFF52000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4052-1211-0x00000235E6CE0000-0x00000235E6CF2000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/4316-1864-0x00000179DB930000-0x00000179DB950000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/4316-1863-0x00000179F4230000-0x00000179F42E2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4316-1860-0x00000179DB0C0000-0x00000179DB0D2000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/4316-1861-0x00000179DB900000-0x00000179DB910000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/4740-1838-0x0000016E70220000-0x0000016E7026A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/4740-1826-0x0000016E574A0000-0x0000016E574BC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/4740-1822-0x0000016E57960000-0x0000016E579AA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/4740-1800-0x0000016E570A0000-0x0000016E570D4000-memory.dmp

                                                              Filesize

                                                              208KB

                                                              Download

                                                            • memory/4740-1830-0x0000016E579B0000-0x0000016E579C8000-memory.dmp

                                                              Filesize

                                                              96KB

                                                              Download

                                                            • memory/4740-1833-0x0000016E574C0000-0x0000016E574CA000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/4740-1872-0x0000016E70610000-0x0000016E706EC000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/4740-1868-0x0000016E70470000-0x0000016E70522000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4964-39-0x0000000004CF0000-0x0000000004D1E000-memory.dmp

                                                              Filesize

                                                              184KB

                                                              Download

                                                            • memory/4964-43-0x0000000004D20000-0x0000000004D2C000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/4996-301-0x00000149E49E0000-0x00000149E4A92000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4996-300-0x00000149CB780000-0x00000149CB796000-memory.dmp

                                                              Filesize

                                                              88KB

                                                              Download

                                                            • memory/4996-302-0x00000149CBC50000-0x00000149CBC6C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5348-1859-0x0000014426E40000-0x0000014426E8A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5348-1855-0x000001440DDB0000-0x000001440DDC0000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/5348-1867-0x000001440E720000-0x000001440E73C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5460-1834-0x0000025849EA0000-0x0000025849F52000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5460-1836-0x0000025831600000-0x000002583161C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5460-1842-0x0000025849DE0000-0x0000025849E28000-memory.dmp

                                                              Filesize

                                                              288KB

                                                              Download

                                                            • memory/5460-1636-0x0000025830C30000-0x0000025830C6A000-memory.dmp

                                                              Filesize

                                                              232KB

                                                              Download

                                                            • memory/5904-1832-0x0000025631D30000-0x0000025631D7A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5904-1827-0x0000025631470000-0x0000025631482000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/5904-1849-0x0000025631850000-0x000002563186C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5948-1821-0x000001CAD3440000-0x000001CAD345C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5948-1857-0x000001CAEBF30000-0x000001CAEBFE0000-memory.dmp

                                                              Filesize

                                                              704KB

                                                              Download

                                                            • memory/5948-1651-0x000001CAD2C00000-0x000001CAD2C0C000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/5948-1714-0x000001CAD35A0000-0x000001CAD35EA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download