Overview

overview

10

Static

static

10

9219d0815a...78.msi

windows7-x64

10

9219d0815a...78.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2025, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78.msi

  • Size

    2.9MB

  • MD5

    7c2346e58afd0cc0337fc935cd41d9c4

  • SHA1

    32189bee035e465d2df8bb15c5d168f8eff6f187

  • SHA256

    9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78

  • SHA512

    b7267d28ec63ce3b3a2bd247094bf1a4cc8891549a4d43f8875ba1e37f97f3a1a6bddcbc8f9be009fc12a3836dd9d759394ec5a38ef87c8425990d42ce3cb9e2

  • SSDEEP

    49152:M+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:M+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 44 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 61 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3868
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:1068
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 1354508C18B7238A6C04444980B7C710
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1540
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI2A57.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240659312 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3320
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI2DB3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240659968 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:1328
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI346B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240661671 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3124
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI44CB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240665828 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1052
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding A47FB292F86F0EA028BF0B1FD44FCC5D E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4764
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:4588
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4552
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Pps1uIAB" /AgentId="bc7061ef-62fd-4396-81e5-216cb5c1531f"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:2836
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding F98B35DFE96514988191F7DF14A4DA3A E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:2512
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{83BC7C39-1113-4A37-9AC9-BF159ED74FB5}
          3⤵
          • Executes dropped EXE
          PID:3768
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2C252109-DD11-4595-B738-0E2FBAB6B7E6}
          3⤵
          • Executes dropped EXE
          PID:2156
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C6513069-3722-4996-902A-E817EE8CD997}
          3⤵
          • Executes dropped EXE
          PID:4320
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{23BD2889-9DFB-49A7-AE58-B9234B811316}
          3⤵
          • Executes dropped EXE
          PID:1956
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BA32468A-FB9F-4C53-BB3E-F99BB5CCD8CD}
          3⤵
          • Executes dropped EXE
          PID:1416
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{994483CB-7555-4CB8-9B6E-DBD89F71401C}
          3⤵
          • Executes dropped EXE
          PID:4616
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{95F46251-849F-4B96-8CFC-1983AE2A7E60}
          3⤵
          • Executes dropped EXE
          PID:2952
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{18691769-7DC8-41F3-9CB0-0BF95BFDF321}
          3⤵
          • Executes dropped EXE
          PID:1856
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{999C907F-9A11-49C5-A7E3-0B931EBAAB40}
          3⤵
          • Executes dropped EXE
          PID:4584
        • C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe
          C:\Windows\TEMP\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_is8BEF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{372B3DF2-15C4-43D1-85F3-5DB558166B0B}
          3⤵
          • Executes dropped EXE
          PID:3328
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4796
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2280
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3964
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4612
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2328
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1328
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1936
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4584
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2936
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:5104
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1412
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2368
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1956
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1176
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1948
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3428
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3044
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAudioChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:5104
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2580
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRVirtualDisplay.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2368
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F77E5D26-8255-4237-B5E8-567CFBD69006}
          3⤵
          • Executes dropped EXE
          PID:4200
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C813A9A2-E417-4126-A7D5-24DAD237DAEB}
          3⤵
          • Executes dropped EXE
          PID:4572
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{923AA891-AB7D-4946-B6E1-824C55B5759D}
          3⤵
          • Executes dropped EXE
          PID:1620
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D1B7808B-9C31-4001-8B63-02AC79F3B56F}
          3⤵
          • Executes dropped EXE
          PID:880
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E96A8032-FDCC-407F-8E6F-A818EE44D304}
          3⤵
          • Executes dropped EXE
          PID:4784
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7251AADC-1DE7-47C6-B7C7-96972C5D56D4}
          3⤵
          • Executes dropped EXE
          PID:1716
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BB7DAFC6-1667-4E94-BA5B-0007E1E0DD24}
          3⤵
          • Executes dropped EXE
          PID:3596
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6EA3E5FD-6DA9-4388-9328-4F2DBFA8706F}
          3⤵
          • Executes dropped EXE
          PID:1468
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AC531151-30C0-4AF3-92F9-8DFC06CEF921}
          3⤵
          • Executes dropped EXE
          PID:4084
        • C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
          C:\Windows\TEMP\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6DCD88BD-F8DC-49F3-93CB-D69BD87B408D}
          3⤵
          • Executes dropped EXE
          PID:2992
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B43FC505-BBDB-49E0-BE23-FCC0F364031F}
          3⤵
          • Executes dropped EXE
          PID:3256
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68ED3171-15F1-4FD7-89B2-918C7A2B0B27}
          3⤵
          • Executes dropped EXE
          PID:4612
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9244FAA5-057C-4300-8F60-6C4B334463CB}
          3⤵
          • Executes dropped EXE
          PID:2836
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0157005A-2883-4D82-B2B3-581A4C4AB5C1}
          3⤵
          • Executes dropped EXE
          PID:1716
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{834B6C46-D889-421F-B241-B9BC16B21B9C}
          3⤵
          • Executes dropped EXE
          PID:4904
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A7438642-CEFA-4AA0-9D94-054E695D9CBD}
          3⤵
          • Executes dropped EXE
          PID:4084
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C8B489CC-EACD-461C-AC07-6A5D071B5B01}
          3⤵
          • Executes dropped EXE
          PID:4200
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F247FD1E-91B9-483B-A2EF-78DD5F4B4A8D}
          3⤵
          • Executes dropped EXE
          PID:736
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B22F605-5139-444B-AE6F-274BFCF822F3}
          3⤵
          • Executes dropped EXE
          PID:4320
        • C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe
          C:\Windows\TEMP\{3A1B8521-C374-4FB7-8DAA-54F1CA55B679}\_isB841.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B987B1A9-6002-4B0B-B798-988FF69C3772}
          3⤵
          • Executes dropped EXE
          PID:1324
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2476
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3280
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:2900
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:4784
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:4904
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
              3⤵
              • Drops file in Program Files directory
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:2368
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B8D1A1DF-4449-4076-8A0A-54E812456756}
              3⤵
              • Executes dropped EXE
              PID:1716
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{817727B0-F4EA-4163-80A0-8267BC6DE301}
              3⤵
              • Executes dropped EXE
              PID:1756
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01096F46-F914-46CC-849C-204A140692E0}
              3⤵
              • Executes dropped EXE
              PID:1108
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E575687-F93A-46B5-8FCF-6D3491C73EBB}
              3⤵
              • Executes dropped EXE
              PID:5076
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E58EB64E-91F7-4188-A313-597E27700EA8}
              3⤵
              • Executes dropped EXE
              PID:3256
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B6AF0068-45CA-4A77-B20F-F80B3D067005}
              3⤵
              • Executes dropped EXE
              PID:968
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4BF1E259-7C37-41BB-9AD7-659848F238F8}
              3⤵
              • Executes dropped EXE
              PID:2852
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6C28C978-BA09-48A2-9850-6A78F418907F}
              3⤵
              • Executes dropped EXE
              PID:4992
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54A6A7B8-A30C-4D07-84F9-C9940B31D114}
              3⤵
              • Executes dropped EXE
              PID:3148
            • C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe
              C:\Windows\TEMP\{15F4FE05-73BB-45A1-906A-4FC0197A94F0}\_isCDA0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B3F14BA2-F580-4013-B555-73F5BF04DEF4}
              3⤵
              • Executes dropped EXE
              PID:4976
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              PID:1160
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2309178B-C392-48F3-A6DD-07BF7C003443}
              3⤵
              • Executes dropped EXE
              PID:4540
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{835DEFAF-E8C8-4DB6-851C-93378B96CDD8}
              3⤵
              • Executes dropped EXE
              PID:1816
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F98D79DB-0EB5-462A-B3AC-19189D27512F}
              3⤵
              • Executes dropped EXE
              PID:4296
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B8C14785-9E29-470C-88F5-5DF5AD1814AB}
              3⤵
              • Executes dropped EXE
              PID:4932
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10A10899-57F7-4145-B70C-754C1B15A6FD}
              3⤵
              • Executes dropped EXE
              PID:4012
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3334F4D9-A2D1-4814-B837-7092388C8F8E}
              3⤵
              • Executes dropped EXE
              PID:4084
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{18CC6576-9F11-4FFD-9783-7B52F7661910}
              3⤵
              • Executes dropped EXE
              PID:1052
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AD0024B8-08AE-4C32-967E-BF5F7ADD424F}
              3⤵
              • Executes dropped EXE
              PID:2852
            • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
              C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{94239929-1A1C-4150-969E-9E9D31FBD057}
              3⤵
                PID:1716
              • C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe
                C:\Windows\TEMP\{A714F05C-BA71-48E4-84B3-F626B9A38CAC}\_isD2E0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54133064-DFA0-433C-886A-50A164404EA8}
                3⤵
                  PID:1324
                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:4296
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding B6F652605F78530832019E54AE051790 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5128
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSIFE53.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240713437 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                  3⤵
                  • Drops file in System32 directory
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:6024
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI365.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240714625 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  • Modifies data under HKEY_USERS
                  PID:3728
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI16A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240719515 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                  3⤵
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:392
                • C:\Windows\SysWOW64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:5196
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:4816
                • C:\Windows\SysWOW64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:5992
                • C:\Windows\syswow64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:3952
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:4692
                • C:\Windows\syswow64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:5444
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI3F30.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240729890 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:5520
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                2⤵
                • Drops file in System32 directory
                • Drops file in Program Files directory
                PID:4908
              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="917df9d9-2ac7-482e-a83f-e7cf3bb467c1"
                2⤵
                • Drops file in System32 directory
                • Modifies data under HKEY_USERS
                PID:5396
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding C5DD11914374894A774EB0FCE2FAFCB1 E Global\MSI0000
                2⤵
                  PID:6128
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 781878A44DDAE59A750DC16B184A9BDC E Global\MSI0000
                  2⤵
                    PID:1860
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding F8561DD5E4FC239500E27446AD62F0E7 E Global\MSI0000
                    2⤵
                      PID:5152
                  • C:\Windows\system32\vssvc.exe
                    C:\Windows\system32\vssvc.exe
                    1⤵
                    • Checks SCSI registry key(s)
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4456
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                    1⤵
                    • Drops file in System32 directory
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Modifies system certificate store
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:2284
                    • C:\Windows\System32\sc.exe
                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      2⤵
                      • Launches sc.exe
                      PID:5056
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "3f7892cb-9432-44d4-97a4-feacdc3b9f62" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Pps1uIAB
                      2⤵
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1108
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "d7139455-7c4f-488d-9540-65ae0849d6a5" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Pps1uIAB
                      2⤵
                      • Executes dropped EXE
                      PID:788
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "cf7717b6-0d04-43b2-9bb2-8625f16512cd" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Pps1uIAB
                      2⤵
                      • Executes dropped EXE
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:3256
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                        3⤵
                        • Drops file in System32 directory
                        • Command and Scripting Interpreter: PowerShell
                        • Modifies data under HKEY_USERS
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1612
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        3⤵
                        • Suspicious use of WriteProcessMemory
                        PID:2792
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          PID:1180
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "a0ea5449-fda9-4bd4-8281-6f1125b4675c" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Pps1uIAB
                      2⤵
                      • Downloads MZ/PE file
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:2664
                      • C:\Windows\TEMP\SplashtopStreamer.exe
                        "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                        3⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Modifies data under HKEY_USERS
                        • Suspicious use of SetWindowsHookEx
                        • Suspicious use of WriteProcessMemory
                        PID:3848
                        • C:\Windows\Temp\unpack\PreVerCheck.exe
                          "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                          4⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of WriteProcessMemory
                          PID:756
                          • C:\Windows\SysWOW64\msiexec.exe
                            msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                            5⤵
                            • System Location Discovery: System Language Discovery
                            PID:4444
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "23d6116c-b06c-4e24-a31f-6752253a49a7" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Pps1uIAB
                      2⤵
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:4888
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                    1⤵
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:3240
                    • C:\Windows\System32\sc.exe
                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      2⤵
                      • Launches sc.exe
                      PID:3056
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "37ea9e5f-7a4f-4b46-97df-f4597df2aa0a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Pps1uIAB
                      2⤵
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4396
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "639d2278-592f-4d63-9ac1-977a7f7bf659" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Pps1uIAB
                      2⤵
                        PID:3800
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                          3⤵
                          • Drops file in System32 directory
                          • Command and Scripting Interpreter: PowerShell
                          • Modifies data under HKEY_USERS
                          PID:5672
                        • C:\Windows\System32\cmd.exe
                          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          3⤵
                            PID:5848
                            • C:\Windows\system32\cscript.exe
                              cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                              4⤵
                              • Modifies data under HKEY_USERS
                              PID:4304
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "8fe2abec-36b2-4134-a42a-8f0050548764" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Pps1uIAB
                          2⤵
                          • Drops file in Program Files directory
                          PID:5032
                          • C:\Windows\SYSTEM32\msiexec.exe
                            "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                            3⤵
                            • Modifies data under HKEY_USERS
                            PID:872
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "1c1ba794-05e4-4267-a601-b0c1c17c7524" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Pps1uIAB
                          2⤵
                          • Drops file in System32 directory
                          PID:3224
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "e3fc9c19-404a-465e-8ac2-a180227ba0ba" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Pps1uIAB
                          2⤵
                            PID:6116
                            • C:\Windows\TEMP\SplashtopStreamer.exe
                              "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                              3⤵
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of SetWindowsHookEx
                              PID:5736
                              • C:\Windows\Temp\unpack\PreVerCheck.exe
                                "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                4⤵
                                • System Location Discovery: System Language Discovery
                                PID:5880
                                • C:\Windows\SysWOW64\msiexec.exe
                                  msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_SERVERMODE=0 CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                                  5⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:5324
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=e100ae0afc214c67d0d6f8ea44570db6&rmm_session_pwd_ttl=86400"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:1028
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "6806274c-8954-4b5c-8af2-028b081a05bf" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Pps1uIAB
                            2⤵
                            • Drops file in System32 directory
                            • Modifies registry class
                            PID:5208
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "1224fb8b-84cf-4286-af12-9ab888d026fe" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Pps1uIAB
                            2⤵
                            • Drops file in System32 directory
                            PID:5216
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "1b3ed727-413f-4e21-bf45-9d82aa00e3e1" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Pps1uIAB
                            2⤵
                            • Drops file in System32 directory
                            PID:1712
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "dd8c348d-7e0d-4a83-bd36-aeaa8410bfe1" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Pps1uIAB
                            2⤵
                            • Downloads MZ/PE file
                            PID:1388
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:2836
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5180
                            • C:\Program Files\dotnet\dotnet.exe
                              "C:\Program Files\dotnet\dotnet" --list-runtimes
                              3⤵
                              • System Time Discovery
                              PID:4352
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                              3⤵
                                PID:3564
                                • C:\Windows\Temp\{1D9D58C2-D73E-4844-BFE1-38070B6EB87D}\.cr\8-0-11.exe
                                  "C:\Windows\Temp\{1D9D58C2-D73E-4844-BFE1-38070B6EB87D}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=584 -burn.filehandle.self=724 /repair /quiet /norestart
                                  4⤵
                                  • System Time Discovery
                                  PID:6048
                                  • C:\Windows\Temp\{1FD2C672-ABD6-4D50-AB29-BD23AEE0B35A}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                    "C:\Windows\Temp\{1FD2C672-ABD6-4D50-AB29-BD23AEE0B35A}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{9D3DB153-53D0-40C3-A6F4-F30B9BD23F54} {28A7C67C-EFE1-4CC6-A5FB-28B577CC30A2} 6048
                                    5⤵
                                    • System Time Discovery
                                    PID:2864
                              • C:\Windows\SYSTEM32\cmd.exe
                                "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                3⤵
                                • System Time Discovery
                                PID:3664
                                • C:\Program Files\dotnet\dotnet.exe
                                  dotnet --list-runtimes
                                  4⤵
                                  • System Time Discovery
                                  PID:4620
                              • C:\Windows\SYSTEM32\cmd.exe
                                "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                3⤵
                                • System Time Discovery
                                PID:2112
                                • C:\Program Files\dotnet\dotnet.exe
                                  dotnet --list-runtimes
                                  4⤵
                                  • System Time Discovery
                                  PID:2984
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "0016751e-4d8b-43b6-9b24-c38ae7514a53" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Pps1uIAB
                              2⤵
                                PID:3020
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "791db654-9da9-4335-8441-918c51b4a471" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Pps1uIAB
                                2⤵
                                • Drops file in System32 directory
                                PID:2044
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "dab55325-d30e-40aa-89fc-11d4918c8c64" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Pps1uIAB
                                2⤵
                                  PID:5320
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "a8bed70f-6033-44e3-9d9c-1bfdd12b5683" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Pps1uIAB
                                  2⤵
                                  • Drops file in System32 directory
                                  PID:5500
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "8afabdb0-38fa-493f-be9f-248a44e227aa" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Pps1uIAB
                                  2⤵
                                    PID:5556
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "1c8b28be-6350-46f8-bb38-2da1e5f6bbf3" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Pps1uIAB
                                    2⤵
                                    • Drops file in System32 directory
                                    • Drops file in Program Files directory
                                    PID:5744
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3596
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                    2⤵
                                    • Drops file in System32 directory
                                    • Drops file in Program Files directory
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    • Modifies data under HKEY_USERS
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4780
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                      -h -t
                                      3⤵
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4976
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                      3⤵
                                      • Drops file in Program Files directory
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      PID:2936
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                        4⤵
                                          PID:1652
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:1160
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:4888
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                          SRUtility.exe -r
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:6072
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                        3⤵
                                          PID:5548
                                          • C:\Windows\System32\cmd.exe
                                            "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                            4⤵
                                              PID:3728
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /c ver
                                                5⤵
                                                  PID:6072
                                                • C:\Windows\system32\sc.exe
                                                  sc query ddmgr
                                                  5⤵
                                                  • Launches sc.exe
                                                  PID:872
                                                • C:\Windows\system32\sc.exe
                                                  sc query lci_proxykmd
                                                  5⤵
                                                  • Launches sc.exe
                                                  PID:392
                                                • C:\Windows\system32\rundll32.exe
                                                  rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                                  5⤵
                                                    PID:5536
                                          • C:\Windows\system32\backgroundTaskHost.exe
                                            "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                            1⤵
                                              PID:1324
                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                              1⤵
                                                PID:4016
                                                • C:\Windows\System32\sc.exe
                                                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                  2⤵
                                                  • Launches sc.exe
                                                  PID:5928
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "72eaa53a-f84d-44ed-84ad-f191ecbed032" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Pps1uIAB
                                                  2⤵
                                                    PID:5744
                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                      3⤵
                                                      • Command and Scripting Interpreter: PowerShell
                                                      PID:6012
                                                    • C:\Windows\System32\cmd.exe
                                                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                      3⤵
                                                        PID:4368
                                                        • C:\Windows\system32\cscript.exe
                                                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                          4⤵
                                                            PID:5760
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "62749592-3cfa-40df-84ef-b11c94b35881" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Pps1uIAB
                                                        2⤵
                                                          PID:3552
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "b7ddeb80-d40c-4e0d-a22a-1b75a13927ed" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Pps1uIAB
                                                          2⤵
                                                            PID:2052
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "43d1c94a-30ca-415c-9570-01322fbe9d42" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Pps1uIAB
                                                            2⤵
                                                              PID:5852
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "c204c44b-04d1-489e-a062-e82c1abd9d84" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Pps1uIAB
                                                              2⤵
                                                                PID:4616
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "32f0a16c-51dc-4b81-8d74-04410e78a22a" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Pps1uIAB
                                                                2⤵
                                                                  PID:5396
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "70a48d74-b44e-442c-91b9-28313f8383cc" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Pps1uIAB
                                                                  2⤵
                                                                    PID:2284
                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "fd941da6-f148-41c0-bb8e-a3d939308e2f" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Pps1uIAB
                                                                    2⤵
                                                                      PID:5464
                                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=e100ae0afc214c67d0d6f8ea44570db6&rmm_session_pwd_ttl=86400"
                                                                        3⤵
                                                                          PID:5368
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "9c4be377-76d0-41e9-95fb-3371afd16b37" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Pps1uIAB
                                                                        2⤵
                                                                          PID:3124
                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "d00102b4-8d96-496b-84f8-7ded4e380ef0" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Pps1uIAB
                                                                          2⤵
                                                                            PID:5448
                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "444d3213-5274-47b3-b764-d556dd6eccf0" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Pps1uIAB
                                                                            2⤵
                                                                              PID:1528
                                                                              • C:\Windows\SYSTEM32\cmd.exe
                                                                                "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                                3⤵
                                                                                • System Time Discovery
                                                                                PID:6844
                                                                                • C:\Program Files\dotnet\dotnet.exe
                                                                                  dotnet --list-runtimes
                                                                                  4⤵
                                                                                  • System Time Discovery
                                                                                  PID:4044
                                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "7225fb67-7b3b-4e12-87b8-48a15e8f13be" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Pps1uIAB
                                                                              2⤵
                                                                                PID:1176
                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "bec07d34-07a5-4c71-b763-d514ac793d0a" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Pps1uIAB
                                                                                2⤵
                                                                                  PID:6188
                                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "a7595920-e3e2-4876-a656-4c1d6019d357" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Pps1uIAB
                                                                                  2⤵
                                                                                    PID:6740
                                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" bc7061ef-62fd-4396-81e5-216cb5c1531f "35a34d52-1b7a-416e-aae8-561bbd4cfa65" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Pps1uIAB
                                                                                    2⤵
                                                                                      PID:5364
                                                                                      • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                                        "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "bc7061ef-62fd-4396-81e5-216cb5c1531f" "35a34d52-1b7a-416e-aae8-561bbd4cfa65" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000Pps1uIAB"
                                                                                        3⤵
                                                                                          PID:5728
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                                      1⤵
                                                                                        PID:3116
                                                                                        • C:\Windows\system32\DrvInst.exe
                                                                                          DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000144" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                                          2⤵
                                                                                            PID:5660
                                                                                          • C:\Windows\system32\DrvInst.exe
                                                                                            DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "000000000000017C" "WinSta0\Default" "0000000000000160" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                                            2⤵
                                                                                              PID:5392
                                                                                            • C:\Windows\system32\DrvInst.exe
                                                                                              DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "000000000000017C"
                                                                                              2⤵
                                                                                                PID:5948
                                                                                              • C:\Windows\system32\DrvInst.exe
                                                                                                DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                                                2⤵
                                                                                                  PID:6104

