Overview

overview

10

Static

static

10

bc0c575d69...5f.msi

windows7-x64

10

bc0c575d69...5f.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2025, 05:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc0c575d69f00c3ee2314cbb379628b5b6cad499b7db5c6fc60cbfb02257145f.msi

  • Size

    2.9MB

  • MD5

    f08f1cfeb4906ab03141d5fb2ddfa8f8

  • SHA1

    6a57e1496d50b4a7067c661bc6ed1b9ed4910517

  • SHA256

    bc0c575d69f00c3ee2314cbb379628b5b6cad499b7db5c6fc60cbfb02257145f

  • SHA512

    71e063d066b6513da6cc24c8d852812489f1e29b4a381bf0b9f69016b8927852b5f21ae9a7b41f0a0fd63f943c51e536618052f3f6d906bde8fb03d40fa592d8

  • SSDEEP

    49152:Y+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:Y+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\bc0c575d69f00c3ee2314cbb379628b5b6cad499b7db5c6fc60cbfb02257145f.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:220
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2468
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 20919A6FB675FDF737D8FB466D6E3D7E
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4436
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIB41D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240629015 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1368
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIB71C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240629531 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:3928
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIBB82.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240630656 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:5056
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIC74E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240633687 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2212
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding CA28AB8D2F37BBA852F0131E1FA1B003 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1120
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3228
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
              PID:1096
          • C:\Windows\SysWOW64\TaskKill.exe
            "TaskKill.exe" /f /im AteraAgent.exe
            3⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:2252
        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
          "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Q4TE9IAN" /AgentId="f3a051c6-646b-4a2e-82d1-9c137dfaf947"
          2⤵
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Modifies data under HKEY_USERS
          PID:3108
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding D4C67820BD0B1A1E8DD118B47C91C575 E Global\MSI0000
          2⤵
          • Blocklisted process makes network request
          • Drops file in System32 directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Modifies registry class
          PID:4616
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F8D267C9-F6C0-496C-BCAC-13A1CAAFAA4D}
            3⤵
            • Executes dropped EXE
            PID:4596
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0383A79C-EA8B-4F2B-A6DB-9B0E46921085}
            3⤵
            • Executes dropped EXE
            PID:4832
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{689D2A3E-7FBB-4C3F-A379-98E5F46F5B63}
            3⤵
            • Executes dropped EXE
            PID:2064
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D2F2004-89DE-4C33-838F-DB3108F0CD96}
            3⤵
            • Executes dropped EXE
            PID:912
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FACB4842-9E8A-4C50-AA3C-A845543CADEC}
            3⤵
            • Executes dropped EXE
            PID:2164
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{88E8D46F-5485-462F-9BE2-C959A21A3BB3}
            3⤵
            • Executes dropped EXE
            PID:3544
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AAD8A3A9-0890-4643-9E0A-420BB1259CF1}
            3⤵
            • Executes dropped EXE
            PID:3292
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D758AF1-A4B6-41C6-AA33-874F1E84E48B}
            3⤵
            • Executes dropped EXE
            PID:3148
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C8585522-3F1A-461B-BA6E-8EFA66724777}
            3⤵
            • Executes dropped EXE
            PID:4812
          • C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe
            C:\Windows\TEMP\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_is25C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5EB31C45-8A95-43B0-81BF-BC280EDB0DE9}
            3⤵
            • Executes dropped EXE
            PID:1096
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:5000
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRServer.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:1992
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:3312
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRApp.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:4472
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2332
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAppPB.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:2288
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:3572
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRFeature.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:4588
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:912
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRFeatMini.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:764
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:1580
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRManager.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:4576
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2452
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAgent.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:224
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2928
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:2496
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2768
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAudioChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:1876
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:1592
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRVirtualDisplay.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:820
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9DDC43B4-7BCD-48B9-B156-2D9A86F97381}
            3⤵
            • Executes dropped EXE
            PID:4860
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5266CBD7-6889-4BBC-BF7F-25962F69B731}
            3⤵
            • Executes dropped EXE
            PID:4680
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E04CC522-AA70-4B8C-A4D9-C918E6E85819}
            3⤵
            • Executes dropped EXE
            PID:5044
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8DC22AA0-F6B9-482C-8DBB-FA1809CD6A99}
            3⤵
            • Executes dropped EXE
            PID:1096
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{19082ABF-5D44-45F5-A15A-0AE19D30DB32}
            3⤵
            • Executes dropped EXE
            PID:2272
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD344C57-B4E7-4331-9A60-D389A92D5FC8}
            3⤵
            • Executes dropped EXE
            PID:3228
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{93EBB253-0ED2-46BD-8145-7C12ED869F50}
            3⤵
            • Executes dropped EXE
