Overview

overview

10

Static

static

10

SEFAZ-Sync.msi

windows7-x64

10

SEFAZ-Sync.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2025, 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SEFAZ-Sync.msi

  • Size

    2.9MB

  • MD5

    eaf2eab89c1b5f8eccf2e62a5a4fb002

  • SHA1

    24e2a1958e34f8db3378c8210ef5f0e5166a1537

  • SHA256

    819ad25e1dfd53f40ca7d7d176c2a1abf14b16fd5325936c1390ab3001e26af9

  • SHA512

    25e7a8b39e585867d71b8edc472b4240e051a5ef5e2c23ddcddc20dc556a8381adc783884c7e2183c778ca445379654bc59a0cf16e4029c2b4b479243d34494a

  • SSDEEP

    49152:P+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:P+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 21 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SEFAZ-Sync.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:772
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:556
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 49C762059ED14CD7F38765C5A6BC5031
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2312
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIDC08.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240639281 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2916
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIDFE1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240640000 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4480
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIE5AF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240641484 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4636
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF321.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240644953 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:5092
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding B90FAEE5DB01830EAFB49C5FC70E32FE E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3000
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3484
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:4896
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2820
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Q2oReIAJ" /AgentId="8626e187-bd82-4ef5-bb93-fc2600b12524"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:4196
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 55AC104B59EC172BC16F8B274AF9B31B E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:3156
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7CEE0955-8F58-4BD8-956D-C8654B2868EE}
          3⤵
          • Executes dropped EXE
          PID:1648
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B8A3A81-0A39-4B8C-8311-6579B492D5EC}
          3⤵
          • Executes dropped EXE
          PID:4644
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9653FBE4-575B-4461-92E5-FEE528DFCC39}
          3⤵
          • Executes dropped EXE
          PID:4636
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{59FF6F87-D814-42E1-919D-1DC897BC6C5E}
          3⤵
          • Executes dropped EXE
          PID:4788
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13B53FCB-0D59-452E-BA97-4524D4C859B2}
          3⤵
          • Executes dropped EXE
          PID:4804
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F9BC5682-A054-4C4F-8AD6-0BA4B523292A}
          3⤵
          • Executes dropped EXE
          PID:2908
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA6AC2A9-18E2-4DFD-B1F6-F21997CD406D}
          3⤵
          • Executes dropped EXE
          PID:4856
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4682ECDF-A8DA-4576-A53C-740C66342A59}
          3⤵
          • Executes dropped EXE
          PID:4744
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{329A58E5-06DD-4631-BA32-33614AE4D7EF}
          3⤵
          • Executes dropped EXE
          PID:4564
        • C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe
          C:\Windows\TEMP\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_is30FE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BCBF7546-09FD-4848-9BC3-857B48E55AFD}
          3⤵
          • Executes dropped EXE
          PID:4016
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3352
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3120
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4424
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2820
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4832
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3052
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:5072
          • C:\Windows\System32\Conhost.exe
            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            4⤵
              PID:4788
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRFeature.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:4412
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:1488
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRFeatMini.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:4536
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:980
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRManager.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:4260
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:3784
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAgent.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:3976
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2208
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:1616
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:4636
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAudioChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:5012
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:4916
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRVirtualDisplay.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:1304
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D13E4F-9839-4C45-8699-9195FB07369F}
            3⤵
            • Executes dropped EXE
            PID:4564
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68D6F4DD-A744-41CF-B0F1-23557F7970D9}
            3⤵
            • Executes dropped EXE
            PID:4124
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{04DE2090-6F2E-40E0-AF22-7400BA5BBBD3}
            3⤵
            • Executes dropped EXE
            PID:2184
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9E60D6AE-30CB-4A24-8133-9F06C3CA7765}
            3⤵
            • Executes dropped EXE
            PID:3976
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37B073B8-0B3D-459B-8D50-863BFC9A3DBC}
            3⤵
            • Executes dropped EXE
            PID:1648
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4AF66326-E999-49E1-AD7F-CDEB919447DE}
            3⤵
            • Executes dropped EXE
            PID:3492
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7EFBA812-4DA3-414D-8870-6F5F276152EC}
            3⤵
            • Executes dropped EXE
            PID:2616
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F267DE17-B040-47C4-AE6C-623FC12C0A36}
            3⤵
            • Executes dropped EXE
            PID:1844
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{06B92789-3BFB-4710-AAB7-5ECECA5892BC}
            3⤵
            • Executes dropped EXE
            PID:2908
          • C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
            C:\Windows\TEMP\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F3405EA1-E39B-41DA-B5C1-2DB82CC5FE8B}
            3⤵
            • Executes dropped EXE
            PID:3848
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{09E3E623-D8E2-4A7C-BEA3-931BE46899FB}
            3⤵
            • Executes dropped EXE
            PID:3976
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{962B0741-45CE-466F-867C-049019306D6A}
            3⤵
            • Executes dropped EXE
            PID:1044
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9D2D46B8-C262-416D-B267-54F7218AF0F1}
            3⤵
            • Executes dropped EXE
            PID:3492
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D2299CE-E643-4593-9052-52D2401C29D0}
            3⤵
            • Executes dropped EXE
            PID:1648
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{18B6B138-11C3-4545-9902-DFE68C016D4E}
            3⤵
            • Executes dropped EXE
            PID:4428
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{085EA711-360B-4087-A406-12708E462CF0}
            3⤵
            • Executes dropped EXE
            PID:5040
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EC83A1AA-93A1-4942-AF5B-C85145225D52}
            3⤵
            • Executes dropped EXE
            PID:2276
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6CD4396A-F68A-4904-8416-0953E0C2A020}
            3⤵
            • Executes dropped EXE
            PID:4016
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AC0111D7-7F84-48F6-AEA4-199D321CDACE}
            3⤵
            • Executes dropped EXE
            PID:4848
          • C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe
            C:\Windows\TEMP\{60350D37-A207-4757-8B3F-8C158D0A6FDC}\_is530F.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E9A7495D-3BA3-44ED-B033-CB2EB942300C}
            3⤵
            • Executes dropped EXE
            PID:4732
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3492
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3688
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            PID:3120
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:5064
              • C:\Windows\system32\cmd.exe
                "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
                4⤵
                  PID:1428
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:1724
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1D1150EB-BDC1-4571-BF71-DAF023F331BC}
                3⤵
                • Executes dropped EXE
                PID:3252
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D1DCE2-7606-4258-BCD5-F936D6330B0E}
                3⤵
                • Executes dropped EXE
                PID:2028
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5A7C23C0-993F-405A-8922-A5DD11C36089}
                3⤵
                • Executes dropped EXE
                PID:4220
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A1B383CA-5F34-4D44-9627-E03F45016029}
                3⤵
                • Executes dropped EXE
                PID:4628
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3F34662A-7E0F-49B9-B78E-9983254EE8D1}
                3⤵
                • Executes dropped EXE
                PID:432
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{57723B4F-B5EF-4DC9-BB3B-841F6D00A542}
                3⤵
                • Executes dropped EXE
                PID:4412
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B25538B7-25A9-499B-8385-ADD2ACCA3202}
                3⤵
                • Executes dropped EXE
                PID:2700
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{72278E26-5D70-49BF-BC6C-4B3BC79F7D91}
                3⤵
                • Executes dropped EXE
                PID:3976
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EB6D7084-787D-4ACB-909A-5391BFF69754}
                3⤵
                • Executes dropped EXE
                PID:4496
              • C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe
                C:\Windows\TEMP\{B0D32DF3-8120-48E0-9928-6DB48771A851}\_is6ADE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5706D0C5-0E15-4D2C-83CC-233DC6F5184A}
                3⤵
                • Executes dropped EXE
                PID:4804
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
                3⤵
                • Executes dropped EXE
                • Modifies registry class
                PID:4428
                • C:\Windows\System32\Conhost.exe
                  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  4⤵
                    PID:1428
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A949C35-6DCF-492C-B048-12D716962409}
                  3⤵
                  • Executes dropped EXE
                  PID:372
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C5651EDB-EC0F-4B32-8403-1D8A8A434354}
                  3⤵
                  • Executes dropped EXE
                  PID:2960
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7CBE33F8-3E79-48DB-A910-200CD8A133FE}
                  3⤵
                  • Executes dropped EXE
                  PID:412
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{70224A31-76CD-45A5-A2DB-3F8D76981586}
                  3⤵
                  • Executes dropped EXE
                  PID:3628
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D8338B91-08E0-4756-A1DF-A3A847787DBA}
                  3⤵
                  • Executes dropped EXE
                  PID:3220
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D52125F2-BEDE-4BCC-B3E7-F086D8AD9EC5}
                  3⤵
                  • Executes dropped EXE
                  PID:3124
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{47893A99-906D-49E4-AF59-6F3DE83F0E6E}
                  3⤵
                  • Executes dropped EXE
                  PID:4628
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0C9EB758-CD6A-439C-8A7F-1D7C919065CB}
                  3⤵
                  • Executes dropped EXE
                  PID:2068
                • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                  C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{78BF8896-100A-4CBC-AE8B-DF2BF2DAD0DD}
                  3⤵
                    PID:2568
                  • C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe
                    C:\Windows\TEMP\{E66B7064-28C2-4005-B55B-41870A502CFE}\_is70FA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0FB83EB5-3B6D-499B-904C-DD93EE08C94C}
                    3⤵
                      PID:2588
                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:4016
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 4DDFC256F60D86ACEF21C95CA7CA19E1 E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:5996
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSIA640.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240691078 464 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                      3⤵
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:5816
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSIA91F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240691484 468 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                      3⤵
                      • Blocklisted process makes network request
                      • Drops file in Windows directory
                      • Modifies data under HKEY_USERS
                      PID:5776
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSIB3A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240694171 473 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                      3⤵
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:5448
                    • C:\Windows\SysWOW64\NET.exe
                      "NET" STOP AteraAgent
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:5176
                      • C:\Windows\SysWOW64\net1.exe
                        C:\Windows\system32\net1 STOP AteraAgent
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:1168
                    • C:\Windows\SysWOW64\TaskKill.exe
                      "TaskKill.exe" /f /im AteraAgent.exe
                      3⤵
                      • System Location Discovery: System Language Discovery
                      • Kills process with taskkill
                      PID:3352
                    • C:\Windows\syswow64\NET.exe
                      "NET" STOP AteraAgent
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:696
                      • C:\Windows\SysWOW64\net1.exe
                        C:\Windows\system32\net1 STOP AteraAgent
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:1932
                    • C:\Windows\syswow64\TaskKill.exe
                      "TaskKill.exe" /f /im AteraAgent.exe
                      3⤵
                      • System Location Discovery: System Language Discovery
                      • Kills process with taskkill
                      PID:5332
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSID654.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240703031 511 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                      3⤵
                      • Blocklisted process makes network request
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:848
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                    2⤵
                    • Drops file in System32 directory
                    PID:5880
                  • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="324ce4b3-ccc6-4217-b45e-3dee4b3de8b7"
                    2⤵
                    • Drops file in System32 directory
                    • Modifies data under HKEY_USERS
                    PID:4828
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 9DBE063738CBA385D9CC728C1CDA8BD9 E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:5880
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding 1669664D7CD949FA4F614CD861804291 E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:216
                  • C:\Windows\syswow64\MsiExec.exe
                    C:\Windows\syswow64\MsiExec.exe -Embedding BC66D19ED4D98D0D67FC183A3233EC5E E Global\MSI0000
                    2⤵
                    • System Location Discovery: System Language Discovery
                    PID:1156
                • C:\Windows\system32\vssvc.exe
                  C:\Windows\system32\vssvc.exe
                  1⤵
                  • Checks SCSI registry key(s)
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2220
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                  1⤵
                  • Drops file in System32 directory
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Modifies system certificate store
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:2288
                  • C:\Windows\System32\sc.exe
                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                    2⤵
                    • Launches sc.exe
                    PID:3548
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "b02478dd-e3a9-4577-bc33-046c25a7ff4e" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q2oReIAJ
                    2⤵
                    • Drops file in System32 directory
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4768
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "fbf3030c-f1cb-4600-b88a-258b6cc1a395" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q2oReIAJ
                    2⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5116
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "f82fd40d-c228-4115-a3e8-bd6fd7af1c71" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Q2oReIAJ
                    2⤵
                    • Executes dropped EXE
                    PID:3460
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "9fd9c31c-e60d-42d0-9ab5-3823459cb215" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Q2oReIAJ
                    2⤵
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:1488
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                      3⤵
                      • Drops file in System32 directory
                      • Command and Scripting Interpreter: PowerShell
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3428
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                      • Suspicious use of WriteProcessMemory
                      PID:1044
                      • C:\Windows\system32\cscript.exe
                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        4⤵
                        • Modifies data under HKEY_USERS
                        PID:3472
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "250f114c-fb34-4f35-a74b-e1261c9e6844" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Q2oReIAJ
                    2⤵
                    • Downloads MZ/PE file
                    • Drops file in System32 directory
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:2952
                    • C:\Windows\TEMP\SplashtopStreamer.exe
                      "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:4552
                      • C:\Windows\Temp\unpack\PreVerCheck.exe