                                                                                              Network

                                                                                              MITRE ATT&CK Enterprise v15

                                                                                              Reconnaissance

                                                                                              Resource Development

                                                                                              Initial Access

                                                                                              Execution

                                                                                              Command and Scripting Interpreter

                                                                                              1
                                                                                              T1059

                                                                                              PowerShell

                                                                                              1
                                                                                              T1059.001

                                                                                              Persistence

                                                                                              Event Triggered Execution

                                                                                              2
                                                                                              T1546

                                                                                              Component Object Model Hijacking

                                                                                              1
                                                                                              T1546.015

                                                                                              Installer Packages

                                                                                              1
                                                                                              T1546.016

                                                                                              Privilege Escalation

                                                                                              Event Triggered Execution

                                                                                              2
                                                                                              T1546

                                                                                              Component Object Model Hijacking

                                                                                              1
                                                                                              T1546.015

                                                                                              Installer Packages

                                                                                              1
                                                                                              T1546.016

                                                                                              Defense Evasion

                                                                                              Modify Registry

                                                                                              1
                                                                                              T1112

                                                                                              Subvert Trust Controls

                                                                                              1
                                                                                              T1553

                                                                                              Install Root Certificate

                                                                                              1
                                                                                              T1553.004

                                                                                              System Binary Proxy Execution

                                                                                              1
                                                                                              T1218

                                                                                              Msiexec

                                                                                              1
                                                                                              T1218.007

                                                                                              Credential Access

                                                                                              Discovery

                                                                                              Peripheral Device Discovery

                                                                                              2
                                                                                              T1120

                                                                                              Query Registry

                                                                                              4
                                                                                              T1012

                                                                                              System Information Discovery

                                                                                              3
                                                                                              T1082

                                                                                              System Location Discovery

                                                                                              1
                                                                                              T1614

                                                                                              System Language Discovery

                                                                                              1
                                                                                              T1614.001

                                                                                              System Time Discovery

                                                                                              1
                                                                                              T1124

                                                                                              Lateral Movement

                                                                                              Collection

                                                                                              Command and Control

                                                                                              Exfiltration

                                                                                              Impact

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Config.Msi\e5829ac.rbs
                                                                                                Filesize