            PID:512
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1ECC91FC-F689-4707-A05C-972647D9B17C}
            3⤵
            • Executes dropped EXE
            PID:3408
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F0A4D7B9-7015-4998-90C7-821D1C9F5E59}
            3⤵
            • Executes dropped EXE
            PID:4832
          • C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
            C:\Windows\TEMP\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CEC40312-75AC-48D1-BCDD-CCC472DD9D33}
            3⤵
            • Executes dropped EXE
            PID:4908
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{29802A11-F2D0-4D69-AAE8-6C1DA5ED45F4}
            3⤵
            • Executes dropped EXE
            PID:3944
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C1194F9B-A103-472F-8291-3F69932B3542}
            3⤵
            • Executes dropped EXE
            PID:3408
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2D1B3CED-59DE-419A-824C-EF529CEC28C7}
            3⤵
            • Executes dropped EXE
            PID:4832
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F7CAB8F1-B9D0-449F-9DF1-598B06A67B00}
            3⤵
            • Executes dropped EXE
            PID:4908
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D23353B5-3C1A-42D8-BE84-56B6D54E678B}
            3⤵
            • Executes dropped EXE
            PID:2320
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{98CAD8E5-824B-4C4B-9C8A-968537F63D25}
            3⤵
            • Executes dropped EXE
            PID:3396
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{40010526-8FEE-4FCE-BE29-C6BCA83220E7}
            3⤵
            • Executes dropped EXE
            PID:4976
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7BA16FE7-0B92-4E0A-A71C-936D75A37377}
            3⤵
            • Executes dropped EXE
            PID:4904
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{84D25E8F-F609-49EB-B8AE-58E5B2326F77}
            3⤵
            • Executes dropped EXE
            PID:764
          • C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe
            C:\Windows\TEMP\{AF56C1B3-3D2D-406C-9EBD-1E4DC795FE96}\_is1809.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E68120D1-5AE8-43E9-B7E4-BE292CF64A63}
            3⤵
            • Executes dropped EXE
            PID:548
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:4672
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:4768
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            PID:4572
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:4940
              • C:\Windows\system32\cmd.exe
                "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
                4⤵
                  PID:3288
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:2896
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{63CCD09F-4A60-45C2-99C0-4B216257B03C}
                3⤵
                • Executes dropped EXE
                PID:4220
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{14D9E378-854C-4956-99DC-26F519FBA289}
                3⤵
                • Executes dropped EXE
                PID:2428
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{92E9F100-2FEA-452C-88D6-71AFB7A74A9F}
                3⤵
                • Executes dropped EXE
                PID:5100
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3E79878F-0AE6-454A-AB3F-1654C7AEF251}
                3⤵
                • Executes dropped EXE
                PID:3292
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C852DCB9-823B-4105-A086-91AB4CC04571}
                3⤵
                • Executes dropped EXE
                PID:1584
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E60853AC-5D34-4EC5-A62A-38BF00458A83}
                3⤵
                • Executes dropped EXE
                PID:4184
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54FC96A5-FA6D-4AD0-BC2B-0A2C6B6A156F}
                3⤵
                • Executes dropped EXE
                PID:948
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B6A7177D-0342-4F3C-B371-3A196CC26AA1}
                3⤵
                • Executes dropped EXE
                PID:4508
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B966A74E-EDCE-4881-BC91-F9FA9B48E969}
                3⤵
                • Executes dropped EXE
                PID:4936
              • C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe
                C:\Windows\TEMP\{C1E4EFAC-D1DF-494A-9CD0-6CB7C040C84E}\_is2A4B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{62DF1D1C-D496-40F9-93D6-4402D047812E}
                3⤵
                • Executes dropped EXE
                PID:4904
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                PID:3424
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76B7DB06-AA0A-4E64-A677-32D997443D3F}
                3⤵
                • Executes dropped EXE
                PID:4860
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9C6928AE-3A61-495E-BC96-A745E404D035}
                3⤵
                • Executes dropped EXE
                PID:4948
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{51953BCF-1FD2-43DC-8563-519946C1C8F2}
                3⤵
                • Executes dropped EXE
                PID:4436
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7F1CED74-E3CA-4817-AA8C-3550433F4ED9}
                3⤵
                • Executes dropped EXE
                PID:948
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{06027477-5CCF-481A-B498-8194336018ED}
                3⤵
                • Executes dropped EXE
                PID:516
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FDF8888E-6DCE-43A0-B2E7-912A6C3A9606}
                3⤵
                • Executes dropped EXE
                PID:1360
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A841D900-ECF9-41E3-BFE5-82F47D9741FD}
                3⤵
                • Executes dropped EXE
                PID:1412
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA741710-D400-435C-B557-D6967133D6A1}
                3⤵
                • Executes dropped EXE
                PID:820
              • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5CBE1742-808A-4589-BF0A-FE1ABF046AC9}
                3⤵
                  PID:4184
                • C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe
                  C:\Windows\TEMP\{A9163546-3EE3-41BC-92A2-E536C881F657}\_is2C50.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B116BEC-8BA2-4A4F-A99B-8BB6C55CB3BE}
                  3⤵
                    PID:548
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:3268
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 2E111FA6810682358FF019CE654C9096 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:5712
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI8E72.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240684718 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                    3⤵
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5800
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI8F4E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240684859 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5880
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI922D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240685593 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                    3⤵