                        "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                        4⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of WriteProcessMemory
                        PID:32
                        • C:\Windows\SysWOW64\msiexec.exe
                          msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:3980
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "d6999b85-ad29-4ca8-9aa8-b8643cb137e0" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Q2oReIAJ
                    2⤵
                    • Drops file in System32 directory
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Modifies data under HKEY_USERS
                    PID:4876
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                  1⤵
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Suspicious use of WriteProcessMemory
                  PID:1184
                  • C:\Windows\System32\sc.exe
                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                    2⤵
                    • Launches sc.exe
                    PID:4848
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "3347abfe-1553-4fc3-b84c-102ac32dedfe" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Q2oReIAJ
                    2⤵
                    • Modifies data under HKEY_USERS
                    PID:1720
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                      3⤵
                      • Command and Scripting Interpreter: PowerShell
                      PID:1348
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                        PID:2200
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          PID:4832
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "e71a7118-d1cb-4bbb-a539-be737461ff73" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Q2oReIAJ
                      2⤵
                        PID:4848
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=a3f1faf0b83d7d8fc678f5e1d32386f4&rmm_session_pwd_ttl=86400"
                          3⤵
                          • System Location Discovery: System Language Discovery
                          PID:1208
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "0d4cf39f-15e4-4f61-9c21-a81832a590d5" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Q2oReIAJ
                        2⤵
                        • Modifies registry class
                        PID:2888
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "3473af50-ec4c-48fd-a6f9-074e42791646" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Q2oReIAJ
                        2⤵
                          PID:2536
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "fcfd9d3c-977e-4f48-afb1-06030095d342" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Q2oReIAJ
                          2⤵
                          • Drops file in System32 directory
                          PID:5932
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "abc47a66-9a33-4087-86d0-e295ceb1be9c" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Q2oReIAJ
                          2⤵
                          • Downloads MZ/PE file
                          PID:5652
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:2664
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:5144
                          • C:\Program Files\dotnet\dotnet.exe
                            "C:\Program Files\dotnet\dotnet" --list-runtimes
                            3⤵
                            • System Time Discovery
                            PID:4020
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:4036
                            • C:\Windows\Temp\{B7E09D58-A7E2-47D2-A245-E5293EA8067F}\.cr\8-0-11.exe
                              "C:\Windows\Temp\{B7E09D58-A7E2-47D2-A245-E5293EA8067F}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=624 -burn.filehandle.self=700 /repair /quiet /norestart
                              4⤵
                              • System Location Discovery: System Language Discovery
                              • System Time Discovery
                              PID:5196
                              • C:\Windows\Temp\{9148C88E-B07E-4235-B7D5-B17DB5BC4091}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                "C:\Windows\Temp\{9148C88E-B07E-4235-B7D5-B17DB5BC4091}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{DF0696C0-C550-4CF0-AB06-FA1A8AE6F966} {366C1933-9CF4-4591-898F-AE22369B4B67} 5196
                                5⤵
                                • Adds Run key to start application
                                • System Location Discovery: System Language Discovery
                                • System Time Discovery
                                • Modifies registry class
                                PID:5432
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:3240
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:3120
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:1752
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:5212
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "704c0f9c-bb08-4930-821b-afd2eed6f8cd" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Q2oReIAJ
                          2⤵
                          • Writes to the Master Boot Record (MBR)
                          PID:5228
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "769159e0-9d9d-453e-9ba7-a9518342e6d1" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q2oReIAJ
                          2⤵
                          • Drops file in System32 directory
                          PID:5428
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "54357c80-c7e5-41fb-a30d-1b56ec02b856" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Q2oReIAJ
                          2⤵
                          • Drops file in System32 directory
                          PID:5480
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "9b55f4fd-eb3d-4735-b321-3541af4e505e" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Q2oReIAJ
                          2⤵
                            PID:5796
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "75f07386-eb93-4ba1-8d83-6733dc7bfdd1" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Q2oReIAJ
                            2⤵
                            • Drops file in System32 directory
                            PID:5876
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "6bf49129-a1b3-4f19-9eda-e66c427f6fd9" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Q2oReIAJ
                            2⤵
                            • Drops file in Program Files directory
                            PID:5888
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "06c522ff-c2e8-4c84-ac2a-8354ce0f66c3" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Q2oReIAJ
                            2⤵
                              PID:5992
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "db433d1f-8429-4e37-bfcc-01b046d41401" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Q2oReIAJ
                              2⤵
                              • Drops file in System32 directory
                              PID:6004
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "2781cf2b-ab6c-443f-b633-95a4b6c7e572" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Q2oReIAJ
                              2⤵
                              • Drops file in Program Files directory
                              PID:6084
                              • C:\Windows\SYSTEM32\msiexec.exe
                                "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                                3⤵
                                • Modifies data under HKEY_USERS
                                PID:5516
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                            1⤵
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2600
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                              2⤵
                              • Drops file in System32 directory
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Modifies data under HKEY_USERS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:884
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                -h
                                3⤵
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SetWindowsHookEx
                                PID:1428
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                3⤵
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4340
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                  4⤵
                                    PID:4708
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4528
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:1304
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                    SRUtility.exe -r
                                    4⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3492
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5668
                                  • C:\Windows\System32\cmd.exe
                                    "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                    4⤵
                                      PID:5168
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c ver
                                        5⤵
                                          PID:4720
                                        • C:\Windows\system32\sc.exe
                                          sc query ddmgr
                                          5⤵
                                          • Launches sc.exe
                                          PID:1100
                                        • C:\Windows\system32\sc.exe
                                          sc query lci_proxykmd
                                          5⤵
                                          • Launches sc.exe
                                          PID:4216
                                        • C:\Windows\system32\rundll32.exe
                                          rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                          5⤵
                                          • Drops file in System32 directory
                                          • Checks SCSI registry key(s)
                                          • Modifies data under HKEY_USERS
                                          PID:4708
                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                  1⤵
                                  • Drops file in Program Files directory
                                  • Modifies data under HKEY_USERS
                                  PID:5640
                                  • C:\Windows\System32\sc.exe
                                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                    2⤵
                                    • Launches sc.exe
                                    PID:2200
                                    • C:\Windows\System32\Conhost.exe
                                      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      3⤵
                                        PID:5880
                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "c32fa614-da6b-45a8-9c03-ef28a8d66ffd" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Q2oReIAJ
                                      2⤵
                                        PID:4992
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "5db71a49-23b0-4190-9917-8adfaf4c4612" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Q2oReIAJ
                                        2⤵
                                          PID:5452
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "320d3bcf-9582-423f-bead-f761a7f80fc2" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Q2oReIAJ
                                          2⤵
                                            PID:1684
                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                              3⤵
                                              • Drops file in System32 directory
                                              • Command and Scripting Interpreter: PowerShell
                                              • Modifies data under HKEY_USERS
                                              PID:5472
                                            • C:\Windows\System32\cmd.exe
                                              "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                              3⤵
                                                PID:2936
                                                • C:\Windows\system32\cscript.exe
                                                  cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                  4⤵
                                                  • Modifies data under HKEY_USERS
                                                  PID:4556
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "9547b3b3-e5cd-4bb4-ac87-a5563828da77" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Q2oReIAJ
                                              2⤵
                                                PID:1140
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "ac125652-c88b-4d09-b23b-9aa51d5a353f" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q2oReIAJ
                                                2⤵
                                                  PID:5196
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "b4d01b57-6744-49c9-8b0e-4a42082e0fda" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Q2oReIAJ
                                                  2⤵
                                                    PID:5576
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "61f69b85-20b3-413c-a15e-777aad489546" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Q2oReIAJ
                                                    2⤵
                                                      PID:5764
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "a74f0ab2-dd24-4aaf-bafe-54411d903c3e" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Q2oReIAJ
                                                      2⤵
                                                      • Drops file in Program Files directory
                                                      PID:5716
                                                      • C:\Windows\SYSTEM32\cmd.exe
                                                        "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                        3⤵
                                                        • System Time Discovery
                                                        PID:5952
                                                        • C:\Program Files\dotnet\dotnet.exe
                                                          dotnet --list-runtimes
                                                          4⤵
                                                          • System Time Discovery
                                                          PID:1392
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "89d50bb9-759b-4dca-8f99-4f12a0b726aa" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Q2oReIAJ
                                                      2⤵
                                                        PID:3688
                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=a3f1faf0b83d7d8fc678f5e1d32386f4&rmm_session_pwd_ttl=86400"
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:432
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "41d2c7a2-be15-460f-abe1-8aa4a8a3ff76" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Q2oReIAJ
                                                        2⤵
                                                          PID:5284
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "947663eb-0068-4c02-97f1-a7dfd3f9e4ba" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Q2oReIAJ
                                                          2⤵
                                                            PID:4124
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "3da5500b-62f8-447f-b4ec-83d232fe265f" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Q2oReIAJ
                                                            2⤵
                                                            • Writes to the Master Boot Record (MBR)
                                                            PID:5944
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "e84d8afd-c6e3-4720-8150-c17c93c120da" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Q2oReIAJ
                                                            2⤵
                                                              PID:1620
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "83162a2a-6a2c-4d60-bee5-d84c45096062" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Q2oReIAJ
                                                              2⤵
                                                              • Modifies registry class
                                                              PID:5860
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 8626e187-bd82-4ef5-bb93-fc2600b12524 "a0238d8b-3b44-4082-9320-9053caeccb36" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Q2oReIAJ
                                                              2⤵
                                                                PID:4384
                                                                • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                  "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "8626e187-bd82-4ef5-bb93-fc2600b12524" "a0238d8b-3b44-4082-9320-9053caeccb36" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000Q2oReIAJ"
                                                                  3⤵
                                                                    PID:3384
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                1⤵
                                                                • Checks SCSI registry key(s)
                                                                PID:2536
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                  2⤵
                                                                  • Drops file in System32 directory
                                                                  • Drops file in Windows directory
                                                                  • Checks SCSI registry key(s)
                                                                  • Modifies data under HKEY_USERS
                                                                  PID:1668
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "000000000000017C" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                  2⤵
                                                                  • Drops file in System32 directory
                                                                  • Drops file in Windows directory
                                                                  • Checks SCSI registry key(s)
                                                                  • Modifies data under HKEY_USERS
                                                                  PID:3688
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "000000000000017C"
                                                                  2⤵
                                                                  • Drops file in Drivers directory
                                                                  • Drops file in System32 directory
                                                                  • Drops file in Windows directory
                                                                  • Checks SCSI registry key(s)
                                                                  PID:4220
                                                                • C:\Windows\system32\DrvInst.exe
                                                                  DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                  2⤵
                                                                  • Drops file in Drivers directory
                                                                  • Drops file in Windows directory
                                                                  • Checks SCSI registry key(s)
                                                                  PID:548