                                                                                                8KB

                                                                                                MD5

                                                                                                22f5c50d89205565b8a201e5d0d32043

                                                                                                SHA1

                                                                                                6472e01a9ef16010dce19c5f5c10fa5f87e5030c

                                                                                                SHA256

                                                                                                5ec1f4f82bfcafc7704de2841af349566d25532574a47c8370748cd33f4bdce2

                                                                                                SHA512

                                                                                                1fcba2493b2afe48640bbc669d97da857e2cdd77736c70e84a0d13a00b909c23f5a1cddb36f74ed03bd60b76eb5a02c0a0575f1430bb057c8ab55a3f1ce6664d

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829b1.rbs
                                                                                                Filesize

                                                                                                74KB

                                                                                                MD5

                                                                                                6bcb00d46d3fb8c44fb85cd439b6591c

                                                                                                SHA1

                                                                                                8abff5ef7d0f1d39b4d46c70d610b6c247bc03d4

                                                                                                SHA256

                                                                                                45b4179fe9f74cfb4379ba3fef6730a200d3530a83d5f8fcbb30a88899f598fd

                                                                                                SHA512

                                                                                                f1b726d9058738b8f6b05b3040e4f2860d4d39c566322589595ec0b166ab9ce4201000cb9b6661cde39f00b0c3030607544890c60bc6f8f9448a804bd625693b

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829b3.rbs
                                                                                                Filesize

                                                                                                464B

                                                                                                MD5

                                                                                                90b92a93e9e0aa3e53073fa2d0c78f50

                                                                                                SHA1

                                                                                                9fa684bbf8361dc7d2024ff9abd03527e588299e

                                                                                                SHA256

                                                                                                e653713594983ba6bcdf707114fa7078f475c21dbc558567aea124c0c51c2c94

                                                                                                SHA512

                                                                                                c0861eed743cb72ae454dd8d5413592564291d40b38fd8f6972fa3d6371b2e04a5ef739501d67c53bc84c9cc4c9c7fa58469cd928c761c140769ef2cb4412bd3

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829b9.rbs
                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                8802bee6ef52b327e19267c29ac6a164

                                                                                                SHA1

                                                                                                3743cc1b3a25024c1e1cc47b1153eb0cd7636570

                                                                                                SHA256

                                                                                                53cd7d267534709adfebb7fdcb74c2aefba7c341fede8110c494915cf19d0047

                                                                                                SHA512

                                                                                                4192040c915d9a57536e9eb939b068d71b89081b100689fd59a4f4351ee8c87a594a50f5413194f1eb86cd990c5e0bdcced5584eb3f02206aaebe245800ced86

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829c1.rbs
                                                                                                Filesize

                                                                                                8KB

                                                                                                MD5

                                                                                                9a503a847654b1905326b75c029a00b8

                                                                                                SHA1

                                                                                                564688ded60d27eec72ad310bf45356dd7bc5164

                                                                                                SHA256

                                                                                                e697d65e28a73fa4c7032fc0ad2c26c21cb910c7ddfb05f3e54d9e457a1d0d20

                                                                                                SHA512

                                                                                                107ead3c7a0a1eae50667f9331c625c0c4bc5330eadc357d177effbbdd904dc3cf9359e9fb7c4f74fc1ec622cae7ae6d4d8793bc6a2a24a0b55e1720d0db19db

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829c6.rbs
                                                                                                Filesize

                                                                                                48KB

                                                                                                MD5

                                                                                                8751d03e11f4c5ce14dacf20507db681

                                                                                                SHA1

                                                                                                ffe948fb32358b74fb5b1ca6c367a9487c3ab278

                                                                                                SHA256

                                                                                                b95d7891835bf7fc6e41945d8d31ff0d1b54eae214e9cfddefc2aac4bc806bc8

                                                                                                SHA512

                                                                                                55f954cc5f7b716c73862c9123696ee3261d006e5b468014f86d470a8674139c231b514f7612557583506a7e816d90e144c8d1cc42f4f95da7344aea1bf6ef34

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829cb.rbs
                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                6ac27c6b18cbfbc0808737428a754544

                                                                                                SHA1

                                                                                                68eb083965a04a6504d6f6f2065bc6b68b0a34bc

                                                                                                SHA256

                                                                                                a17c04eaa5e2289c9ab23eeeb5f58605561acc753e25f827e9370e57007354d1

                                                                                                SHA512

                                                                                                f6ed87106d29b2b8b8ab8d451b85488f645883498b6c00e89b87b1ec83f03f1abdda19f0376fb691856d9eca3f009f86e5f00ef0d59db8c12c899924af83339d

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829d0.rbs
                                                                                                Filesize

                                                                                                11KB

                                                                                                MD5

                                                                                                b25489f040dfce8fd44a0218f451cc88

                                                                                                SHA1

                                                                                                fcc5326a312491a5ec265e6b554a9fd45d9666f9

                                                                                                SHA256

                                                                                                b6d3ea6adca71742b8115d70e4a3a748321a8621ace645abe51e407e17c2c72f

                                                                                                SHA512

                                                                                                88ddcf2d680b0821036a886cbc36f0480899a8cdd353c131c5e6faa0e0ce828aabaf7ac136a334ae499d238d9d29a349511ac7c9f6111918768b4bb02a82dcc5

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829d5.rbs
                                                                                                Filesize

                                                                                                8KB

                                                                                                MD5

                                                                                                8ec39f64b606e74fae10b5940acf0ff6

                                                                                                SHA1

                                                                                                8f526ef7c85f88a477f12f111e5eadfba787ee3b

                                                                                                SHA256

                                                                                                f7f9b63c6aba3dc9c3461f3660621e5125fdbc95bc55193a4ec456d9ad2ccf9c

                                                                                                SHA512

                                                                                                4620cfc2fe76a467a521cf53909caf6159ed35b7fa08268c9bd146af112d5c68dac57f8d3c888a012d4df54e5136017c0c7d48dfbe561a37828f868083cf567a

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829d6.rbf
                                                                                                Filesize

                                                                                                143KB

                                                                                                MD5

                                                                                                33b4c87f18b4c49114d7a8980241657a

                                                                                                SHA1

                                                                                                254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                                                SHA256

                                                                                                587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                                                SHA512

                                                                                                42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                                                Download Submit

                                                                                              • C:\Config.Msi\e5829d7.rbf
                                                                                                Filesize

                                                                                                3B

                                                                                                MD5

                                                                                                21438ef4b9ad4fc266b6129a2f60de29

                                                                                                SHA1

                                                                                                5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                                                SHA256

                                                                                                13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                                                SHA512

                                                                                                37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                337079222a6f6c6edf58f3f981ff20ae

                                                                                                SHA1

                                                                                                1f705fc0faa84c69e1fe936b34783b301323e255

                                                                                                SHA256

                                                                                                ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                                                                SHA512

                                                                                                ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                Filesize

                                                                                                142KB

                                                                                                MD5

                                                                                                477293f80461713d51a98a24023d45e8

                                                                                                SHA1

                                                                                                e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                                                SHA256

                                                                                                a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                                                SHA512

                                                                                                23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                b3bb71f9bb4de4236c26578a8fae2dcd

                                                                                                SHA1

                                                                                                1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                                                SHA256

                                                                                                e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                                                SHA512

                                                                                                fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                                                Filesize

                                                                                                210KB

                                                                                                MD5

                                                                                                c106df1b5b43af3b937ace19d92b42f3

                                                                                                SHA1

                                                                                                7670fc4b6369e3fb705200050618acaa5213637f

                                                                                                SHA256

                                                                                                2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                                                SHA512

                                                                                                616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                                                Filesize

                                                                                                693KB

                                                                                                MD5

                                                                                                2c4d25b7fbd1adfd4471052fa482af72

                                                                                                SHA1

                                                                                                fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                                                SHA256

                                                                                                2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                                                SHA512

                                                                                                f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                                                Filesize

                                                                                                146KB

                                                                                                MD5

                                                                                                8d477b63bc5a56ae15314bda8dea7a3a

                                                                                                SHA1

                                                                                                3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                                                SHA256

                                                                                                9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                                                SHA512

                                                                                                44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                                                Filesize

                                                                                                145KB

                                                                                                MD5

                                                                                                2b9beb2fdbc41afc48d68d32ef41dd08

                                                                                                SHA1

                                                                                                4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                                                SHA256

                                                                                                977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                                                SHA512

                                                                                                3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                                                Filesize

                                                                                                51KB

                                                                                                MD5

                                                                                                3180c705182447f4bcc7ce8e2820b25d

                                                                                                SHA1

                                                                                                ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                                                SHA256

                                                                                                5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                                                SHA512

                                                                                                228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                                                Filesize

                                                                                                12B

                                                                                                MD5

                                                                                                1e065e191e89cc811ff49c96fa8fa5e6

                                                                                                SHA1

                                                                                                bc50ff2a20a8b83683583684fcac640a91689ed4

                                                                                                SHA256

                                                                                                d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                                                                                SHA512

                                                                                                5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                Filesize

                                                                                                247KB

                                                                                                MD5

                                                                                                aa5cf64d575b7544eefd77f256c4dc57

                                                                                                SHA1

                                                                                                bd23989db4f9af0aae34d032e817d802c06ca5a9

                                                                                                SHA256

                                                                                                79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                                                                                SHA512

                                                                                                774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                                                Filesize

                                                                                                546B

                                                                                                MD5

                                                                                                158fb7d9323c6ce69d4fce11486a40a1

                                                                                                SHA1

                                                                                                29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                                                                SHA256

                                                                                                5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                                                                SHA512

                                                                                                7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                                                Filesize

                                                                                                688KB

                                                                                                MD5

                                                                                                111e2e63bccead95bb5ffc53c9282070

                                                                                                SHA1

                                                                                                eaae7df21e291aa089bc101b1e265ca202be1225

                                                                                                SHA256

                                                                                                9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

                                                                                                SHA512

                                                                                                ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                                                Filesize

                                                                                                27KB

                                                                                                MD5

                                                                                                797c9554ec56fd72ebb3f6f6bef67fb5

                                                                                                SHA1

                                                                                                40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                                                SHA256

                                                                                                7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                                                SHA512

                                                                                                4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                                Filesize

                                                                                                214KB

                                                                                                MD5

                                                                                                01807774f043028ec29982a62fa75941

                                                                                                SHA1

                                                                                                afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                                                SHA256

                                                                                                9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                                                SHA512

                                                                                                33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                                                Filesize