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5292
                  • C:\Windows\SysWOW64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:5604
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:3948
                  • C:\Windows\SysWOW64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:6128
                  • C:\Windows\syswow64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                      PID:5956
                      • C:\Windows\SysWOW64\net1.exe
                        C:\Windows\system32\net1 STOP AteraAgent
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:5804
                    • C:\Windows\syswow64\TaskKill.exe
                      "TaskKill.exe" /f /im AteraAgent.exe
                      3⤵
                      • System Location Discovery: System Language Discovery
                      • Kills process with taskkill
                      PID:1628
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe "C:\Windows\Installer\MSIB270.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240693843 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                      3⤵
                      • Blocklisted process makes network request
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      PID:6084
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                    2⤵
                    • Drops file in System32 directory
                    PID:5168
                  • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="2092aaee-a136-4d41-9f27-f5334e3d6870"
                    2⤵
                      PID:4620
                    • C:\Windows\syswow64\MsiExec.exe
                      C:\Windows\syswow64\MsiExec.exe -Embedding 0C1A1C7DF11294AC446382A621B10DE0 E Global\MSI0000
                      2⤵
                      • System Location Discovery: System Language Discovery
                      PID:5680
                    • C:\Windows\syswow64\MsiExec.exe
                      C:\Windows\syswow64\MsiExec.exe -Embedding 4DBBE603AA00C934B4A024D475ABCD06 E Global\MSI0000
                      2⤵
                      • System Location Discovery: System Language Discovery
                      PID:1604
                    • C:\Windows\syswow64\MsiExec.exe
                      C:\Windows\syswow64\MsiExec.exe -Embedding 88A9CD25F038CFC3A92AD192D105689D E Global\MSI0000
                      2⤵
                      • System Location Discovery: System Language Discovery
                      PID:5560
                  • C:\Windows\system32\vssvc.exe
                    C:\Windows\system32\vssvc.exe
                    1⤵
                    • Checks SCSI registry key(s)
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1656
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                    1⤵
                    • Drops file in System32 directory
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Modifies system certificate store
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:4676
                    • C:\Windows\System32\sc.exe
                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      2⤵
                      • Launches sc.exe
                      PID:4092
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "3ec3177c-67ce-464a-9ae3-c92e1a01a6f4" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q4TE9IAN
                      2⤵
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2400
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "935f77f4-fe53-4b63-b8f8-26ef42a1b5ca" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Q4TE9IAN
                      2⤵
                      • Executes dropped EXE
                      PID:3236
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "af7305a0-5721-4524-9ec8-b6f15d5442f1" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q4TE9IAN
                      2⤵
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1320
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "bcaca75c-1fef-406f-8e8c-f5681669bcb4" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Q4TE9IAN
                      2⤵
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:224
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                        3⤵
                        • Drops file in System32 directory
                        • Command and Scripting Interpreter: PowerShell
                        • Modifies data under HKEY_USERS
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1492
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        3⤵
                        • Suspicious use of WriteProcessMemory
                        PID:5056
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          PID:2928
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "b939164f-5e1e-4459-8906-dcedf6da1aa6" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Q4TE9IAN
                      2⤵
                      • Downloads MZ/PE file
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:1156
                      • C:\Windows\TEMP\SplashtopStreamer.exe
                        "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                        3⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of SetWindowsHookEx
                        • Suspicious use of WriteProcessMemory
                        PID:3252
                        • C:\Windows\Temp\unpack\PreVerCheck.exe
                          "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                          4⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of WriteProcessMemory
                          PID:1796
                          • C:\Windows\SysWOW64\msiexec.exe
                            msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                            5⤵
                            • System Location Discovery: System Language Discovery
                            PID:2056
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "68c944df-2571-490f-a093-ea90b358d88a" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Q4TE9IAN
                      2⤵
                      • Drops file in System32 directory
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:5032
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                    1⤵
                    • Drops file in Program Files directory
                    • Executes dropped EXE
                    • Modifies data under HKEY_USERS
                    • Suspicious use of WriteProcessMemory
                    PID:1488
                    • C:\Windows\System32\sc.exe
                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                      2⤵
                      • Launches sc.exe
                      PID:2272
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "3e154077-5875-4433-82d7-b72ede9d9991" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Q4TE9IAN
                      2⤵
                      • Drops file in Program Files directory
                      • Modifies data under HKEY_USERS
                      PID:3992
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                        3⤵
                        • Command and Scripting Interpreter: PowerShell
                        • Modifies data under HKEY_USERS
                        PID:4320
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        3⤵
                          PID:3552
                          • C:\Windows\system32\cscript.exe