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Reconnaissance

                                                              Resource Development

                                                              Initial Access

                                                              Execution

                                                              Command and Scripting Interpreter

                                                              1
                                                              T1059

                                                              PowerShell

                                                              1
                                                              T1059.001

                                                              Persistence

                                                              Boot or Logon Autostart Execution

                                                              1
                                                              T1547

                                                              Registry Run Keys / Startup Folder

                                                              1
                                                              T1547.001

                                                              Event Triggered Execution

                                                              2
                                                              T1546

                                                              Component Object Model Hijacking

                                                              1
                                                              T1546.015

                                                              Installer Packages

                                                              1
                                                              T1546.016

                                                              Pre-OS Boot

                                                              1
                                                              T1542

                                                              Bootkit

                                                              1
                                                              T1542.003

                                                              Privilege Escalation

                                                              Boot or Logon Autostart Execution

                                                              1
                                                              T1547

                                                              Registry Run Keys / Startup Folder

                                                              1
                                                              T1547.001

                                                              Event Triggered Execution

                                                              2
                                                              T1546

                                                              Component Object Model Hijacking

                                                              1
                                                              T1546.015

                                                              Installer Packages

                                                              1
                                                              T1546.016

                                                              Defense Evasion

                                                              Modify Registry

                                                              2
                                                              T1112

                                                              Pre-OS Boot

                                                              1
                                                              T1542

                                                              Bootkit

                                                              1
                                                              T1542.003

                                                              Subvert Trust Controls

                                                              1
                                                              T1553

                                                              Install Root Certificate

                                                              1
                                                              T1553.004

                                                              System Binary Proxy Execution

                                                              1
                                                              T1218

                                                              Msiexec

                                                              1
                                                              T1218.007

                                                              Credential Access

                                                              Discovery

                                                              Peripheral Device Discovery

                                                              2
                                                              T1120

                                                              Query Registry

                                                              4
                                                              T1012

                                                              System Information Discovery

                                                              3
                                                              T1082

                                                              System Location Discovery

                                                              1
                                                              T1614

                                                              System Language Discovery

                                                              1
                                                              T1614.001

                                                              System Time Discovery

                                                              1
                                                              T1124

                                                              Lateral Movement

                                                              Collection

                                                              Command and Control

                                                              Exfiltration

                                                              Impact

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Config.Msi\e57db4d.rbs
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                5fa56fe4d6ba5f03b6cf282bb9dd8d80

                                                                SHA1

                                                                ed9b4001ee566e9b8608d68cf03521bf129ac10a

                                                                SHA256

                                                                4b2083f3ab57f4fd4bfd8d625a24045caf7d341c4854fd166346bddffa5efbc4

                                                                SHA512

                                                                4beb02419fa8df287cddce37d83ba5ff46b848572f5391eb7fdaf7a28801c86bdd8fd99dd65b29d653f70cabdf137d73f413571d06c5eed33af4ca2d6116e6b7

                                                                Download Submit

                                                              • C:\Config.Msi\e57db52.rbs
                                                                Filesize

                                                                74KB

                                                                MD5

                                                                d45a5efc2e7216e93c9e7654322c1663

                                                                SHA1

                                                                54444b7ee538857c28c2980b14a8cec3666f1ae6

                                                                SHA256

                                                                2e4d422b8632fee2f5c34eac216e7df88d620fe3739c3d077eda075e0c291a11

                                                                SHA512

                                                                d92d1e6bc37a7604a323a3a8e4266a0b1ebbe4406a078e07853bbe22dca4e3c26dd081a0aa5869839b67f61535b4bd0adddcf0d28feed81d41a8379e38b9e156

                                                                Download Submit

                                                              • C:\Config.Msi\e57db54.rbs
                                                                Filesize

                                                                464B

                                                                MD5

                                                                ef6122b89949a09e55c8d9b3a77c12d3

                                                                SHA1

                                                                87bb46937941bb23e7a4c785d21153db0f1fcadd

                                                                SHA256

                                                                f39344e02de01ae3801e60a3048aba26c58cdce15621b7fb959518e6006f08f6

                                                                SHA512

                                                                5a4b11eec1913296ee0c292fd2d6fd15233e8175e489f8448d8212e08d3a77d5d735c57c909aeb9c14ce960ea77a1960b8150dcb1d3a8fb20457e76bc8bf2bf6

                                                                Download Submit

                                                              • C:\Config.Msi\e57db5a.rbs
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                728b6ddb9d386e53c8bfadce60a54658

                                                                SHA1

                                                                0f2f2db3b6998645e405bdb441d7574538a3f42d

                                                                SHA256

                                                                94032962acf53cb367930f7643f379ee431471476c65ce8a914b29c2b154b7f8

                                                                SHA512

                                                                ab9c846a36cdfde38fe5ad77391e4df597db8bd6efcb1fc6457685e1caa24b6528fdaff13e5177150c5884c800966bd11ef65f8476c8c11e9b917b8e58821b97

                                                                Download Submit

                                                              • C:\Config.Msi\e57db62.rbs
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                496c11c1914e35ffc3ca19e62eaefc7d

                                                                SHA1

                                                                4252a65824287bfb5ee2df8ef74ad15ca2b68e21

                                                                SHA256

                                                                57eb1301b998e8858cd5aea3886109fa89de5d59e5fc748bc3a787c769338d96

                                                                SHA512

                                                                da3151052ef70f06cd8164904cc1bb02a4958a3d496d16a5da520b1da7c3e47931d117a43f17d3d4d86c638e56320317dbb04c56babf79030274fada17d814ab

                                                                Download Submit

                                                              • C:\Config.Msi\e57db67.rbs
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                42171be9d40b0966c581edfe27221ccb

                                                                SHA1

                                                                74660172442e1d156b769ac3b96790b3d5a8c2ff

                                                                SHA256

                                                                38582ccaa71cb862ea084621e841510505b5c72c58c838f3556e627304273e7d

                                                                SHA512

                                                                9830503511782dd9e5982b0071494b7fbde7a29ccec17073bd62fdd7b606e3b90a19916315d7edeecc5baca11050ee3259a3a7bfe05a2c83ed97953694553adc

                                                                Download Submit

                                                              • C:\Config.Msi\e57db6c.rbs
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                5a194c3a165588dcde68683d19ee2597

                                                                SHA1

                                                                d8537611d42e976378c5b197708645567c9bd32c

                                                                SHA256

                                                                f059038295c903b73b3ebeb97eb6522b0a800e67cc805392b7ffc54bd4068bf9

                                                                SHA512

                                                                679ad931c8f6a7ee9bf2c45d4c61ae7a673f8eb60f6a9ced010ea22bc9b2e665f9f92035f155fee8c872e481409875d2d026e0d8ec5e5718a77a97346f796888

                                                                Download Submit

                                                              • C:\Config.Msi\e57db71.rbs
                                                                Filesize

                                                                11KB

                                                                MD5

                                                                8ac595bd9d4a3932ed32274dbd6575ad

                                                                SHA1

                                                                5776e1702817d4932646f304e610c0147629cee9

                                                                SHA256

                                                                2178924f5362c57ee782026f382d5f5c3938c5c484900329d609ff7b072b7725

                                                                SHA512

                                                                f39542ac6e47caeb7f43db13047eeb3ec673f415cb4eccff1595e8ebb70f55c0ef3e36e44accbdd2a7b121f7deab0c0c5a6b3ba07d58b2f810479712d928b85a

                                                                Download Submit

                                                              • C:\Config.Msi\e57db76.rbs
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                db0e674d3b0679a6b7b7cd29d66c8036

                                                                SHA1

                                                                d24d391a91e7794cbc02cd28638e285444ea4a09

                                                                SHA256

                                                                e9147552e3fbefa0f29d55c364e55abd0654e9e5b266fba123a23043039d36d9

                                                                SHA512

                                                                6e136a9d08a243933a1647b11759623d45607d0a32a1ed46afc132eb7fd6efbab79c3688215ce646ba7331ef462d42bd4a879df7d483b362f96bd572a5611c8a

                                                                Download Submit

                                                              • C:\Config.Msi\e57db77.rbf
                                                                Filesize

                                                                143KB

                                                                MD5

                                                                33b4c87f18b4c49114d7a8980241657a

                                                                SHA1

                                                                254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                SHA256

                                                                587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                SHA512

                                                                42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                Download Submit