                                                                                                37KB

                                                                                                MD5

                                                                                                efb4712c8713cb05eb7fe7d87a83a55a

                                                                                                SHA1

                                                                                                c94d106bba77aecf88540807da89349b50ea5ae7

                                                                                                SHA256

                                                                                                30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                                                SHA512

                                                                                                3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                                                Filesize

                                                                                                3.4MB

                                                                                                MD5

                                                                                                93e4c198656fc267f392de11dee01cd0

                                                                                                SHA1

                                                                                                e92cb59486745ee7564f5b374e790a065e1f4678

                                                                                                SHA256

                                                                                                88b220f9f9bf25f856dda714aa1a1ae998720780cd3ec5b968154e03834fa965

                                                                                                SHA512

                                                                                                3a04a02982dbbbb9d54b6c5674f2f2c10e0cbce580e3974cd924cc9131cd94aece71c7b975c9abaae82f057c70243fb016d31339e8700c96bd55c434bb98105f

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                                Filesize

                                                                                                397KB

                                                                                                MD5

                                                                                                810f893e58861909b134fa72e3bc90cd

                                                                                                SHA1

                                                                                                524977f32836634132d23997b23304574d8d156a

                                                                                                SHA256

                                                                                                b83b6c1f64b6700d7444586a6214858a1479c58571f5e7bf4f023166c9016733

                                                                                                SHA512

                                                                                                db463d34a37403a9248d463ae63989b40a0172d9543bda922dacb10a624eb603700628a67d9c86df2605c36d789902ec79228aa29f26c49be0195c54a9e4a191

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                                Filesize

                                                                                                197KB

                                                                                                MD5

                                                                                                d0d21e16e57a1a73056eae228da1e287

                                                                                                SHA1

                                                                                                ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                                                                SHA256

                                                                                                3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                                                                SHA512

                                                                                                470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                                                Filesize

                                                                                                56KB

                                                                                                MD5

                                                                                                cb9890b01a396f64d702ad10f441003a

                                                                                                SHA1

                                                                                                44c086ce6bb8078e252f41f5becc1cb650ff2f33

                                                                                                SHA256

                                                                                                1a7194e86b266261501b7ed1ad3ea13fe73dfeeddcd1ba884894a0155bdbe2ea

                                                                                                SHA512

                                                                                                6cea4a2e31bd33cc13a9f5ea4d162b75bed863db2569b0ed46c7389f3bcdba3333cdddcf2ea83c95ce3678458796d4a476f151705cf256e0f4edba6cd1cac952

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                9d1528a2ce17522f6de064ae2c2b608e

                                                                                                SHA1

                                                                                                2f1ce8b589e57ab300bb93dde176689689f75114

                                                                                                SHA256

                                                                                                11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                                                                SHA512

                                                                                                a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.5744.update
                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                14ffcf07375b3952bd3f2fe52bb63c14

                                                                                                SHA1

                                                                                                ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                                                                SHA256

                                                                                                6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                                                                SHA512

                                                                                                14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                                                                Filesize

                                                                                                13KB

                                                                                                MD5

                                                                                                9c9e4cc62c7e95918bf86498129253ef

                                                                                                SHA1

                                                                                                fa7e27d48a43d0ea3df7e315f6e3c422f22b11d8

                                                                                                SHA256

                                                                                                6f96a653a8a412d5fb39441b9915031f017139763ff4678b62898e36162cf0e3

                                                                                                SHA512

                                                                                                38891aad7fda4100c3874fce2eb8dbeeb54a6f4be8aada0560a56a5ea5b97631260dc0ed737ec4a83d2754df19fb7278ef7551c6ecf6af429649bbb98786b1a0

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                                                                Filesize

                                                                                                2B

                                                                                                MD5

                                                                                                81051bcc2cf1bedf378224b0a93e2877

                                                                                                SHA1

                                                                                                ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                                                                SHA256

                                                                                                7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                                                                SHA512

                                                                                                1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                                                Filesize

                                                                                                54KB

                                                                                                MD5

                                                                                                77c613ffadf1f4b2f50d31eeec83af30

                                                                                                SHA1

                                                                                                76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                                                                SHA256

                                                                                                2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                                                                SHA512

                                                                                                29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                                                Filesize

                                                                                                334KB

                                                                                                MD5

                                                                                                09447f135f7f4486c165061cf443c569

                                                                                                SHA1

                                                                                                3ad4264db3112f845d35c112aabea9cbb2e21afa

                                                                                                SHA256

                                                                                                0142e2ca4f93c9631591065dc53944a86e4b961620f4faf1fe8b61a8b2867c9b

                                                                                                SHA512

                                                                                                be678fb5ca389198a5cc474c8e9e9d0c79a92a582cb81325b13d8be226725ad04faa6ecc3b4b7cecaedaa6f15ec13f01c0276100ee19faaf0a1b1dd7d061f31b

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                Filesize

                                                                                                71KB

                                                                                                MD5

                                                                                                67fef41237025021cd4f792e8c24e95a

                                                                                                SHA1

                                                                                                c47a5a33f182c8244798819e2dc5a908d51703e8

                                                                                                SHA256

                                                                                                c936879fbb1aa6d51fe1cdc0e351f933f835c0bf0e30aef99a4e19a07a920029

                                                                                                SHA512

                                                                                                232015fe6bee6637d915648a256474fc3df79415ac90babdfc2e3ded06c2f36fce85573ec7670f2a05126aa5f24a570b36885e386061666d9eaa1f0da67a093e

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                                Filesize

                                                                                                50KB

                                                                                                MD5

                                                                                                5bb0687e2384644ea48f688d7e75377b

                                                                                                SHA1

                                                                                                44e4651a52517570894cfec764ec790263b88c4a

                                                                                                SHA256

                                                                                                963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                                                SHA512

                                                                                                260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                                Filesize

                                                                                                32KB

                                                                                                MD5

                                                                                                2ec1d28706b9713026e8c6814e231d7c

                                                                                                SHA1

                                                                                                7ef12a01182d28a5ebf049cc1cb80619cd1e391a

                                                                                                SHA256

                                                                                                c9514bf67df87ac6cc1002f3585d5b6f7d4093a7a794d524fa8c635f052733de

                                                                                                SHA512

                                                                                                9e23588dc6d721f42e309974c3f3089f845f10d1dee87fb26213ba3810ee3c272d758632cf1c9157f6862ba0e582afc49c1ee51540461f41840650f216f35aeb

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                                Filesize

                                                                                                56KB

                                                                                                MD5

                                                                                                e9794f785780945d2dde78520b9bb59f

                                                                                                SHA1

                                                                                                293cae66cedbc7385cd49819587d3d5a61629422

                                                                                                SHA256

                                                                                                0568e0d210de9b344f9ce278291acb32106d8425bdd467998502c1a56ac92443

                                                                                                SHA512

                                                                                                1a3c15e18557a14f0df067478f683e8b527469126792fae7b78361dad29317ff7b9d307b5a35e303487e2479d34830aa7e894f2906efff046436428ada9a4534

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                                                Filesize

                                                                                                588KB

                                                                                                MD5

                                                                                                17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                                                SHA1

                                                                                                bc0316e11c119806907c058d62513eb8ce32288c

                                                                                                SHA256

                                                                                                13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                                                SHA512

                                                                                                f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                                                Filesize

                                                                                                225B

                                                                                                MD5

                                                                                                cdb53a56b9b573346998b88d5684edd8

                                                                                                SHA1

                                                                                                47b1968a49b43507732f48140a26ce6768c920ee

                                                                                                SHA256

                                                                                                84eae759418ba2a1e2505049ab4df164291626b235dc278c873d8e397dd0a892

                                                                                                SHA512

                                                                                                12e88b3c71dd4c8a9b51b4685eb812b3584cb5c9823040183ab6b0f6859558ffa71514607a7273cb2f4a85ae632c44bf9387c476e65074edd200adcfbb363c08

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                                                Filesize

                                                                                                9KB

                                                                                                MD5

                                                                                                1ef7574bc4d8b6034935d99ad884f15b

                                                                                                SHA1

                                                                                                110709ab33f893737f4b0567f9495ac60c37667c

                                                                                                SHA256

                                                                                                0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                                                SHA512

                                                                                                947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                f512536173e386121b3ebd22aac41a4e

                                                                                                SHA1

                                                                                                74ae133215345beaebb7a95f969f34a40dda922a

                                                                                                SHA256

                                                                                                a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                                                SHA512

                                                                                                1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                                                Filesize

                                                                                                76KB

                                                                                                MD5

                                                                                                b40fe65431b18a52e6452279b88954af

                                                                                                SHA1

                                                                                                c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                                                SHA256

                                                                                                800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                                                SHA512

                                                                                                e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                                                Filesize

                                                                                                80KB

                                                                                                MD5

                                                                                                3904d0698962e09da946046020cbcb17

                                                                                                SHA1

                                                                                                edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                                                SHA256

                                                                                                a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                                                SHA512

                                                                                                c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                                                Download Submit

                                                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                                                Filesize

                                                                                                96KB

                                                                                                MD5

                                                                                                b8b8975dab8687945d82e2b8a4686fba

                                                                                                SHA1

                                                                                                ed1d2e0e5e5a48a116f128b7515ad23321c45e53

                                                                                                SHA256

                                                                                                9a313403b3db4d68352c9e4fc4cc789cb912c3455b437474b1d1d9d20eaa7138

                                                                                                SHA512

                                                                                                50efb6b1f1e0282c6d4e9619aaee929252c9f4e16f39e37469cbd90ea801d2aa9fb3a987997d039a7e8373edd10d7648066a48785d1b2e4f1a88ccf0f6481fd6

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                                Filesize

                                                                                                287B

                                                                                                MD5

                                                                                                fcad4da5d24f95ebf38031673ddbcdb8

                                                                                                SHA1

                                                                                                3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                                                                SHA256

                                                                                                7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                                                                SHA512

                                                                                                1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                                Filesize

                                                                                                717B

                                                                                                MD5

                                                                                                ef0a07aec4367a64c16c581da2657aa9

                                                                                                SHA1

                                                                                                13011a5abcbadb3424fb6ecee560665556bb1d24

                                                                                                SHA256

                                                                                                f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                                                                                                SHA512

                                                                                                35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                                                Filesize

                                                                                                7KB

                                                                                                MD5

                                                                                                362ce475f5d1e84641bad999c16727a0

                                                                                                SHA1

                                                                                                6b613c73acb58d259c6379bd820cca6f785cc812

                                                                                                SHA256

                                                                                                1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                                                SHA512

                                                                                                7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                                                Filesize

                                                                                                1.3MB

                                                                                                MD5

                                                                                                40df7f2a02cdfa70ae76d70d21473428

                                                                                                SHA1

                                                                                                4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                                                SHA256

                                                                                                f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                                                SHA512

                                                                                                2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                                                Filesize

                                                                                                1.8MB

                                                                                                MD5

                                                                                                5ed9543e9f5826ead203316ef0a8863d

                                                                                                SHA1

                                                                                                8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                                                SHA256

                                                                                                33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                                                SHA512

                                                                                                5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                                                Filesize

                                                                                                1.1MB

                                                                                                MD5

                                                                                                9a9b1fd85b5f1dcd568a521399a0d057

                                                                                                SHA1

                                                                                                34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                                                SHA256

                                                                                                88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                                                SHA512

                                                                                                7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                                                Filesize

                                                                                                383KB

                                                                                                MD5

                                                                                                f6f297c704f4f4c13d50f971daea3b56

                                                                                                SHA1

                                                                                                118581c847ea863ff8bca0a38b5469577ac6b227

                                                                                                SHA256

                                                                                                a92e1c423c30b6bb4c73f8807890b6020e12cad4143ebf6548d6562cd04f0b4b

                                                                                                SHA512

                                                                                                b312447f381d48b68308b68cd841a4274897fe4e4bd5ea3fcdfd598a6926db1ad43443bf7c0b103fdf06e1b511f5ea1b2e8018abc62a39b9b7f2d4be17a7c848