                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                            4⤵
                            • Modifies data under HKEY_USERS
                            PID:2812
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "da03925e-a605-40ff-962e-68a229e796da" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Q4TE9IAN
                        2⤵
                        • Drops file in System32 directory
                        • Modifies registry class
                        PID:3460
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "b906c715-0559-4802-ae28-381a3ccae539" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Q4TE9IAN
                        2⤵
                          PID:1096
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "3ac31ef6-bc56-4e86-a6a8-f1a9d49c7981" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Q4TE9IAN
                          2⤵
                          • Drops file in System32 directory
                          PID:4852
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "6e786a1d-5163-4b6f-8478-4b90ffd152f5" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Q4TE9IAN
                          2⤵
                          • Writes to the Master Boot Record (MBR)
                          PID:1496
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "4b968274-34e8-432f-a327-089beb45da6c" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Q4TE9IAN
                          2⤵
                          • Drops file in System32 directory
                          PID:2832
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "a0971efb-20ed-41bb-b17a-11dd603c7808" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Q4TE9IAN
                          2⤵
                          • Downloads MZ/PE file
                          PID:1004
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:316
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:4020
                          • C:\Program Files\dotnet\dotnet.exe
                            "C:\Program Files\dotnet\dotnet" --list-runtimes
                            3⤵
                            • System Time Discovery
                            PID:4072
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:5544
                            • C:\Windows\Temp\{416FC3BF-AFF0-4092-B4E1-15E3794097AA}\.cr\8-0-11.exe
                              "C:\Windows\Temp\{416FC3BF-AFF0-4092-B4E1-15E3794097AA}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=584 -burn.filehandle.self=724 /repair /quiet /norestart
                              4⤵
                              • System Location Discovery: System Language Discovery
                              • System Time Discovery
                              PID:6124
                              • C:\Windows\Temp\{D427BD6C-A5D2-4B38-8737-8B22BC07B93F}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                "C:\Windows\Temp\{D427BD6C-A5D2-4B38-8737-8B22BC07B93F}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{E406A107-CB2A-4E5B-A485-78ADAD44730C} {09F86B46-5FDB-4353-B363-0D661D2043E3} 6124
                                5⤵
                                • Adds Run key to start application
                                • System Location Discovery: System Language Discovery
                                • System Time Discovery
                                • Modifies registry class
                                PID:6128
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:4888
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:5436
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:5892
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:5124
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "3d39266b-c016-4222-a783-bc0c08235ea8" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Q4TE9IAN
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:3704
                          • C:\Windows\SYSTEM32\msiexec.exe
                            "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                            3⤵
                            • Modifies data under HKEY_USERS
                            PID:5656
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "d4e01208-68ac-497f-89ed-d5fffa063ebf" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Q4TE9IAN
                          2⤵
                            PID:3576
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=5bf257123777a076dda6193081f87532&rmm_session_pwd_ttl=86400"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:3216
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "4eb2936c-af7c-4feb-a8bc-3430a078d744" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Q4TE9IAN
                            2⤵
                            • Drops file in System32 directory
                            PID:5132
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "7e752675-d830-467d-8930-a63aa15b2f7f" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q4TE9IAN
                            2⤵
                            • Drops file in System32 directory
                            PID:5192
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "9d61b08e-4ab6-4fb7-90ae-4cc0b3e7121f" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Q4TE9IAN
                            2⤵
                            • Drops file in System32 directory
                            PID:5488
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "96f3ed24-e50d-46db-b10e-8e049c16efb6" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Q4TE9IAN
                            2⤵
                              PID:6112
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "b6884605-7c2f-4b01-af2e-db08c7d94ddb" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Q4TE9IAN
                              2⤵
                                PID:5224
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "3738f313-88d5-4521-b94d-ab828f205628" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Q4TE9IAN
                                2⤵
                                • Drops file in System32 directory
                                • Drops file in Program Files directory
                                PID:1700
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                              1⤵
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2712
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                2⤵
                                • Drops file in System32 directory
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Modifies data under HKEY_USERS
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1444
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                  -h
                                  3⤵
                                  • Loads dropped DLL
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2508
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                  3⤵
                                  • Loads dropped DLL
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4940
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                    4⤵
                                      PID:2164
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of SetWindowsHookEx
                                    PID:452
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:4184
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                      SRUtility.exe -r