                                                              • C:\Config.Msi\e57db78.rbf
                                                                Filesize

                                                                3B

                                                                MD5

                                                                21438ef4b9ad4fc266b6129a2f60de29

                                                                SHA1

                                                                5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                SHA256

                                                                13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                SHA512

                                                                37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                337079222a6f6c6edf58f3f981ff20ae

                                                                SHA1

                                                                1f705fc0faa84c69e1fe936b34783b301323e255

                                                                SHA256

                                                                ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                                SHA512

                                                                ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                Filesize

                                                                142KB

                                                                MD5

                                                                477293f80461713d51a98a24023d45e8

                                                                SHA1

                                                                e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                SHA256

                                                                a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                SHA512

                                                                23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                b3bb71f9bb4de4236c26578a8fae2dcd

                                                                SHA1

                                                                1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                SHA256

                                                                e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                SHA512

                                                                fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                Filesize

                                                                210KB

                                                                MD5

                                                                c106df1b5b43af3b937ace19d92b42f3

                                                                SHA1

                                                                7670fc4b6369e3fb705200050618acaa5213637f

                                                                SHA256

                                                                2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                SHA512

                                                                616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                Filesize

                                                                693KB

                                                                MD5

                                                                2c4d25b7fbd1adfd4471052fa482af72

                                                                SHA1

                                                                fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                SHA256

                                                                2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                SHA512

                                                                f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                Filesize

                                                                146KB

                                                                MD5

                                                                8d477b63bc5a56ae15314bda8dea7a3a

                                                                SHA1

                                                                3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                SHA256

                                                                9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                SHA512

                                                                44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                Filesize

                                                                145KB

                                                                MD5

                                                                2b9beb2fdbc41afc48d68d32ef41dd08

                                                                SHA1

                                                                4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                SHA256

                                                                977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                SHA512

                                                                3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                Filesize

                                                                51KB

                                                                MD5

                                                                3180c705182447f4bcc7ce8e2820b25d

                                                                SHA1

                                                                ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                SHA256

                                                                5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                SHA512

                                                                228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                Filesize

                                                                12B

                                                                MD5

                                                                1e065e191e89cc811ff49c96fa8fa5e6

                                                                SHA1

                                                                bc50ff2a20a8b83683583684fcac640a91689ed4

                                                                SHA256

                                                                d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                                                SHA512

                                                                5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                Filesize

                                                                247KB

                                                                MD5

                                                                aa5cf64d575b7544eefd77f256c4dc57

                                                                SHA1

                                                                bd23989db4f9af0aae34d032e817d802c06ca5a9

                                                                SHA256

                                                                79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                                                SHA512

                                                                774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                Filesize

                                                                546B

                                                                MD5

                                                                158fb7d9323c6ce69d4fce11486a40a1

                                                                SHA1

                                                                29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                                SHA256

                                                                5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                                SHA512

                                                                7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                Filesize

                                                                94KB

                                                                MD5

                                                                c69c7690482c75a8fc70df2990d7afc6

                                                                SHA1

                                                                79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

                                                                SHA256

                                                                580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

                                                                SHA512

                                                                ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                Filesize

                                                                688KB

                                                                MD5

                                                                111e2e63bccead95bb5ffc53c9282070

                                                                SHA1

                                                                eaae7df21e291aa089bc101b1e265ca202be1225

                                                                SHA256

                                                                9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

                                                                SHA512

                                                                ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                Filesize

                                                                27KB

                                                                MD5

                                                                797c9554ec56fd72ebb3f6f6bef67fb5

                                                                SHA1

                                                                40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                SHA256

                                                                7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                SHA512

                                                                4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                Filesize

                                                                214KB

                                                                MD5

                                                                01807774f043028ec29982a62fa75941

                                                                SHA1

                                                                afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                SHA256

                                                                9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                SHA512

                                                                33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                Filesize

                                                                37KB

                                                                MD5

                                                                efb4712c8713cb05eb7fe7d87a83a55a

                                                                SHA1

                                                                c94d106bba77aecf88540807da89349b50ea5ae7

                                                                SHA256

                                                                30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                SHA512

                                                                3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                Filesize

                                                                3.4MB

                                                                MD5

                                                                93e4c198656fc267f392de11dee01cd0

                                                                SHA1

                                                                e92cb59486745ee7564f5b374e790a065e1f4678

                                                                SHA256

                                                                88b220f9f9bf25f856dda714aa1a1ae998720780cd3ec5b968154e03834fa965

                                                                SHA512

                                                                3a04a02982dbbbb9d54b6c5674f2f2c10e0cbce580e3974cd924cc9131cd94aece71c7b975c9abaae82f057c70243fb016d31339e8700c96bd55c434bb98105f

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                Filesize

                                                                397KB

                                                                MD5

                                                                810f893e58861909b134fa72e3bc90cd

                                                                SHA1

                                                                524977f32836634132d23997b23304574d8d156a

                                                                SHA256

                                                                b83b6c1f64b6700d7444586a6214858a1479c58571f5e7bf4f023166c9016733

                                                                SHA512

                                                                db463d34a37403a9248d463ae63989b40a0172d9543bda922dacb10a624eb603700628a67d9c86df2605c36d789902ec79228aa29f26c49be0195c54a9e4a191

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                56b223930076c17935712a6512555b7a

                                                                SHA1

                                                                59cb90a88408748321332e8ce2363a9a7c3faa7e

                                                                SHA256

                                                                18caf98937d7ca72eb7027e3b47bafc8a44c8fc05f46d5296154fa2e8564abf6

                                                                SHA512

                                                                b19fb59d0b2d60a525f4f78be0dbc7fdc3b2f173961ed5bdc0223e2c07f9205be41247a6954a090117085c7c0cfeec4e6f77d243e43f0c498018ab8a85bce735

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                Filesize

                                                                197KB

                                                                MD5

                                                                d0d21e16e57a1a73056eae228da1e287

                                                                SHA1

                                                                ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                                SHA256

                                                                3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                                SHA512

                                                                470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                Filesize

                                                                56KB

                                                                MD5

                                                                d0aa95693d78fd438552bd9df01fec78

                                                                SHA1

                                                                0e7173c1af5d5543d5a41aed690e59f3ae4bb0b9

                                                                SHA256

                                                                11201ece7c3ee4bbcde0b84a2bc7c251ef57fce5200b2a1ae437fc959c7ad8a7

                                                                SHA512

                                                                7b48864e72627bb51063ea49f6459eb6c05baa64066d8e6c85f2ff7b7de26b633ff973e2a830da63b6824eaea65690e3f6b29af8adbc0c24724016a8764f3b15

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                9d1528a2ce17522f6de064ae2c2b608e

                                                                SHA1

                                                                2f1ce8b589e57ab300bb93dde176689689f75114

                                                                SHA256

                                                                11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                                SHA512

                                                                a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.5888.update
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                14ffcf07375b3952bd3f2fe52bb63c14

                                                                SHA1

                                                                ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                                SHA256

                                                                6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                                SHA512

                                                                14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                dd464c74b728ffb130aa9efe2ae9a949

                                                                SHA1

                                                                70fc58b3d8f14cebfdae7cb80449f44f4779cdfc

                                                                SHA256

                                                                c56397c3d267d7efa31289f583903bbe0d00aa3dfdce252f08947b357820b816

                                                                SHA512

                                                                a3e6d2f45f582d3f2b8cde0c34036569631ccec97824218ba7e4d5cd4a16a6d476f100eeaf3f4802699187194a484fcfafa2d377c17cc67a5a164d891cd43394

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                                Filesize

                                                                2B

                                                                MD5

                                                                81051bcc2cf1bedf378224b0a93e2877

                                                                SHA1

                                                                ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                                SHA256

                                                                7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                                SHA512

                                                                1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                Filesize

                                                                54KB

                                                                MD5

                                                                77c613ffadf1f4b2f50d31eeec83af30

                                                                SHA1

                                                                76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                                SHA256

                                                                2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                                SHA512

                                                                29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                Filesize

                                                                333KB

                                                                MD5

                                                                745714d838c4d4f88c6e0db6a434f444

                                                                SHA1

                                                                90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                SHA256

                                                                e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                SHA512

                                                                08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                Filesize

                                                                70KB

                                                                MD5

                                                                e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                SHA1

                                                                22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                SHA256

                                                                bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                SHA512

                                                                00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                Filesize

                                                                50KB

                                                                MD5

                                                                5bb0687e2384644ea48f688d7e75377b

                                                                SHA1

                                                                44e4651a52517570894cfec764ec790263b88c4a

                                                                SHA256

                                                                963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                SHA512

                                                                260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                Filesize

                                                                32KB

                                                                MD5

                                                                2ec1d28706b9713026e8c6814e231d7c

                                                                SHA1

                                                                7ef12a01182d28a5ebf049cc1cb80619cd1e391a

                                                                SHA256

                                                                c9514bf67df87ac6cc1002f3585d5b6f7d4093a7a794d524fa8c635f052733de

                                                                SHA512

                                                                9e23588dc6d721f42e309974c3f3089f845f10d1dee87fb26213ba3810ee3c272d758632cf1c9157f6862ba0e582afc49c1ee51540461f41840650f216f35aeb

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                Filesize

                                                                59KB

                                                                MD5

                                                                26c25e48b69eb8df7d6cea01fd66f3df

                                                                SHA1

                                                                d70e92a8b8d358c7a2e200b11e23703cf43d93e9

                                                                SHA256

                                                                f6da2cc4a4ca0a4cff92a2c9f61e546255bfe9d02eb1087a033b1a45e06fec87

                                                                SHA512

                                                                6414db6ba626fe4b39155052638a15707cf60836056560fceeb5a1ea8faee1bee830840900f1635ff5a0ce1d271f73062660bd0ec582815e0bc56f4997a45feb

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                Filesize

                                                                588KB

                                                                MD5

                                                                17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                SHA1

                                                                bc0316e11c119806907c058d62513eb8ce32288c

                                                                SHA256

                                                                13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                SHA512

                                                                f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                Download Submit

                                                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                Filesize

                                                                208B

                                                                MD5

                                                                1e3e66e85c60a73e9153f6d84d4126bb

                                                                SHA1

                                                                f8ae619d52a73bd9018ab9722fd460f79e2ca0ec

                                                                SHA256

                                                                140fbcc7fcd6bb475f52355f771e2519a533a57f5ea1eaab3572e838c46effc7

                                                                SHA512

                                                                758f87592fd995bd2e48cb2da8491ed3fd63fe699f1a91236dd189538cfce4fe2cacdbf1b2c0ea3a2db54ee7573055eb5b513e183d3a5a80f438c48dffc67fb9