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                                                Filesize

                                                                                                321KB

                                                                                                MD5

                                                                                                d3901e62166e9c42864fe3062cb4d8d5

                                                                                                SHA1

                                                                                                c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                                                SHA256

                                                                                                dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                                                SHA512

                                                                                                ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                                                Filesize

                                                                                                814KB

                                                                                                MD5

                                                                                                9b1f97a41bfb95f148868b49460d9d04

                                                                                                SHA1

                                                                                                768031d5e877e347a249dfdeab7c725df941324b

                                                                                                SHA256

                                                                                                09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                                                SHA512

                                                                                                9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                                                Filesize

                                                                                                1.2MB

                                                                                                MD5

                                                                                                e74d2a16da1ddb7f9c54f72b8a25897c

                                                                                                SHA1

                                                                                                32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                                                SHA256

                                                                                                a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                                                SHA512

                                                                                                52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                                                                Filesize

                                                                                                11B

                                                                                                MD5

                                                                                                5eda46a55c61b07029e7202f8cf1781c

                                                                                                SHA1

                                                                                                862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                                                                SHA256

                                                                                                12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                                                                SHA512

                                                                                                4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                                Filesize

                                                                                                48KB

                                                                                                MD5

                                                                                                b4a865268d5aca5f93bab91d7d83c800

                                                                                                SHA1

                                                                                                95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                                                SHA256

                                                                                                5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                                                SHA512

                                                                                                c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                                Filesize

                                                                                                48KB

                                                                                                MD5

                                                                                                08f1a72dfe22926efeddcd6b0fe71257

                                                                                                SHA1

                                                                                                8380e359811fbff15f6ffae7a7ad4f9d7d6ce34f

                                                                                                SHA256

                                                                                                8081309290869e82950ebc86ebfb710b53404250dc3d5e40068b0d644b7382af

                                                                                                SHA512

                                                                                                955e2f2c056f7e553b55dd857a503e0fa5df72bb1b92dcf41ddad36134d2408373836a9f68334db422803a874b4db4317067b34c7b5d8941d155d602fe6ee925

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                                Filesize

                                                                                                48KB

                                                                                                MD5

                                                                                                2354eb37c360d7c8429102cee79365f6

                                                                                                SHA1

                                                                                                3bea991f637e70376ae558eff4d88cf1da53cf71

                                                                                                SHA256

                                                                                                01c8cd5f6e15982b1c2a7403283aba610c999dfd396697a70b9294a3f746cb3a

                                                                                                SHA512

                                                                                                c35e112ae95d26033d1d13af557608a16c33028bb4f169a324767be431998ef8b4521798d1aef06dfa34252708a1469851a5b1f145bb4070e01ff18a725e6f36

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                                                Filesize

                                                                                                2.4MB

                                                                                                MD5

                                                                                                b9e9b20a22e4abfb75119d820f528524

                                                                                                SHA1

                                                                                                769824ae44d90a79cbc1894120266ec4d4328cd1

                                                                                                SHA256

                                                                                                bcf905714b4af02f9cb683822832d0cc129e7cc289ee51b12e0d25464d5096cd

                                                                                                SHA512

                                                                                                66557feec03185819edd8a98e5254447d4d78aaff700ede8a9c0f0f47d23476e8d6c70a35aca58a68288e4c1e5c2d6d4f64635fe13678a06c97ee827a159ac9e

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                                                                Filesize

                                                                                                2.9MB

                                                                                                MD5

                                                                                                108bc29224053a4735170bcb644cc73c

                                                                                                SHA1

                                                                                                9a4b8929e890443dc8204fccbf4bdb6c6c853a3e

                                                                                                SHA256

                                                                                                7c7c62702b5a6ca58084c1ec776116d1a7d697d7a104f2bb705676088c8614c8

                                                                                                SHA512

                                                                                                883d76dd6b1395bb545461ec0a88cf797524f922e8787abb27ca681ed72fe75c57732c5e17c7181509f98242871b7afc0398f69d7b04a043edc21b57dc88482a

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                                                Filesize

                                                                                                1.1MB

                                                                                                MD5

                                                                                                6c6f85e896655a6eb726482f04c49086

                                                                                                SHA1

                                                                                                2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                                                                SHA256

                                                                                                e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                                                                SHA512

                                                                                                b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                                                Filesize

                                                                                                541B

                                                                                                MD5

                                                                                                d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                                                SHA1

                                                                                                e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                                                SHA256

                                                                                                7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                                                SHA512

                                                                                                a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                                                Filesize

                                                                                                12B

                                                                                                MD5

                                                                                                b22628235c1f44ae054091c8fdc82d23

                                                                                                SHA1

                                                                                                70c8e5abd9d2d8a18b769f6e71819fb53b273b9b

                                                                                                SHA256

                                                                                                b31673e38897d5d84558e2745d02c553649a50063a9f0e7de7e71bba89916232

                                                                                                SHA512

                                                                                                c1097690938f3edcba20802dfb77880fb29d1f8b70c62fa76d1828613d57355fd04c0b3d26da90128db2df2e63e4e30c8e195b84452c0931b8cb2f043d5bba98

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                                                Filesize

                                                                                                670KB

                                                                                                MD5

                                                                                                96e50bbca30d75af7b8b40acf8dda817

                                                                                                SHA1

                                                                                                4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                                                SHA256

                                                                                                a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                                                SHA512

                                                                                                0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                                                Filesize

                                                                                                3.1MB

                                                                                                MD5

                                                                                                8e70af11d0ee2abe139b40d67e70b73c

                                                                                                SHA1

                                                                                                18582e88e16255d5d267904bdf0357ec9ff333e0

                                                                                                SHA256

                                                                                                5c687adaa48b83de220e8489e0ceb0093be1f94260750c8d94a1b8497781327e

                                                                                                SHA512

                                                                                                3a845ed4ab368b0dde7e98d77fb796e9070f6bb9472ea833e52b19eb5bd47260e0b288fd3c8d19235bd9ded6f7b11ea10985ad871c8f5c82751249301d3ee4a6

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.ini
                                                                                                Filesize

                                                                                                12B

                                                                                                MD5

                                                                                                9a5e9a329e4e73e0c499371205a810db

                                                                                                SHA1

                                                                                                5b6d85657d4acd89867283fbe372e9e85c30686f

                                                                                                SHA256

                                                                                                d109087c4ca318cad74b7560c32594d37181885adbdc9348ba1dd35d47b35b92

                                                                                                SHA512

                                                                                                02bd5261b9e795ed5a07badd65a6cf71d18751452fb44bdd424dfcc6c50ba7441e0066b125e731018fd6f1a8a002ac4e6961c7eff21c36fbda58c8015a100c43

                                                                                                Download Submit

                                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                                                                Filesize

                                                                                                570KB

                                                                                                MD5

                                                                                                b50834694383960830cf48d9836e1108

                                                                                                SHA1

                                                                                                adc80813181b98a8296befa2960a55f939f3bfee

                                                                                                SHA256

                                                                                                370a259808052366888284b0cc4c91ff8f23e8008003959b8d0efb1adbf00cd6

                                                                                                SHA512

                                                                                                f87be933e87275b000be031aa5df7536dfd5fe9b99a607ce0904f206e074d3a0687a00654b9b78edaa2fccf3d30526e0ee5bd7dcba4a5daafd6fc60eeaaa15c5

                                                                                                Download Submit

                                                                                              • C:\Program Files\dotnet\dotnet.exe
                                                                                                Filesize

                                                                                                143KB

                                                                                                MD5

                                                                                                71026b098f8fb39c88b003df746d9fa0

                                                                                                SHA1

                                                                                                013ca259f551ad6f33db53fff0e121e74408e20e

                                                                                                SHA256

                                                                                                11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                                                SHA512

                                                                                                9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                                                Download Submit

                                                                                              • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\b77ac4e219b9acb516b9e162de63cbbf
                                                                                                Filesize

                                                                                                16KB

                                                                                                MD5

                                                                                                b2e89027a140a89b6e3eb4e504e93d96

                                                                                                SHA1

                                                                                                f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                                                SHA256

                                                                                                5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                                                SHA512

                                                                                                93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                                                Download Submit

                                                                                              • C:\ProgramData\chocolatey\config\chocolatey.config
                                                                                                Filesize

                                                                                                809B

                                                                                                MD5

                                                                                                8b6737800745d3b99886d013b3392ac3

                                                                                                SHA1

                                                                                                bb94da3f294922d9e8d31879f2d145586a182e19

                                                                                                SHA256

                                                                                                86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                                                                SHA512

                                                                                                654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                                                                Download Submit

                                                                                              • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                                                                Filesize

                                                                                                12KB

                                                                                                MD5

                                                                                                51603ca549866b9866ede9f3b472f63b

                                                                                                SHA1

                                                                                                1970fdef322fff321dd62140f2317592d24dd137

                                                                                                SHA256

                                                                                                18d484754652f26168be02cd900273897a519de0c621eeb0b477b0193f93f2cc

                                                                                                SHA512

                                                                                                1fa95ebd3228c606037da3f50854dd376c66cb4141fbc19b0ecb5adca79fa9315d97320312053c9b039937664ec2d60eeb2c04d12578b295bd4dff6fe1a16749

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                Filesize

                                                                                                471B

                                                                                                MD5

                                                                                                b37eee2552522d51b5d8045e6397c56a

                                                                                                SHA1

                                                                                                df7cede952d9088326533e0675f9af3a0412cb2e

                                                                                                SHA256

                                                                                                2f47246e72e3f6cc3e5172cc555fbf2bf4a018653a8b0f7ef36a437a149c2c88

                                                                                                SHA512

                                                                                                189c7961e872c9001c5decf65113076adb7b3b76a43d047d34308b61082e0b59aa90182c3f53e87432233e731259bb590a0ef18f3ab173da7212d9b5ba701a97

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                                Filesize

                                                                                                727B

                                                                                                MD5

                                                                                                24d222ee7debdef2e6f7eed37c0e9386

                                                                                                SHA1

                                                                                                7cfabfee8e5279173f608640a1b538273f9429cb

                                                                                                SHA256

                                                                                                20732c43abdaf5f834a7e9cf020923271fbd5bd61ee479dc31226949ecb1d2a5

                                                                                                SHA512

                                                                                                05f3ea8f321d313d4661e1e5f0301c0348e562744cd65f74b6f43d086c3d13921dd69eab238d4729b5296276c9a63ef69ad74443ad4fec2578c5b29608911492

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                Filesize

                                                                                                727B

                                                                                                MD5

                                                                                                1f4aca3f1d6132d5aa09ff222366c452

                                                                                                SHA1

                                                                                                a6622c29db4a742b1d0d71ddf08c8b172c77e0fe

                                                                                                SHA256

                                                                                                eddb0f07b88e8cb2ee8a9f7735e00262751a31f50a4fa5d6ec187aa3650b9217

                                                                                                SHA512

                                                                                                5d68e1762d26e6f55f0e69d4835dc48b2d771637156eaba64919926c8db3d7dc15dba528ddbc4531926a0576624eef54c36c33227f5e5ceab6466702da6697b9

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                Filesize

                                                                                                400B

                                                                                                MD5

                                                                                                96723fe4c9233a3f2891f543e9104def

                                                                                                SHA1

                                                                                                29749dd470ff25b9837adcf1ed507ba5c9a19dad

                                                                                                SHA256

                                                                                                0e2edece685143710c4720bad1bb06ed771bec196b5de88d88d4fc534133a3dd

                                                                                                SHA512

                                                                                                9e4c84e1967ea493c3193d6407ceb6b6cde588f040bd6126c0bdbc12c65cda245c659c9899cf7cb8310f58bfbc4af06343121edaa3916e5815826eba7fbd49d4

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                                Filesize

                                                                                                404B

                                                                                                MD5

                                                                                                e6ad4cf029a030d1e50df0a5f2d4da48

                                                                                                SHA1

                                                                                                dc356fd344ab7758534247d680c0b2de42b62c65

                                                                                                SHA256

                                                                                                1ecb5854660be7c2d3aa7327d402e3b2885d20ed22f600d55c1873e4fd926eae

                                                                                                SHA512

                                                                                                32855a8e4b6e1cb1659be5b6020c9fcbee443d46a83188bb18e115d01b3ab3db1fa065eb9422502a789e6775c14abd3a21f4540ff6f3323a03f6a06de1f20912

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                Filesize

                                                                                                412B

                                                                                                MD5

                                                                                                db543961372a5a584d6fbbc91c2b606c

                                                                                                SHA1

                                                                                                87b45ce299ef1faecde14961b65fc7d9b43b7cf6

                                                                                                SHA256

                                                                                                3899d3d14ac64dfa3fbcf6ef9b9cd2ada511abb3375d20a2ae337fab4c34fd15

                                                                                                SHA512

                                                                                                f01e9c2a910c387b4ca40db8424036bf02903a01e36492fb94bd2f9019dbc81c9c7690da427f73d2f61c9a4d97d2cbe7242017323c7ee7382dd927dff05f6f01

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                                                Filesize

                                                                                                651B

                                                                                                MD5

                                                                                                9bbfe11735bac43a2ed1be18d0655fe2

                                                                                                SHA1

                                                                                                61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                                                SHA256

                                                                                                549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                                                SHA512

                                                                                                a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSI2A57.tmp
                                                                                                Filesize

                                                                                                509KB

                                                                                                MD5

                                                                                                88d29734f37bdcffd202eafcdd082f9d

                                                                                                SHA1

                                                                                                823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                                                SHA256

                                                                                                87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                                                SHA512

                                                                                                1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSI2A57.tmp-\AlphaControlAgentInstallation.dll
                                                                                                Filesize

                                                                                                25KB

                                                                                                MD5

                                                                                                aa1b9c5c685173fad2dabebeb3171f01

                                                                                                SHA1

                                                                                                ed756b1760e563ce888276ff248c734b7dd851fb

                                                                                                SHA256

                                                                                                e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                                                SHA512

                                                                                                d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSI2A57.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                                                Filesize

                                                                                                179KB

                                                                                                MD5

                                                                                                1a5caea6734fdd07caa514c3f3fb75da

                                                                                                SHA1

                                                                                                f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                                                SHA256

                                                                                                cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                                                SHA512

                                                                                                a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSI2DB3.tmp-\CustomAction.config
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                bc17e956cde8dd5425f2b2a68ed919f8

                                                                                                SHA1

                                                                                                5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                                                SHA256

                                                                                                e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                                                SHA512

                                                                                                02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSI2DB3.tmp-\Newtonsoft.Json.dll
                                                                                                Filesize

                                                                                                695KB

                                                                                                MD5

                                                                                                715a1fbee4665e99e859eda667fe8034

                                                                                                SHA1

                                                                                                e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                                                SHA256

                                                                                                c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                                                SHA512

                                                                                                bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSI375B.tmp
                                                                                                Filesize

                                                                                                211KB

                                                                                                MD5

                                                                                                a3ae5d86ecf38db9427359ea37a5f646

                                                                                                SHA1

                                                                                                eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                                                SHA256

                                                                                                c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                                                SHA512

                                                                                                96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSI75F3.tmp
                                                                                                Filesize

                                                                                                219KB

                                                                                                MD5

                                                                                                928f4b0fc68501395f93ad524a36148c

                                                                                                SHA1

                                                                                                084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                                                SHA256

                                                                                                2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                                                SHA512

                                                                                                7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSIB6F5.tmp
                                                                                                Filesize

                                                                                                4.5MB

                                                                                                MD5

                                                                                                08211c29e0d617a579ffa2c41bde1317

                                                                                                SHA1

                                                                                                4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                                                SHA256

                                                                                                3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                                                SHA512

                                                                                                d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\MSIFE53.tmp-\System.Management.dll
                                                                                                Filesize

                                                                                                60KB

                                                                                                MD5

                                                                                                878e361c41c05c0519bfc72c7d6e141c

                                                                                                SHA1

                                                                                                432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                                                SHA256

                                                                                                24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                                                SHA512

                                                                                                59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\e5829ab.msi
                                                                                                Filesize

                                                                                                2.9MB

                                                                                                MD5

                                                                                                7c2346e58afd0cc0337fc935cd41d9c4

                                                                                                SHA1

                                                                                                32189bee035e465d2df8bb15c5d168f8eff6f187

                                                                                                SHA256

                                                                                                9219d0815a0320d65356c84003ea6d80935ebf855d2b7fbda79c4f38057a1e78

                                                                                                SHA512

                                                                                                b7267d28ec63ce3b3a2bd247094bf1a4cc8891549a4d43f8875ba1e37f97f3a1a6bddcbc8f9be009fc12a3836dd9d759394ec5a38ef87c8425990d42ce3cb9e2

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\e5829c7.msi
                                                                                                Filesize

                                                                                                8.8MB

                                                                                                MD5

                                                                                                00cb0877d3ba3cd7c66bba9c4b2df577

                                                                                                SHA1

                                                                                                bf1b6fe6d55b8c08634e719abf3c78fe9edce35b

                                                                                                SHA256

                                                                                                4bb80810194d0a1cbaa3a5c6dcdf6c71ec28b3b74ff4f1cc0606a80b9db42890

                                                                                                SHA512

                                                                                                0f32aaade4641f69ae8494c7adc69cfaa14f7d1584c8c5b5811d7ced1b8b642248bdff28eef5f90d5ad614555c9c667ed3b7f0fc1d878776e230252a765cec4e

                                                                                                Download Submit

                                                                                              • C:\Windows\Installer\e5829c8.msi
                                                                                                Filesize

                                                                                                772KB

                                                                                                MD5

                                                                                                d73de5788ab129f16afdd990d8e6bfa9

                                                                                                SHA1

                                                                                                88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                                                SHA256

                                                                                                4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                                                SHA512

                                                                                                bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{1d95dd57-c84a-b04e-a1f7-0e886d26a48f}\lci_proxywddm.cat
                                                                                                Filesize

                                                                                                12KB

                                                                                                MD5

                                                                                                8e16d54f986dbe98812fd5ec04d434e8

                                                                                                SHA1

                                                                                                8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                                                SHA256

                                                                                                7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                                                SHA512

                                                                                                e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{1d95dd57-c84a-b04e-a1f7-0e886d26a48f}\lci_proxywddm.inf
                                                                                                Filesize

                                                                                                2KB

                                                                                                MD5

                                                                                                0315a579f5afe989154cb7c6a6376b05

                                                                                                SHA1

                                                                                                e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                                                SHA256

                                                                                                d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                                                SHA512

                                                                                                c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{1d95dd57-c84a-b04e-a1f7-0e886d26a48f}\x64\lci_proxyumd.dll
                                                                                                Filesize

                                                                                                179KB

                                                                                                MD5

                                                                                                4dc11547a5fc28ca8f6965fa21573481

                                                                                                SHA1

                                                                                                d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                                                SHA256

                                                                                                e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                                                SHA512

                                                                                                bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{1d95dd57-c84a-b04e-a1f7-0e886d26a48f}\x64\lci_proxyumd32.dll
                                                                                                Filesize

                                                                                                135KB

                                                                                                MD5

                                                                                                67ae7b2c36c9c70086b9d41b4515b0a8

                                                                                                SHA1

                                                                                                ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                                                SHA256

                                                                                                79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                                                SHA512

                                                                                                4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{1d95dd57-c84a-b04e-a1f7-0e886d26a48f}\x64\lci_proxywddm.sys
                                                                                                Filesize

                                                                                                119KB

                                                                                                MD5

                                                                                                b9b0e9b4d93b18b99ece31a819d71d00

                                                                                                SHA1

                                                                                                2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                                                SHA256

                                                                                                0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                                                SHA512

                                                                                                465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{50b17683-eed7-fb4c-aff5-1c2d45e2958c}\lci_iddcx.cat
                                                                                                Filesize

                                                                                                10KB

                                                                                                MD5

                                                                                                62458e58313475c9a3642a392363e359

                                                                                                SHA1

                                                                                                e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                                                SHA256

                                                                                                85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                                                SHA512

                                                                                                49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{50b17683-eed7-fb4c-aff5-1c2d45e2958c}\lci_iddcx.inf
                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                1cec22ca85e1b5a8615774fca59a420b

                                                                                                SHA1

                                                                                                049a651751ef38321a1088af6a47c4380f9293fc

                                                                                                SHA256

                                                                                                60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                                                SHA512

                                                                                                0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                                                Download Submit

                                                                                              • C:\Windows\System32\DriverStore\Temp\{50b17683-eed7-fb4c-aff5-1c2d45e2958c}\x64\lci_iddcx.dll
                                                                                                Filesize

                                                                                                52KB

                                                                                                MD5

                                                                                                01e8bc64139d6b74467330b11331858d

                                                                                                SHA1

                                                                                                b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                                                SHA256

                                                                                                148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                                                SHA512

                                                                                                4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-02-57-07.dat
                                                                                                Filesize

                                                                                                602B

                                                                                                MD5

                                                                                                aa0b1d9fff7c427a244d06bddcd51333

                                                                                                SHA1

                                                                                                180fdc675897c07d7964612ef3e79fb749fbf983

                                                                                                SHA256

                                                                                                252b3e0abb25031fa2b768d62450106d57cc96afc2a5992287d33d5f7fb99f88

                                                                                                SHA512

                                                                                                3cc2899befd70c98c2f607576596defda364c69788cdda4ac5d934665c638003a15c8085bb41ed5c256773fc72ff955db05eefcf7b498c6aadefb571d0603c0f

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\InstallUtil.log
                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                b170d391956077ae25f723f0c92d2df1

                                                                                                SHA1

                                                                                                6fdab860dc01189d1f7cbdc30e1405e5bc4a37a7

                                                                                                SHA256

                                                                                                dbc5bbe17501a706845d08ad4ae6eadad3ff43fed5111256d2fd1d23fcf1c6c5

                                                                                                SHA512

                                                                                                6d1531f49425b5977cb1786b888437e6ed77bf0d4dc9d01453552a7fe168eff1ec56f3cf67a6f3ef042592207b3abfe2dfdae800a1a2ec82c30b332e476d51e9

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\InstallUtil.log
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                5a9d88345c48f8221a8c627e191cecab

                                                                                                SHA1

                                                                                                cf10c05cc27084772b973a2aceb34eaa9e18184b

                                                                                                SHA256

                                                                                                eacfea2b5c42b268831bcb4d9c27d2ef81f006fd2cbc0ed5f8be2c596a641eb4

                                                                                                SHA512

                                                                                                84c395a9986a01792cf9b28f3ed4bed45bf057f6f9ff8709b14661a131cd1dddca19bf91b238e293534d8a2e1848fa3b575ced19965ee85fd3e4372b541b3839

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\PreVer.log
                                                                                                Filesize

                                                                                                6KB

                                                                                                MD5

                                                                                                e394dae684ab6ab7702e91743ba58668

                                                                                                SHA1

                                                                                                54ee2a88b810d64bec5d5cced62395cbfb4b5fdb

                                                                                                SHA256

                                                                                                a9f5a1bc6fd2b75d9a4dc4d2e78dff996b5d295bd30ff3ac9f998f910f15d978

                                                                                                SHA512

                                                                                                bfd2cc2424acb786da075b485625ff78d207489473a60b03f29d8520bcc9bc74f1179e607f26adc64f1ee736c98956d6cac161805b331f283d0a957b63045f71