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                Filesize

                                                                9KB

                                                                MD5

                                                                1ef7574bc4d8b6034935d99ad884f15b

                                                                SHA1

                                                                110709ab33f893737f4b0567f9495ac60c37667c

                                                                SHA256

                                                                0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                SHA512

                                                                947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                Filesize

                                                                10KB

                                                                MD5

                                                                f512536173e386121b3ebd22aac41a4e

                                                                SHA1

                                                                74ae133215345beaebb7a95f969f34a40dda922a

                                                                SHA256

                                                                a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                SHA512

                                                                1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                Filesize

                                                                76KB

                                                                MD5

                                                                b40fe65431b18a52e6452279b88954af

                                                                SHA1

                                                                c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                SHA256

                                                                800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                SHA512

                                                                e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                Filesize

                                                                80KB

                                                                MD5

                                                                3904d0698962e09da946046020cbcb17

                                                                SHA1

                                                                edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                SHA256

                                                                a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                SHA512

                                                                c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                Download Submit

                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                Filesize

                                                                96KB

                                                                MD5

                                                                05026a4c4d898372802fc1cacd6ed7b5

                                                                SHA1

                                                                09f8574ef81b6bd4179b6afbb6b55ef04b688152

                                                                SHA256

                                                                2e26a8fd63551e4e89ea0c24a68d52a10b3c3db3e7a9aa57f936be9174d05533

                                                                SHA512

                                                                685481861ea42f7141226efc283fc2f9b4a90c54d4d9525a7fd1e124fd3a09e78611fd2fdd17e955035a88d609e29f31eabed3ecf6cc4c4f915149c7cc8307f7

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                Filesize

                                                                287B

                                                                MD5

                                                                fcad4da5d24f95ebf38031673ddbcdb8

                                                                SHA1

                                                                3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                                SHA256

                                                                7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                                SHA512

                                                                1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                Filesize

                                                                7KB

                                                                MD5

                                                                362ce475f5d1e84641bad999c16727a0

                                                                SHA1

                                                                6b613c73acb58d259c6379bd820cca6f785cc812

                                                                SHA256

                                                                1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                SHA512

                                                                7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                Filesize

                                                                1.3MB

                                                                MD5

                                                                40df7f2a02cdfa70ae76d70d21473428

                                                                SHA1

                                                                4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                SHA256

                                                                f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                SHA512

                                                                2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                Filesize

                                                                1.8MB

                                                                MD5

                                                                5ed9543e9f5826ead203316ef0a8863d

                                                                SHA1

                                                                8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                SHA256

                                                                33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                SHA512

                                                                5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                Filesize

                                                                1.1MB

                                                                MD5

                                                                9a9b1fd85b5f1dcd568a521399a0d057

                                                                SHA1

                                                                34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                SHA256

                                                                88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                SHA512

                                                                7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                Filesize

                                                                383KB

                                                                MD5

                                                                f6f297c704f4f4c13d50f971daea3b56

                                                                SHA1

                                                                118581c847ea863ff8bca0a38b5469577ac6b227

                                                                SHA256

                                                                a92e1c423c30b6bb4c73f8807890b6020e12cad4143ebf6548d6562cd04f0b4b

                                                                SHA512

                                                                b312447f381d48b68308b68cd841a4274897fe4e4bd5ea3fcdfd598a6926db1ad43443bf7c0b103fdf06e1b511f5ea1b2e8018abc62a39b9b7f2d4be17a7c848

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                Filesize

                                                                321KB

                                                                MD5

                                                                d3901e62166e9c42864fe3062cb4d8d5

                                                                SHA1

                                                                c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                SHA256

                                                                dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                SHA512

                                                                ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                Filesize

                                                                814KB

                                                                MD5

                                                                9b1f97a41bfb95f148868b49460d9d04

                                                                SHA1

                                                                768031d5e877e347a249dfdeab7c725df941324b

                                                                SHA256

                                                                09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                SHA512

                                                                9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                Filesize

                                                                1.2MB

                                                                MD5

                                                                e74d2a16da1ddb7f9c54f72b8a25897c

                                                                SHA1

                                                                32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                SHA256

                                                                a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                SHA512

                                                                52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                                Filesize

                                                                11B

                                                                MD5

                                                                5eda46a55c61b07029e7202f8cf1781c

                                                                SHA1

                                                                862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                                SHA256

                                                                12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                                SHA512

                                                                4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                Filesize

                                                                12B

                                                                MD5

                                                                a6bd887ee94e12d3c42a5d47b4c73826

                                                                SHA1

                                                                6b30541a5b528ff8a8befdb5cab0b9dccf4b2491

                                                                SHA256

                                                                643d32f1b400e5cdc5b76067eac006167c07b321d5abd06b30f1a45e9fe2253c

                                                                SHA512

                                                                ec86b4beda8995c13f550ce0f1c60b7bf384f706d37c516a12c6e6d6e0040bc11f72e9af09117d78b46bb799e9e41f4f6b2e78b84c2cf087ac76a1eb94986171

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                b4a865268d5aca5f93bab91d7d83c800

                                                                SHA1

                                                                95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                SHA256

                                                                5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                SHA512

                                                                c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                0516162863a359d4ffc4ce3edeb5d4d1

                                                                SHA1

                                                                a44ad27ccf392346855258eeeea78c9a0e564d3e

                                                                SHA256

                                                                670a745091270b8233fbf741c9ab2dc787061aa4c979dc4f9ac4ad4892473095

                                                                SHA512

                                                                4d144fc69c9678c70e7c4dddaebfb8def065c669abac20bd2fc5e161b76840074d02dd32d4978ca57bc67c92e4322126c1d6d20234fadb601bca00ac539170eb

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                Filesize

                                                                48KB

                                                                MD5

                                                                e8e9aff9139496d3296f9f8d4eebb08f

                                                                SHA1

                                                                b3fdbbb8795b81f5d1809f3ea2a59ca8e309608f

                                                                SHA256

                                                                96419e29047e43d154dafb22444998f889f8a91be248f8b6e839fb0a40f6d6c1

                                                                SHA512

                                                                c41b147c48c6d561de6eec7760ecc63a27c56dba690d6e4d8596db1db97935254918d43be7e0bfc860b1cfc3b1f88cb8c7d9f3cfe5ad9d6d31e5e47b276156a8

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                Filesize

                                                                2.8MB

                                                                MD5

                                                                ab8d85c093d6f0180bf09ec0f466b78b

                                                                SHA1

                                                                1daf355d14d45b1e411f96fa394a98a84c09e53e

                                                                SHA256

                                                                d1e08c8dbf3bfc34e3fdfc390d2e7f5b871f95376e7dda93e3dd0051d580db40

                                                                SHA512

                                                                2882292301e1fb85b410570ece6cf05f3e89968a02450dba192a1f97282f1c08ed30819e3d36c524fba3baeb6a2c22a10a762c8313e8823c07554b4b975cc00e

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.ini
                                                                Filesize

                                                                12B

                                                                MD5

                                                                9a5e9a329e4e73e0c499371205a810db

                                                                SHA1

                                                                5b6d85657d4acd89867283fbe372e9e85c30686f

                                                                SHA256

                                                                d109087c4ca318cad74b7560c32594d37181885adbdc9348ba1dd35d47b35b92

                                                                SHA512

                                                                02bd5261b9e795ed5a07badd65a6cf71d18751452fb44bdd424dfcc6c50ba7441e0066b125e731018fd6f1a8a002ac4e6961c7eff21c36fbda58c8015a100c43

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                                Filesize

                                                                2.9MB

                                                                MD5

                                                                f39fbf03ca870084bde8bfd5e6e1ec39

                                                                SHA1

                                                                00febae56b76f76166fa64a0c0dc746b9feb61e4

                                                                SHA256

                                                                1c2761c31cf551a7b3034618fd0018d1a304bbcb97383d2bb13c47aeb8b23c60

                                                                SHA512

                                                                4c974603fb33e3711dc7f28e4580fef2a197ee1abfcc2c2384e4053c939847fa94b5d27a44ca6ad1fc8799dd80c2cc975c87e55e15902786e4b1e8dbe362bf7a

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                Filesize

                                                                1.1MB

                                                                MD5

                                                                6c6f85e896655a6eb726482f04c49086

                                                                SHA1

                                                                2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                                SHA256

                                                                e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                                SHA512

                                                                b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                Filesize

                                                                541B

                                                                MD5

                                                                d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                SHA1

                                                                e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                SHA256

                                                                7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                SHA512

                                                                a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                Filesize

                                                                12B

                                                                MD5

                                                                880d31390a25de6a9cd34463b46c75e6

                                                                SHA1

                                                                837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                SHA256

                                                                425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                SHA512

                                                                8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                Filesize

                                                                670KB

                                                                MD5

                                                                96e50bbca30d75af7b8b40acf8dda817

                                                                SHA1

                                                                4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                SHA256

                                                                a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                SHA512

                                                                0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                Filesize

                                                                3.1MB

                                                                MD5

                                                                8e70af11d0ee2abe139b40d67e70b73c

                                                                SHA1

                                                                18582e88e16255d5d267904bdf0357ec9ff333e0

                                                                SHA256

                                                                5c687adaa48b83de220e8489e0ceb0093be1f94260750c8d94a1b8497781327e

                                                                SHA512

                                                                3a845ed4ab368b0dde7e98d77fb796e9070f6bb9472ea833e52b19eb5bd47260e0b288fd3c8d19235bd9ded6f7b11ea10985ad871c8f5c82751249301d3ee4a6

                                                                Download Submit

                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                                Filesize

                                                                572KB

                                                                MD5

                                                                7062f2490fde7624ceab2fac6a996b98

                                                                SHA1

                                                                63a355ebf702bd6fb4e10f4353e5dbaa036ff635

                                                                SHA256

                                                                dbf3e40e068c22a995bb917ef51153bf1d4dd06ab8a5bb5486ea017245edbf1c

                                                                SHA512

                                                                5674e823473887669a1d12ecea9f7569633fb885f570b3c7bd8fbb706b214c564a0aaf0bedebd0a61add76582316c7de9a2f5af5b4cd8d04f426d80987f2d7b3

                                                                Download Submit

                                                              • C:\Program Files\dotnet\dotnet.exe
                                                                Filesize

                                                                143KB

                                                                MD5

                                                                71026b098f8fb39c88b003df746d9fa0

                                                                SHA1

                                                                013ca259f551ad6f33db53fff0e121e74408e20e

                                                                SHA256

                                                                11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                SHA512

                                                                9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                Download Submit

                                                              • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\51e27c2988e0c52353e7b5e200b565a7
                                                                Filesize

                                                                16KB

                                                                MD5

                                                                b2e89027a140a89b6e3eb4e504e93d96

                                                                SHA1

                                                                f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                SHA256

                                                                5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                SHA512

                                                                93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                Download Submit