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\PreVer.log
                                                                                                Filesize

                                                                                                2KB

                                                                                                MD5

                                                                                                72d0f6cf2d0b9b868da0d6aaa8ada4e8

                                                                                                SHA1

                                                                                                7aae2372f953e8fcb346e0e94f467083d82849de

                                                                                                SHA256

                                                                                                f7cdd71e86eebfc569f59936120fca8a585d776e56594809992c407a9c969490

                                                                                                SHA512

                                                                                                3e868420416f0317f0388126ae20751b99d0da6530bbe72b00731f25ed5743003ee7c361ce4801423f24554ae1f8e43da79ef5e73d8ed704341edeb1458a7538

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\__PSScriptPolicyTest_hg1vtoxf.kt1.ps1
                                                                                                Filesize

                                                                                                60B

                                                                                                MD5

                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                SHA1

                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                SHA256

                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                SHA512

                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\unpack.log
                                                                                                Filesize

                                                                                                5KB

                                                                                                MD5

                                                                                                ad36b6526acdb8c3dfc99bdeabb5eecf

                                                                                                SHA1

                                                                                                c66862aa2ca65af0d8d841a1c9b5cee5353e5bfb

                                                                                                SHA256

                                                                                                9cacbac901aa031c20502b7c04e52cd6d93fbbedfe8ed93b8439ed70bd9c24a4

                                                                                                SHA512

                                                                                                9b9264624e471da2b6e291b85ffc9fcf357662b3b722dd9ebed3e0aa8805128c854730d9eec4b50391ae7f187844d1e0f3bb29a78457565173bf883b1029733d

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\unpack.log
                                                                                                Filesize

                                                                                                2KB

                                                                                                MD5

                                                                                                7c61449af3ea97798ef0e8fefd836d7b

                                                                                                SHA1

                                                                                                dd534161a37dd764de526cc2ea70158eae214eaa

                                                                                                SHA256

                                                                                                2cda088ed43ade4ef67919ea9df77d1a9a89b0c9beb6abb2d5a36886e2358a20

                                                                                                SHA512

                                                                                                e17d0d5becb0e7d92494fbc58aaa71ef632899e05491cacf52d0c5b66ae444f1ed9e7e8c5fb5bfd1b4eb5246fa2b2377af5c871b25d836865a40d0ff741bdbc8

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\unpack.log
                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                0c449fcbedd7e45d3ddeef82b1d0aadd

                                                                                                SHA1

                                                                                                7426e2f9216e1f2e08b03a28bbace8adcf0311bb

                                                                                                SHA256

                                                                                                b4c7ffdb15a0c649797f7a2b22c4eee587ad088709ea11f5b8249340c2b20f0e

                                                                                                SHA512

                                                                                                2097f1ab2c951367706274c595dba3dbe0e912b9265be1c037e3677380d43d42f10c16cc55a70936a63e36c875703846a3d03b1805564297081b3aa998c1229f

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                                Filesize

                                                                                                3.2MB

                                                                                                MD5

                                                                                                2c18826adf72365827f780b2a1d5ea75

                                                                                                SHA1

                                                                                                a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                                                SHA256

                                                                                                ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                                                SHA512

                                                                                                474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{1FD2C672-ABD6-4D50-AB29-BD23AEE0B35A}\.ba\bg.png
                                                                                                Filesize

                                                                                                4KB

                                                                                                MD5

                                                                                                9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                                                SHA1

                                                                                                eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                                                SHA256

                                                                                                9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                                                SHA512

                                                                                                9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{1FD2C672-ABD6-4D50-AB29-BD23AEE0B35A}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                                                Filesize

                                                                                                607KB

                                                                                                MD5

                                                                                                669de3ab32955e69decfe13a3c89891e

                                                                                                SHA1

                                                                                                ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                                                SHA256

                                                                                                2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                                                SHA512

                                                                                                be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\ISRT.dll
                                                                                                Filesize

                                                                                                427KB

                                                                                                MD5

                                                                                                85315ad538fa5af8162f1cd2fce1c99d

                                                                                                SHA1

                                                                                                31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                                                SHA256

                                                                                                70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                                                SHA512

                                                                                                877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{DB17F897-97A0-40FF-8DF4-3A7EA1AE5E9B}\_isres_0x0409.dll
                                                                                                Filesize

                                                                                                1.8MB

                                                                                                MD5

                                                                                                befe2ef369d12f83c72c5f2f7069dd87

                                                                                                SHA1

                                                                                                b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                                                SHA256

                                                                                                9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                                                SHA512

                                                                                                760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{F3733ED3-7131-49A0-AB07-05C6437376E3}\IsConfig.ini
                                                                                                Filesize

                                                                                                571B

                                                                                                MD5

                                                                                                d239b8964e37974225ad69d78a0a8275

                                                                                                SHA1

                                                                                                cf208e98a6f11d1807cd84ca61504ad783471679

                                                                                                SHA256

                                                                                                0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                                                SHA512

                                                                                                88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{F3733ED3-7131-49A0-AB07-05C6437376E3}\String1033.txt
                                                                                                Filesize

                                                                                                182KB

                                                                                                MD5

                                                                                                99bbffd900115fe8672c73fb1a48a604

                                                                                                SHA1

                                                                                                8f587395fa6b954affef337c70781ce00913950e

                                                                                                SHA256

                                                                                                57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                                                SHA512

                                                                                                d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{F3733ED3-7131-49A0-AB07-05C6437376E3}\_isA2D4.exe
                                                                                                Filesize

                                                                                                179KB

                                                                                                MD5

                                                                                                7a1c100df8065815dc34c05abc0c13de

                                                                                                SHA1

                                                                                                3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                                                SHA256

                                                                                                e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                                                SHA512

                                                                                                bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                                                Download Submit

                                                                                              • C:\Windows\Temp\{F3733ED3-7131-49A0-AB07-05C6437376E3}\setup.inx
                                                                                                Filesize

                                                                                                345KB

                                                                                                MD5

                                                                                                0376dd5b7e37985ea50e693dc212094c

                                                                                                SHA1

                                                                                                02859394164c33924907b85ab0aaddc628c31bf1

                                                                                                SHA256

                                                                                                c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                                                SHA512

                                                                                                69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                                                Download Submit

                                                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                                                Filesize

                                                                                                404B

                                                                                                MD5

                                                                                                0c08fa2e95fbad722cdb64da58fb63ba

                                                                                                SHA1

                                                                                                27d0f3c67eac78b393c932c7f6501960703cb2ae

                                                                                                SHA256

                                                                                                0ea52187c2c278deeffaf88a250fb2ab293b6170228251438d0404a3750e08a1

                                                                                                SHA512

                                                                                                4092cb1490c3b0f269108e1a249a91d2af07714753d562f645fd65799993da668d16c3f1dbb3a3779aa1c7cf5b3ec2421e93100526e2320164bfd724b30c6dea

                                                                                                Download Submit

                                                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                                Filesize

                                                                                                412B

                                                                                                MD5

                                                                                                2f28ee9e70473985f4ab90ef44c6c7bf

                                                                                                SHA1

                                                                                                41bc6e6a134bb2774e7c2cabdffcc3b507e45200

                                                                                                SHA256

                                                                                                86008e5098c8dd4d17b34c7460b5e85d3066c1a2e86705aae9d871f8bdc9a721

                                                                                                SHA512

                                                                                                3709a87e7077531c39d4e4e4361a532dbf1d0abccebf4fa278af3005f3ea7678a95129e6862c53edf108a25331570330dafa67f52f182847b33f6cbe381c703c

                                                                                                Download Submit

                                                                                              • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                                                Filesize

                                                                                                24.1MB

                                                                                                MD5

                                                                                                94bdf804cfbba699a2013c159184cad2

                                                                                                SHA1

                                                                                                bd49db365386d87e29bea90e9841d2dc0846ca6e

                                                                                                SHA256

                                                                                                5ac2488b1c199566a103427f8ffd62c1836685a8468005a85f60c1658d97c7f2

                                                                                                SHA512

                                                                                                0afa86dd3a48ba04492d0fa36abae619dce27a4364bbf8ada4b61833651f2a109e6e39533c66eddf5ff9fe286bf590f0be8fffaba613dbadbbb572aa5d8a9e7c

                                                                                                Download Submit

                                                                                              • \??\Volume{612d9cf5-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{8c104ce5-2301-4428-9bc7-fd0c1aaeacff}_OnDiskSnapshotProp
                                                                                                Filesize

                                                                                                6KB

                                                                                                MD5

                                                                                                f8c15c5f782bdeee53c60a40a7de2371

                                                                                                SHA1

                                                                                                4799d5378a86c7c7cd4262b4060c3958d1eec1b7

                                                                                                SHA256

                                                                                                44c5fe8192422cd4990ca978450cf19c0490a066dedd33c33ebcf801fc9aa51b

                                                                                                SHA512

                                                                                                32ea1a3d6ac4a29deada469534531e0130f60e824559300c81246d52fc95e2cf3e0e9e2fa5e884e81d2c06c17edc5a63ed77447a2fdf4a07eeb8deea13fe1864

                                                                                                Download Submit

                                                                                              • memory/1108-278-0x000002325EDA0000-0x000002325EDBC000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/1108-274-0x000002325E400000-0x000002325E442000-memory.dmp

                                                                                                Filesize

                                                                                                264KB

                                                                                                Download

                                                                                              • memory/1108-277-0x0000023277570000-0x0000023277620000-memory.dmp

                                                                                                Filesize

                                                                                                704KB

                                                                                                Download

                                                                                              • memory/1328-79-0x0000000004D80000-0x0000000004DA2000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                                Download

                                                                                              • memory/1328-76-0x0000000004EB0000-0x0000000004F62000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/1328-80-0x0000000004F70000-0x00000000052C4000-memory.dmp

                                                                                                Filesize

                                                                                                3.3MB

                                                                                                Download

                                                                                              • memory/1388-1797-0x0000016C1EEA0000-0x0000016C1EEB2000-memory.dmp

                                                                                                Filesize

                                                                                                72KB

                                                                                                Download

                                                                                              • memory/1388-1800-0x0000016C1F720000-0x0000016C1F76A000-memory.dmp

                                                                                                Filesize

                                                                                                296KB

                                                                                                Download

                                                                                              • memory/1388-1803-0x0000016C1F6F0000-0x0000016C1F70C000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/1388-1823-0x0000016C38230000-0x0000016C382E2000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/1388-1825-0x0000016C383D0000-0x0000016C384AC000-memory.dmp

                                                                                                Filesize

                                                                                                880KB

                                                                                                Download

                                                                                              • memory/1712-1824-0x000002BD4C230000-0x000002BD4C2E0000-memory.dmp

                                                                                                Filesize

                                                                                                704KB

                                                                                                Download

                                                                                              • memory/1712-1792-0x000002BD4BFD0000-0x000002BD4C01A000-memory.dmp

                                                                                                Filesize

                                                                                                296KB

                                                                                                Download

                                                                                              • memory/1712-1787-0x000002BD32F60000-0x000002BD32F6C000-memory.dmp

                                                                                                Filesize

                                                                                                48KB

                                                                                                Download

                                                                                              • memory/1712-1802-0x000002BD4BFA0000-0x000002BD4BFBC000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/1712-2027-0x000002BD4C1E0000-0x000002BD4C215000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/2044-1827-0x00000253CA780000-0x00000253CA832000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/2044-1835-0x00000253CB140000-0x00000253CB188000-memory.dmp