                                                              • C:\ProgramData\chocolatey\config\chocolatey.config
                                                                Filesize

                                                                809B

                                                                MD5

                                                                8b6737800745d3b99886d013b3392ac3

                                                                SHA1

                                                                bb94da3f294922d9e8d31879f2d145586a182e19

                                                                SHA256

                                                                86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                                SHA512

                                                                654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                                Download Submit

                                                              • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                                Filesize

                                                                6KB

                                                                MD5

                                                                3eb00ca09c1a6ad0ad12b5698f611a99

                                                                SHA1

                                                                0ae35d467b906c4a614aba1a4c2498c79687bdef

                                                                SHA256

                                                                c446b278a4efc9ef0f9dd6bc08c5dae3b7649bff04c23ca3a536c5a53d94ae2a

                                                                SHA512

                                                                c2a91818dc37fa40cf54e2078e3772342f539a8ae9556f58d661524f99592ee28c835ab820f89cdcbf66b32ffd607f3777c4d613a60ec242833c84be39263fca

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                Filesize

                                                                727B

                                                                MD5

                                                                62f50b09757845b91a11afe304f912e7

                                                                SHA1

                                                                ca2093d46e2a9138ef71e5cb6d53d6ced356ec76

                                                                SHA256

                                                                9979dad90650f1a6d82d38cb84e4055e46b88f28bcc099b51cd5e2444cc280e9

                                                                SHA512

                                                                6b54ad0a12455914f3140a1f5341807cbd97470419109470eabab6cfa1083b703dfd19ea276caba534777bcc8265d80659e6d8db06bc03de57fb6fb3d9e68133

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                Filesize

                                                                404B

                                                                MD5

                                                                c12d60139b0136c4e68f25c7b1dfaacd

                                                                SHA1

                                                                c9d3d888763f59b46f64581dbb6557d18edaa7ff

                                                                SHA256

                                                                68464539cb196b0cf6eedade11479c0a5a24ac9b87f3802a4f1256956f8942fd

                                                                SHA512

                                                                5fd03882f35540de60444b26c1ad4427c1bb66fd57c7c75c2f7dc01166cdd6d2b0066f1845ced48896cb50a7bbb556e0f0fa7727ea71f0ffea0d4d40ec497bf3

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                Filesize

                                                                651B

                                                                MD5

                                                                9bbfe11735bac43a2ed1be18d0655fe2

                                                                SHA1

                                                                61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                SHA256

                                                                549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                SHA512

                                                                a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI169D.tmp
                                                                Filesize

                                                                219KB

                                                                MD5

                                                                928f4b0fc68501395f93ad524a36148c

                                                                SHA1

                                                                084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                SHA256

                                                                2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                SHA512

                                                                7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                Download Submit

                                                              • C:\Windows\Installer\MSI5211.tmp
                                                                Filesize

                                                                4.5MB

                                                                MD5

                                                                08211c29e0d617a579ffa2c41bde1317

                                                                SHA1

                                                                4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                SHA256

                                                                3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                SHA512

                                                                d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                Download Submit

                                                              • C:\Windows\Installer\MSIA640.tmp-\System.Management.dll
                                                                Filesize

                                                                60KB

                                                                MD5

                                                                878e361c41c05c0519bfc72c7d6e141c

                                                                SHA1

                                                                432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                SHA256

                                                                24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                SHA512

                                                                59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                Download Submit

                                                              • C:\Windows\Installer\MSIDC08.tmp
                                                                Filesize

                                                                509KB

                                                                MD5

                                                                88d29734f37bdcffd202eafcdd082f9d

                                                                SHA1

                                                                823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                SHA256

                                                                87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                SHA512

                                                                1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                Download Submit

                                                              • C:\Windows\Installer\MSIDC08.tmp-\AlphaControlAgentInstallation.dll
                                                                Filesize

                                                                25KB

                                                                MD5

                                                                aa1b9c5c685173fad2dabebeb3171f01

                                                                SHA1

                                                                ed756b1760e563ce888276ff248c734b7dd851fb

                                                                SHA256

                                                                e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                SHA512

                                                                d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                Download Submit

                                                              • C:\Windows\Installer\MSIDC08.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                Filesize

                                                                179KB

                                                                MD5

                                                                1a5caea6734fdd07caa514c3f3fb75da

                                                                SHA1

                                                                f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                SHA256

                                                                cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                SHA512

                                                                a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                Download Submit

                                                              • C:\Windows\Installer\MSIDFE1.tmp-\CustomAction.config
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                bc17e956cde8dd5425f2b2a68ed919f8

                                                                SHA1

                                                                5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                SHA256

                                                                e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                SHA512

                                                                02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                Download Submit

                                                              • C:\Windows\Installer\MSIDFE1.tmp-\Newtonsoft.Json.dll
                                                                Filesize

                                                                695KB

                                                                MD5

                                                                715a1fbee4665e99e859eda667fe8034

                                                                SHA1

                                                                e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                SHA256

                                                                c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                SHA512

                                                                bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                Download Submit

                                                              • C:\Windows\Installer\MSIE7F3.tmp
                                                                Filesize

                                                                211KB

                                                                MD5

                                                                a3ae5d86ecf38db9427359ea37a5f646

                                                                SHA1

                                                                eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                SHA256

                                                                c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                SHA512

                                                                96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                Download Submit

                                                              • C:\Windows\Installer\e57db4c.msi
                                                                Filesize

                                                                2.9MB

                                                                MD5

                                                                eaf2eab89c1b5f8eccf2e62a5a4fb002

                                                                SHA1

                                                                24e2a1958e34f8db3378c8210ef5f0e5166a1537

                                                                SHA256

                                                                819ad25e1dfd53f40ca7d7d176c2a1abf14b16fd5325936c1390ab3001e26af9

                                                                SHA512

                                                                25e7a8b39e585867d71b8edc472b4240e051a5ef5e2c23ddcddc20dc556a8381adc783884c7e2183c778ca445379654bc59a0cf16e4029c2b4b479243d34494a

                                                                Download Submit

                                                              • C:\Windows\Installer\e57db68.msi
                                                                Filesize

                                                                26.3MB

                                                                MD5

                                                                b9c6d23462adef092b8a5b7880531b03

                                                                SHA1

                                                                9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                SHA256

                                                                2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                SHA512

                                                                18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                Download Submit

                                                              • C:\Windows\Installer\e57db69.msi
                                                                Filesize

                                                                772KB

                                                                MD5

                                                                d73de5788ab129f16afdd990d8e6bfa9

                                                                SHA1

                                                                88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                SHA256

                                                                4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                SHA512

                                                                bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{2ed3e33d-00ef-f543-8f6e-a6a65a00bff8}\lci_iddcx.cat
                                                                Filesize

                                                                10KB

                                                                MD5

                                                                62458e58313475c9a3642a392363e359

                                                                SHA1

                                                                e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                SHA256

                                                                85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                SHA512

                                                                49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{2ed3e33d-00ef-f543-8f6e-a6a65a00bff8}\lci_iddcx.inf
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                1cec22ca85e1b5a8615774fca59a420b

                                                                SHA1

                                                                049a651751ef38321a1088af6a47c4380f9293fc

                                                                SHA256

                                                                60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                SHA512

                                                                0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{2ed3e33d-00ef-f543-8f6e-a6a65a00bff8}\x64\lci_iddcx.dll
                                                                Filesize

                                                                52KB

                                                                MD5

                                                                01e8bc64139d6b74467330b11331858d

                                                                SHA1

                                                                b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                SHA256

                                                                148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                SHA512

                                                                4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a382c23c-cb5e-6243-97e9-23ac0e1364b9}\lci_proxywddm.cat
                                                                Filesize

                                                                12KB

                                                                MD5

                                                                8e16d54f986dbe98812fd5ec04d434e8

                                                                SHA1

                                                                8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                SHA256

                                                                7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                SHA512

                                                                e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a382c23c-cb5e-6243-97e9-23ac0e1364b9}\lci_proxywddm.inf
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                0315a579f5afe989154cb7c6a6376b05

                                                                SHA1

                                                                e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                SHA256

                                                                d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                SHA512

                                                                c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a382c23c-cb5e-6243-97e9-23ac0e1364b9}\x64\lci_proxyumd.dll
                                                                Filesize

                                                                179KB

                                                                MD5

                                                                4dc11547a5fc28ca8f6965fa21573481

                                                                SHA1

                                                                d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                SHA256

                                                                e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                SHA512

                                                                bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a382c23c-cb5e-6243-97e9-23ac0e1364b9}\x64\lci_proxyumd32.dll
                                                                Filesize

                                                                135KB

                                                                MD5

                                                                67ae7b2c36c9c70086b9d41b4515b0a8

                                                                SHA1

                                                                ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                SHA256

                                                                79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                SHA512

                                                                4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                Download Submit

                                                              • C:\Windows\System32\DriverStore\Temp\{a382c23c-cb5e-6243-97e9-23ac0e1364b9}\x64\lci_proxywddm.sys
                                                                Filesize

                                                                119KB

                                                                MD5

                                                                b9b0e9b4d93b18b99ece31a819d71d00

                                                                SHA1

                                                                2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                SHA256

                                                                0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                SHA512

                                                                465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                Download Submit

                                                              • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-03-57-51.dat
                                                                Filesize

                                                                602B

                                                                MD5

                                                                30aed012d3fa53f3c409d3a64e8d7dcf

                                                                SHA1

                                                                a86e4563aee6250677a2b493d39266619f961c36

                                                                SHA256

                                                                027743350e9f12b29829aa0a75a2aac1cbb1004f769171686a9a4c7aa8cb75c6

                                                                SHA512

                                                                0f1e7e1a7fbfc44af377f635c7b0e8121295ff8facd37b89eebf30ed39f5de30303de8d72dd05ad1936d7c156694ad1811df3ba6959a0e44cf5155244ba51008

                                                                Download Submit

                                                              • C:\Windows\Temp\InstallUtil.log
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                4fce110f2fa76991dc019885ab2cc759

                                                                SHA1

                                                                ec63a2654b7ecb8ecfb383a51c33150900483509

                                                                SHA256

                                                                e58c6abce105e7d5bf346423a79f326b8ddf3028ecd021a75bb8be4e16d300f9

                                                                SHA512

                                                                e3d7a107b17f1935c5dc1f58b01b317690726316dbca916697d36e52d23c797fedb3f4e4e850dabc6cd6d99bf3bce2be0b09bd199ad353cb2446d483e71be242

                                                                Download Submit

                                                              • C:\Windows\Temp\InstallUtil.log
                                                                Filesize

                                                                708B

                                                                MD5

                                                                5e7ef2492c8039960d3cadf53254b637

                                                                SHA1

                                                                bfbbffbf0cdfe8c2a10655b9827fe315bc780623

                                                                SHA256

                                                                d0a7a6f1561f20eaba72af1485f7dfaaeaedba364eb7d22436dc88ae314f6966

                                                                SHA512

                                                                7443efee85e3270dff8cbe1cec08aab98bf6462e69ab2f48a8edf41b06f73c37049d9f63b94ec5581e5e78a5540a8d7e3927c7042b08c22a13571fbb290c9e56

                                                                Download Submit

                                                              • C:\Windows\Temp\InstallUtil.log
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                cad4c6a260aafeba1e355fdee66133ce

                                                                SHA1

                                                                a9cf8ad2f1b101fe77b197763ceec72629623a17

                                                                SHA256

                                                                88d32b256e67fa29904096c64217099825f36bbae6dedfec17d6ea117cc5de24

                                                                SHA512

                                                                6e9c9b1246199ed3905f62f1726423975edf4232f2c59ff31459a2d3e808c638d967596d8b9df209c8884b17ba466f0bc2145008d378d8a6165a8553a4b6dd52

                                                                Download Submit

                                                              • C:\Windows\Temp\PreVer.log
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                708fd0530fd004d971ef0401152836ac

                                                                SHA1

                                                                76009bb72d53ed54f6f611ee630e63e64a1582a9

                                                                SHA256

                                                                d94b04120efcfc932a3d50e2ce82910af9c20dfcefce349b1e7ce0c483fec030

                                                                SHA512

                                                                aa48202ffbb012cbfe9311bbd37eafb5969873c88139304f70ba2dfd7c973da187468e2f9f5ca93ea8de2d1ca8525d383055d85cf1d7563734a076085d68b0c7

                                                                Download Submit

                                                              • C:\Windows\Temp\__PSScriptPolicyTest_c0gkqk1w.v2c.ps1
                                                                Filesize

                                                                60B

                                                                MD5

                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                SHA1

                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                SHA256

                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                SHA512

                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                Download Submit

                                                              • C:\Windows\Temp\unpack.log
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                f115c5ab0ff63e5411c1e1f1a5116b1a

                                                                SHA1

                                                                95c3b63dc7161ef35b7bc651214a99e64b331880

                                                                SHA256

                                                                8306efeab48539152c431a2417e346680ed7851538ff2d167f9a4051bea9f9cf

                                                                SHA512

                                                                f7bf37b2414c4690a5cde0186802d58f6136ab85e6fca63c9d33d3efea67a6ee3577c6902b453b3f3b90368766459638278116635c9b912737e666fbb9d53df1

                                                                Download Submit

                                                              • C:\Windows\Temp\unpack.log
                                                                Filesize

                                                                2KB

                                                                MD5

                                                                146f125b5a10a5f06e5a834bf83bbf8c

                                                                SHA1

                                                                0bbedc1728c1a6fce47dd8d13d6c34682d52444a

                                                                SHA256

                                                                93415591482c6fd21f4b2ffe4c1a4b68a33887a0215d5d7824684520bba3b3c6

                                                                SHA512

                                                                a938ea0e4d27922987e526c9356019bd78a85449ad5125254428035a9f7691e00e8416ea39e25cc0fea3d0c13b9b6e941252369f454261ca2022cc2ec20030c1

                                                                Download Submit

                                                              • C:\Windows\Temp\unpack.log
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                4decae171c870cd0487486f91180820d

                                                                SHA1

                                                                1028201d8e5948533ed345cc4f36ad42754b0d27

                                                                SHA256

                                                                3226604e9bf44c0ec7a10e177aa995bd34f4bf8d9c96d666d36cc8b8809e2945

                                                                SHA512

                                                                b52f8fe5e3eabd34d14561cf60125dfafb33bffca083633198f3a0c46e1007e7f4a304e099dafa1d5cd66cbe133d928865ef8ac44b4cf89d021763588a6f830b

                                                                Download Submit

                                                              • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                Filesize

                                                                3.2MB

                                                                MD5

                                                                2c18826adf72365827f780b2a1d5ea75

                                                                SHA1

                                                                a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                SHA256

                                                                ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                SHA512

                                                                474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                Download Submit

                                                              • C:\Windows\Temp\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\ISRT.dll
                                                                Filesize

                                                                427KB

                                                                MD5

                                                                85315ad538fa5af8162f1cd2fce1c99d

                                                                SHA1

                                                                31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                SHA256

                                                                70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                SHA512

                                                                877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                Download Submit

                                                              • C:\Windows\Temp\{5F787EF8-EDA8-4551-B004-E6C62328E1B6}\_isres_0x0409.dll
                                                                Filesize

                                                                1.8MB

                                                                MD5

                                                                befe2ef369d12f83c72c5f2f7069dd87

                                                                SHA1

                                                                b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                SHA256

                                                                9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                SHA512

                                                                760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                Download Submit

                                                              • C:\Windows\Temp\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\IsConfig.ini
                                                                Filesize

                                                                571B

                                                                MD5

                                                                d239b8964e37974225ad69d78a0a8275

                                                                SHA1

                                                                cf208e98a6f11d1807cd84ca61504ad783471679

                                                                SHA256

                                                                0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                SHA512

                                                                88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                Download Submit

                                                              • C:\Windows\Temp\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\String1033.txt
                                                                Filesize

                                                                182KB

                                                                MD5

                                                                99bbffd900115fe8672c73fb1a48a604

                                                                SHA1

                                                                8f587395fa6b954affef337c70781ce00913950e

                                                                SHA256

                                                                57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                SHA512

                                                                d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                Download Submit

                                                              • C:\Windows\Temp\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\_is44A6.exe
                                                                Filesize

                                                                179KB

                                                                MD5

                                                                7a1c100df8065815dc34c05abc0c13de

                                                                SHA1

                                                                3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                SHA256

                                                                e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                SHA512

                                                                bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                Download Submit

                                                              • C:\Windows\Temp\{8610D905-A2CF-4FC3-B845-B59E7EAD119D}\setup.inx
                                                                Filesize

                                                                345KB

                                                                MD5

                                                                0376dd5b7e37985ea50e693dc212094c

                                                                SHA1

                                                                02859394164c33924907b85ab0aaddc628c31bf1

                                                                SHA256

                                                                c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                SHA512

                                                                69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                Download Submit

                                                              • C:\Windows\Temp\{9148C88E-B07E-4235-B7D5-B17DB5BC4091}\.ba\bg.png
                                                                Filesize

                                                                4KB

                                                                MD5

                                                                9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                SHA1

                                                                eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                SHA256

                                                                9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                SHA512

                                                                9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                Download Submit

                                                              • C:\Windows\Temp\{9148C88E-B07E-4235-B7D5-B17DB5BC4091}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                Filesize

                                                                607KB

                                                                MD5

                                                                669de3ab32955e69decfe13a3c89891e

                                                                SHA1

                                                                ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                SHA256

                                                                2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                SHA512

                                                                be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                Download Submit

                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                Filesize

                                                                727B

                                                                MD5

                                                                f11d59d55f077f02f2651680043ddaa2

                                                                SHA1

                                                                0146112dcbb3b26a6c6f24839f6b1276934eb35b

                                                                SHA256

                                                                a642d13d047785429ffb39d7bfc6e7dd0b92b1be61170e6ecc876671a02fb6e2

                                                                SHA512

                                                                313151140da21c56c26d5ec8a4a49e791d9654e15fb387b5f1374337a644c0e7deb0e3d9c45a9f02b3ee5b83b6cd1a03fa4bbda857d3ce5a332eaa06487be5b4

                                                                Download Submit

                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                Filesize

                                                                404B

                                                                MD5

                                                                ec730fbe89c4d9ec08cefbccebe67ce3

                                                                SHA1

                                                                0285678f4539d3278ace6866a7f5d9cfd58a1b29

                                                                SHA256

                                                                29994b4c3617c4f23cea069da94336eee528622ab5f94104478aac98fc6d6e18

                                                                SHA512

                                                                8b3d3f89f64f78943995cfaa9171b908fe0fb6aecea57aa955a0622b020fe82e70d5425e1d43de46b06af5c9d0c411e44fa4db3c180f6db19d25924fcbafb12d

                                                                Download Submit

                                                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                Filesize

                                                                412B

                                                                MD5

                                                                5d9e61c1ab3ba1948376372d208b2230

                                                                SHA1

                                                                8c9a846e3dc134d4d3a1d6bf6637ae8f364058da

                                                                SHA256

                                                                2c5c2c6bcd30a5679d03553c48baa80985c01a29e7c7bf210f4b888521602c78

                                                                SHA512

                                                                cbe3d5a8b27f400a914b00377237ea5f1069f8ea223c013df7d4d32bd810cfa9029de4da0ffd195eaaf4a546b0a3d3f3a464043787b0f6f71d66256c836640a9

                                                                Download Submit

                                                              • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                                Filesize

                                                                1KB

                                                                MD5

                                                                9cad061ddf5ad182cfe7879190aeed71

                                                                SHA1

                                                                cfd292d16d937f95b642527464403b7e5ef6af96

                                                                SHA256

                                                                b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                                SHA512

                                                                df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                                Download Submit

                                                              • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                Filesize

                                                                24.1MB

                                                                MD5

                                                                951178000feb80ae20379b87ba91fc30

                                                                SHA1

                                                                dfdf7d1de13ea5df8164ba84742caa02ebf75a9d

                                                                SHA256

                                                                149641b5e885b850e5d2659a59c355ddda448e32454eb4b70624487e4f7a1a53

                                                                SHA512

                                                                7d6d8261bc839ad0b1ec70dad51bcbf51dba3ab3a580fba64de97b3aac001acf435e96d65067717c8592389978c1278dc49829ad69d9dda1f3e858054025d464

                                                                Download Submit

                                                              • \??\Volume{37f93b45-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{8c698911-08e3-49e5-aa42-6d9d0b378e71}_OnDiskSnapshotProp
                                                                Filesize

                                                                6KB

                                                                MD5

                                                                39f8d07725dc5e0df04a227dc6055f1b

                                                                SHA1

                                                                70a2d77fe29beb9ec30fedbac427b60b35fd38c6

                                                                SHA256

                                                                0029a6b179c2f0af373b3ff3078da039bc3bc79dff04a461cacbe7b570cc07ba

                                                                SHA512

                                                                98333d0b1288c75ba69db8f4d4e5f826458cd2d869cf08e51fd7471e09e6084041159ffcddb370b2b8db8f13b362ca368e3b6badb2388e65234cad1a34446ecc

                                                                Download Submit

                                                              • memory/884-1142-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/884-2301-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/884-2823-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/884-1820-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/884-1141-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/884-2822-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/884-2302-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/884-1819-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/1208-1853-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/1208-1854-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/1428-3124-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/1428-4583-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/1428-1180-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/1428-3123-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/1428-4582-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/2288-191-0x000001F8B8BB0000-0x000001F8B8BD2000-memory.dmp