                                                                                                Filesize

                                                                                                288KB

                                                                                                Download

                                                                                              • memory/2044-1804-0x00000253B1530000-0x00000253B156A000-memory.dmp

                                                                                                Filesize

                                                                                                232KB

                                                                                                Download

                                                                                              • memory/2044-1829-0x00000253B1E30000-0x00000253B1E4C000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/2284-201-0x0000024046B20000-0x0000024046BD2000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/2284-205-0x0000024046A90000-0x0000024046AB2000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                                Download

                                                                                              • memory/2284-243-0x00000240470B0000-0x00000240470E8000-memory.dmp

                                                                                                Filesize

                                                                                                224KB

                                                                                                Download

                                                                                              • memory/2284-321-0x0000024046AC0000-0x0000024046AF5000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/2284-4043-0x000001E170790000-0x000001E1707C5000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/2512-502-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/2512-505-0x0000000003DB0000-0x0000000003F77000-memory.dmp

                                                                                                Filesize

                                                                                                1.8MB

                                                                                                Download

                                                                                              • memory/2512-537-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/2512-929-0x0000000003DF0000-0x0000000003FB7000-memory.dmp

                                                                                                Filesize

                                                                                                1.8MB

                                                                                                Download

                                                                                              • memory/2512-1068-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/2512-1105-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/2664-301-0x000002E120D20000-0x000002E120DD2000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/2664-300-0x000002E1202D0000-0x000002E1202E6000-memory.dmp

                                                                                                Filesize

                                                                                                88KB

                                                                                                Download

                                                                                              • memory/2664-302-0x000002E120C40000-0x000002E120C5C000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/2836-160-0x00000166E9A10000-0x00000166E9AA8000-memory.dmp

                                                                                                Filesize

                                                                                                608KB

                                                                                                Download

                                                                                              • memory/2836-148-0x00000166CF390000-0x00000166CF3B8000-memory.dmp

                                                                                                Filesize

                                                                                                160KB

                                                                                                Download

                                                                                              • memory/2836-164-0x00000166D0F40000-0x00000166D0F52000-memory.dmp

                                                                                                Filesize

                                                                                                72KB

                                                                                                Download

                                                                                              • memory/2836-165-0x00000166E9900000-0x00000166E993C000-memory.dmp

                                                                                                Filesize

                                                                                                240KB

                                                                                                Download

                                                                                              • memory/2936-1401-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/2936-1407-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/2936-2145-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/2936-2378-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/2936-2379-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/3124-110-0x0000000002E90000-0x0000000002EF6000-memory.dmp

                                                                                                Filesize

                                                                                                408KB

                                                                                                Download

                                                                                              • memory/3224-1752-0x00000215AA320000-0x00000215AA33A000-memory.dmp

                                                                                                Filesize

                                                                                                104KB

                                                                                                Download

                                                                                              • memory/3224-1820-0x00000215C31B0000-0x00000215C36D8000-memory.dmp

                                                                                                Filesize

                                                                                                5.2MB

                                                                                                Download

                                                                                              • memory/3224-1952-0x00000215AA340000-0x00000215AA375000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/3224-1780-0x00000215C2BC0000-0x00000215C2C72000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/3224-1736-0x00000215A99C0000-0x00000215A99CA000-memory.dmp

                                                                                                Filesize

                                                                                                40KB

                                                                                                Download

                                                                                              • memory/3240-487-0x00000209CD220000-0x00000209CD255000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/3320-39-0x00000000031E0000-0x000000000320E000-memory.dmp

                                                                                                Filesize

                                                                                                184KB

                                                                                                Download

                                                                                              • memory/3320-43-0x0000000003220000-0x000000000322C000-memory.dmp

                                                                                                Filesize

                                                                                                48KB

                                                                                                Download

                                                                                              • memory/4016-2911-0x000001BCD34C0000-0x000001BCD34F5000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/4780-1834-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/4780-2109-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/4780-2108-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/4780-1159-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/4780-1158-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/4780-1833-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/4780-2823-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/4780-2824-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/4888-371-0x0000021C1BB70000-0x0000021C1BB78000-memory.dmp

                                                                                                Filesize

                                                                                                32KB

                                                                                                Download

                                                                                              • memory/4888-361-0x0000021C1B5E0000-0x0000021C1B62A000-memory.dmp

                                                                                                Filesize

                                                                                                296KB

                                                                                                Download

                                                                                              • memory/4888-369-0x0000021C1B640000-0x0000021C1B648000-memory.dmp

                                                                                                Filesize

                                                                                                32KB

                                                                                                Download

                                                                                              • memory/4888-370-0x0000021C1BB60000-0x0000021C1BB68000-memory.dmp

                                                                                                Filesize

                                                                                                32KB

                                                                                                Download

                                                                                              • memory/4888-360-0x0000021C1B140000-0x0000021C1B1A8000-memory.dmp

                                                                                                Filesize

                                                                                                416KB

                                                                                                Download

                                                                                              • memory/4888-367-0x0000021C346B0000-0x0000021C3478C000-memory.dmp

                                                                                                Filesize

                                                                                                880KB

                                                                                                Download

                                                                                              • memory/4888-365-0x0000021C1B590000-0x0000021C1B598000-memory.dmp

                                                                                                Filesize

                                                                                                32KB

                                                                                                Download

                                                                                              • memory/4888-368-0x0000021C34790000-0x0000021C34842000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/4888-362-0x0000021C1B560000-0x0000021C1B57C000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/4888-372-0x0000021C345D0000-0x0000021C34638000-memory.dmp

                                                                                                Filesize

                                                                                                416KB

                                                                                                Download

                                                                                              • memory/4888-373-0x0000021C34510000-0x0000021C3453A000-memory.dmp

                                                                                                Filesize

                                                                                                168KB

                                                                                                Download

                                                                                              • memory/4888-366-0x0000021C1B5A0000-0x0000021C1B5AA000-memory.dmp

                                                                                                Filesize

                                                                                                40KB

                                                                                                Download

                                                                                              • memory/4888-374-0x0000021C34640000-0x0000021C3467A000-memory.dmp

                                                                                                Filesize

                                                                                                232KB

                                                                                                Download

                                                                                              • memory/4888-375-0x0000021C1BD10000-0x0000021C1BD36000-memory.dmp

                                                                                                Filesize

                                                                                                152KB

                                                                                                Download

                                                                                              • memory/4888-424-0x0000021C34580000-0x0000021C345B5000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/4888-364-0x0000021C1BB10000-0x0000021C1BB58000-memory.dmp

                                                                                                Filesize

                                                                                                288KB

                                                                                                Download

                                                                                              • memory/4888-363-0x0000021C1BAC0000-0x0000021C1BB0C000-memory.dmp

                                                                                                Filesize

                                                                                                304KB

                                                                                                Download

                                                                                              • memory/4976-1371-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/4976-2826-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/4976-2825-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/4976-1372-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/4976-3368-0x0000000073090000-0x00000000731AC000-memory.dmp

                                                                                                Filesize

                                                                                                1.1MB

                                                                                                Download

                                                                                              • memory/4976-3369-0x0000000072CC0000-0x000000007308D000-memory.dmp

                                                                                                Filesize

                                                                                                3.8MB

                                                                                                Download

                                                                                              • memory/5032-1198-0x00000199B3580000-0x00000199B3592000-memory.dmp

                                                                                                Filesize

                                                                                                72KB

                                                                                                Download

                                                                                              • memory/5032-1200-0x00000199B3DD0000-0x00000199B3DEC000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/5032-1206-0x00000199CC6B0000-0x00000199CC762000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/5032-1685-0x00000199CC650000-0x00000199CC6A4000-memory.dmp

                                                                                                Filesize

                                                                                                336KB

                                                                                                Download

                                                                                              • memory/5208-1795-0x0000021FDD850000-0x0000021FDD902000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/5208-1786-0x0000021FC4670000-0x0000021FC467C000-memory.dmp

                                                                                                Filesize

                                                                                                48KB

                                                                                                Download

                                                                                              • memory/5208-1790-0x0000021FC4CB0000-0x0000021FC4CC8000-memory.dmp

                                                                                                Filesize

                                                                                                96KB

                                                                                                Download

                                                                                              • memory/5208-1801-0x0000021FC4CD0000-0x0000021FC4CF0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5216-1798-0x000001AA67D20000-0x000001AA67D86000-memory.dmp

                                                                                                Filesize

                                                                                                408KB

                                                                                                Download

                                                                                              • memory/5216-1789-0x000001AA7FE20000-0x000001AA7FED2000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/5216-1782-0x000001AA67C90000-0x000001AA67CB0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5216-1807-0x000001AA67CB0000-0x000001AA67CC4000-memory.dmp

                                                                                                Filesize

                                                                                                80KB

                                                                                                Download

                                                                                              • memory/5216-1781-0x000001AA67320000-0x000001AA67330000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                                Download

                                                                                              • memory/5320-1836-0x00000125C5AC0000-0x00000125C5B72000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/5320-1812-0x00000125ACC10000-0x00000125ACC2C000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/5320-4262-0x00000125C5A70000-0x00000125C5AA5000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/5320-1818-0x00000125C5840000-0x00000125C588A000-memory.dmp

                                                                                                Filesize

                                                                                                296KB

                                                                                                Download

                                                                                              • memory/5320-1815-0x00000125ACF30000-0x00000125ACF48000-memory.dmp

                                                                                                Filesize

                                                                                                96KB

                                                                                                Download

                                                                                              • memory/5320-1817-0x00000125ACF10000-0x00000125ACF1A000-memory.dmp

                                                                                                Filesize

                                                                                                40KB

                                                                                                Download

                                                                                              • memory/5320-1808-0x00000125AD0A0000-0x00000125AD0EA000-memory.dmp

                                                                                                Filesize

                                                                                                296KB

                                                                                                Download

                                                                                              • memory/5320-1837-0x00000125C5C60000-0x00000125C5D3C000-memory.dmp

                                                                                                Filesize

                                                                                                880KB

                                                                                                Download

                                                                                              • memory/5320-1799-0x00000125AC680000-0x00000125AC6B4000-memory.dmp

                                                                                                Filesize

                                                                                                208KB

                                                                                                Download

                                                                                              • memory/5396-3974-0x000001970CD60000-0x000001970CD95000-memory.dmp

                                                                                                Filesize

                                                                                                212KB

                                                                                                Download

                                                                                              • memory/5500-1809-0x0000026698F20000-0x0000026698F30000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                                Download

                                                                                              • memory/5500-1811-0x0000026699300000-0x000002669931C000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/5500-1821-0x00000266B2240000-0x00000266B231C000-memory.dmp

                                                                                                Filesize

                                                                                                880KB

                                                                                                Download

                                                                                              • memory/5500-1828-0x00000266B2320000-0x00000266B23D2000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/5500-1810-0x00000266B2000000-0x00000266B204A000-memory.dmp

                                                                                                Filesize

                                                                                                296KB

                                                                                                Download

                                                                                              • memory/5500-1840-0x00000266997B0000-0x00000266997B8000-memory.dmp

                                                                                                Filesize

                                                                                                32KB

                                                                                                Download

                                                                                              • memory/5744-1813-0x0000018001950000-0x0000018001962000-memory.dmp

                                                                                                Filesize

                                                                                                72KB

                                                                                                Download

                                                                                              • memory/5744-1819-0x0000018002300000-0x0000018002320000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5744-1816-0x000001801AB20000-0x000001801ABD2000-memory.dmp

                                                                                                Filesize

                                                                                                712KB

                                                                                                Download

                                                                                              • memory/5744-1814-0x0000018001DF0000-0x0000018001E00000-memory.dmp

                                                                                                Filesize

                                                                                                64KB

                                                                                                Download

                                                                                              • memory/5744-1826-0x000001801BC50000-0x000001801C2AC000-memory.dmp

                                                                                                Filesize

                                                                                                6.4MB

                                                                                                Download