                                                                Filesize

                                                                136KB

                                                                Download

                                                              • memory/2288-231-0x000001F8B9170000-0x000001F8B91A8000-memory.dmp

                                                                Filesize

                                                                224KB

                                                                Download

                                                              • memory/2288-185-0x000001F8B8C70000-0x000001F8B8D22000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/2536-1841-0x000001FB721D0000-0x000001FB721EC000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/2536-1839-0x000001FB72E80000-0x000001FB72F32000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/2536-1844-0x000001FB72240000-0x000001FB72288000-memory.dmp

                                                                Filesize

                                                                288KB

                                                                Download

                                                              • memory/2536-1758-0x000001FB71C80000-0x000001FB71CBA000-memory.dmp

                                                                Filesize

                                                                232KB

                                                                Download

                                                              • memory/2888-1803-0x000001E254300000-0x000001E254320000-memory.dmp

                                                                Filesize

                                                                128KB

                                                                Download

                                                              • memory/2888-1759-0x000001E26CF50000-0x000001E26D002000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/2888-1716-0x000001E253D70000-0x000001E253D7C000-memory.dmp

                                                                Filesize

                                                                48KB

                                                                Download

                                                              • memory/2888-1745-0x000001E254130000-0x000001E254148000-memory.dmp

                                                                Filesize

                                                                96KB

                                                                Download

                                                              • memory/2916-29-0x0000000004FD0000-0x0000000004FFE000-memory.dmp

                                                                Filesize

                                                                184KB

                                                                Download

                                                              • memory/2916-33-0x0000000005010000-0x000000000501C000-memory.dmp

                                                                Filesize

                                                                48KB

                                                                Download

                                                              • memory/2952-296-0x00000192B1310000-0x00000192B13C2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/2952-295-0x0000019298140000-0x0000019298156000-memory.dmp

                                                                Filesize

                                                                88KB

                                                                Download

                                                              • memory/2952-297-0x00000192985F0000-0x000001929860C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/3156-490-0x0000000003A80000-0x0000000003C47000-memory.dmp

                                                                Filesize

                                                                1.8MB

                                                                Download

                                                              • memory/3156-909-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/3156-521-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/3156-912-0x0000000003AC0000-0x0000000003C87000-memory.dmp

                                                                Filesize

                                                                1.8MB

                                                                Download

                                                              • memory/3156-487-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/3156-979-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/3156-1052-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4196-138-0x000001E29EE30000-0x000001E29EE58000-memory.dmp

                                                                Filesize

                                                                160KB

                                                                Download

                                                              • memory/4196-150-0x000001E2B93D0000-0x000001E2B9468000-memory.dmp

                                                                Filesize

                                                                608KB

                                                                Download

                                                              • memory/4196-154-0x000001E29F220000-0x000001E29F232000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/4196-155-0x000001E2A0BA0000-0x000001E2A0BDC000-memory.dmp

                                                                Filesize

                                                                240KB

                                                                Download

                                                              • memory/4340-4584-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4340-4585-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4340-1855-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4340-1858-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4340-1154-0x0000000073170000-0x000000007328C000-memory.dmp

                                                                Filesize

                                                                1.1MB

                                                                Download

                                                              • memory/4340-1155-0x0000000072DA0000-0x000000007316D000-memory.dmp

                                                                Filesize

                                                                3.8MB

                                                                Download

                                                              • memory/4480-70-0x0000000004910000-0x0000000004C64000-memory.dmp

                                                                Filesize

                                                                3.3MB

                                                                Download

                                                              • memory/4480-69-0x00000000047C0000-0x00000000047E2000-memory.dmp

                                                                Filesize

                                                                136KB

                                                                Download

                                                              • memory/4480-66-0x0000000004850000-0x0000000004902000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/4636-100-0x0000000005320000-0x0000000005386000-memory.dmp

                                                                Filesize

                                                                408KB

                                                                Download

                                                              • memory/4768-265-0x000002757ED60000-0x000002757ED7C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/4768-263-0x000002757F400000-0x000002757F4B0000-memory.dmp

                                                                Filesize

                                                                704KB

                                                                Download

                                                              • memory/4768-260-0x000002757E950000-0x000002757E992000-memory.dmp

                                                                Filesize

                                                                264KB

                                                                Download

                                                              • memory/4876-355-0x00000164600B0000-0x00000164600F8000-memory.dmp

                                                                Filesize

                                                                288KB

                                                                Download

                                                              • memory/4876-356-0x0000016447470000-0x0000016447478000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/4876-365-0x0000016461120000-0x000001646115A000-memory.dmp

                                                                Filesize

                                                                232KB

                                                                Download

                                                              • memory/4876-351-0x0000016446EA0000-0x0000016446F08000-memory.dmp

                                                                Filesize

                                                                416KB

                                                                Download

                                                              • memory/4876-362-0x0000016460100000-0x0000016460108000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/4876-352-0x0000016447810000-0x000001644785A000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/4876-353-0x00000164472B0000-0x00000164472CC000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/4876-354-0x0000016460060000-0x00000164600AC000-memory.dmp

                                                                Filesize

                                                                304KB

                                                                Download

                                                              • memory/4876-357-0x0000016447480000-0x000001644748A000-memory.dmp

                                                                Filesize

                                                                40KB

                                                                Download

                                                              • memory/4876-366-0x0000016460110000-0x0000016460136000-memory.dmp

                                                                Filesize

                                                                152KB

                                                                Download

                                                              • memory/4876-358-0x0000016460330000-0x000001646040C000-memory.dmp

                                                                Filesize

                                                                880KB

                                                                Download

                                                              • memory/4876-361-0x0000016447870000-0x0000016447878000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/4876-363-0x00000164602C0000-0x0000016460328000-memory.dmp

                                                                Filesize

                                                                416KB

                                                                Download

                                                              • memory/4876-360-0x0000016447860000-0x0000016447868000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/4876-359-0x0000016460410000-0x00000164604C2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/4876-364-0x0000016460250000-0x000001646027A000-memory.dmp

                                                                Filesize

                                                                168KB

                                                                Download

                                                              • memory/5428-1812-0x000001BDC3030000-0x000001BDC303A000-memory.dmp

                                                                Filesize

                                                                40KB

                                                                Download

                                                              • memory/5428-1821-0x000001BDC3990000-0x000001BDC39AA000-memory.dmp

                                                                Filesize

                                                                104KB

                                                                Download

                                                              • memory/5428-1825-0x000001BDDC240000-0x000001BDDC2F2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5428-1856-0x000001BDDC830000-0x000001BDDCD58000-memory.dmp

                                                                Filesize

                                                                5.2MB

                                                                Download

                                                              • memory/5480-1814-0x000001EB1B5B0000-0x000001EB1B5FA000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/5480-1834-0x000001EB33FB0000-0x000001EB34062000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5480-1813-0x000001EB1ABF0000-0x000001EB1AC00000-memory.dmp

                                                                Filesize

                                                                64KB

                                                                Download

                                                              • memory/5480-1818-0x000001EB1B560000-0x000001EB1B57C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/5480-1824-0x000001EB33ED0000-0x000001EB33FAC000-memory.dmp

                                                                Filesize

                                                                880KB

                                                                Download

                                                              • memory/5480-1850-0x000001EB1B580000-0x000001EB1B588000-memory.dmp

                                                                Filesize

                                                                32KB

                                                                Download

                                                              • memory/5652-1802-0x000002034EA30000-0x000002034EA42000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/5652-1860-0x0000020367B80000-0x0000020367B9A000-memory.dmp

                                                                Filesize

                                                                104KB

                                                                Download

                                                              • memory/5652-1849-0x0000020367EE0000-0x0000020367FBC000-memory.dmp

                                                                Filesize

                                                                880KB

                                                                Download

                                                              • memory/5652-1845-0x0000020367D40000-0x0000020367DF2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5652-1805-0x000002034F2B0000-0x000002034F2CC000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/5652-1804-0x0000020367B10000-0x0000020367B5A000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/5876-1829-0x000002B8893E0000-0x000002B8893FC000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/5876-1828-0x000002B8897C0000-0x000002B88980A000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/5876-1859-0x000002B8A2260000-0x000002B8A2310000-memory.dmp

                                                                Filesize

                                                                704KB

                                                                Download

                                                              • memory/5876-1827-0x000002B888F50000-0x000002B888F5C000-memory.dmp

                                                                Filesize

                                                                48KB

                                                                Download

                                                              • memory/5888-1833-0x00000269EA7F0000-0x00000269EA810000-memory.dmp

                                                                Filesize

                                                                128KB

                                                                Download

                                                              • memory/5888-1832-0x00000269EA8B0000-0x00000269EA962000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5888-1830-0x00000269D1790000-0x00000269D17A2000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/5888-1831-0x00000269D20E0000-0x00000269D20F0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                                Download

                                                              • memory/5932-1809-0x0000011F9B820000-0x0000011F9B8D2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download

                                                              • memory/5932-1781-0x0000011F826A0000-0x0000011F826B0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                                Download

                                                              • memory/5932-1799-0x0000011F82ED0000-0x0000011F82EF0000-memory.dmp

                                                                Filesize

                                                                128KB

                                                                Download

                                                              • memory/5932-1815-0x0000011F9B8E0000-0x0000011F9B946000-memory.dmp

                                                                Filesize

                                                                408KB

                                                                Download

                                                              • memory/5932-1823-0x0000011F82F10000-0x0000011F82F24000-memory.dmp

                                                                Filesize

                                                                80KB

                                                                Download

                                                              • memory/6004-1846-0x000001B305020000-0x000001B30503C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/6004-1838-0x000001B31D760000-0x000001B31D7AA000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/6004-1848-0x000001B305070000-0x000001B305088000-memory.dmp

                                                                Filesize

                                                                96KB

                                                                Download

                                                              • memory/6004-1835-0x000001B3046B0000-0x000001B3046E4000-memory.dmp

                                                                Filesize

                                                                208KB

                                                                Download

                                                              • memory/6004-1852-0x000001B31D840000-0x000001B31D88A000-memory.dmp

                                                                Filesize

                                                                296KB

                                                                Download

                                                              • memory/6004-1851-0x000001B305040000-0x000001B30504A000-memory.dmp

                                                                Filesize

                                                                40KB

                                                                Download

                                                              • memory/6084-1840-0x000001D817D20000-0x000001D817D3C000-memory.dmp

                                                                Filesize

                                                                112KB

                                                                Download

                                                              • memory/6084-1836-0x000001D8174E0000-0x000001D8174F2000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/6084-1847-0x000001D830700000-0x000001D8307B2000-memory.dmp

                                                                Filesize

                                                                712KB

                                                                Download