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:1864
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of SetWindowsHookEx
                                    PID:4504
                                    • C:\Windows\System32\cmd.exe
                                      "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                      4⤵
                                        PID:5648
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c ver
                                          5⤵
                                            PID:5620
                                          • C:\Windows\system32\sc.exe
                                            sc query ddmgr
                                            5⤵
                                            • Launches sc.exe
                                            PID:5236
                                          • C:\Windows\system32\sc.exe
                                            sc query lci_proxykmd
                                            5⤵
                                            • Launches sc.exe
                                            PID:3228
                                          • C:\Windows\system32\rundll32.exe
                                            rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                            5⤵
                                            • Drops file in System32 directory
                                            • Checks SCSI registry key(s)
                                            • Modifies data under HKEY_USERS
                                            PID:5624
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                    1⤵
                                    • Drops file in Windows directory
                                    • Checks SCSI registry key(s)
                                    PID:5616
                                    • C:\Windows\system32\DrvInst.exe
                                      DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                      2⤵
                                      • Drops file in System32 directory
                                      • Drops file in Windows directory
                                      • Checks SCSI registry key(s)
                                      • Modifies data under HKEY_USERS
                                      PID:5536
                                    • C:\Windows\system32\DrvInst.exe
                                      DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000158" "WinSta0\Default" "000000000000015C" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                      2⤵
                                      • Drops file in System32 directory
                                      • Drops file in Windows directory
                                      • Checks SCSI registry key(s)
                                      • Modifies data under HKEY_USERS
                                      PID:680
                                    • C:\Windows\system32\DrvInst.exe
                                      DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000158"
                                      2⤵
                                      • Drops file in Drivers directory
                                      • Drops file in System32 directory
                                      • Drops file in Windows directory
                                      • Checks SCSI registry key(s)
                                      PID:1888
                                    • C:\Windows\system32\DrvInst.exe
                                      DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                      2⤵
                                      • Drops file in Drivers directory
                                      • Drops file in Windows directory
                                      • Checks SCSI registry key(s)
                                      PID:5688
                                  • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                    "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                    1⤵
                                    • Drops file in Program Files directory
                                    • Modifies data under HKEY_USERS
                                    PID:184
                                    • C:\Windows\System32\sc.exe
                                      "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                      2⤵
                                      • Launches sc.exe
                                      PID:5312
                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "5daaff3a-dc1e-45d1-9231-11d784fb86f3" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Q4TE9IAN
                                      2⤵
                                        PID:4232
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "8c4c7a00-d568-4628-8ab0-8fa4efdc4d29" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Q4TE9IAN
                                        2⤵
                                          PID:5408
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "b0f67764-9c57-474e-904e-cd7563afddbe" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Q4TE9IAN
                                          2⤵
                                            PID:4016
                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                              3⤵
                                              • Drops file in System32 directory
                                              • Command and Scripting Interpreter: PowerShell
                                              • Modifies data under HKEY_USERS
                                              PID:812
                                            • C:\Windows\System32\cmd.exe
                                              "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                              3⤵
                                                PID:3544
                                                • C:\Windows\system32\cscript.exe
                                                  cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                  4⤵
                                                  • Modifies data under HKEY_USERS
                                                  PID:2896
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "0a12ab4d-821a-4cd0-9f7a-c589c173d46c" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q4TE9IAN
                                              2⤵
                                                PID:1788
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "beaa859f-5a38-4978-834b-fc9351a926c5" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Q4TE9IAN
                                                2⤵
                                                  PID:512
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "e0d02355-c18b-40f1-9241-b4ab169935b8" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Q4TE9IAN
                                                  2⤵
                                                    PID:2480
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "69d4e54e-7f6e-48c9-8017-d6763f2a4fe2" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Q4TE9IAN
                                                    2⤵
                                                      PID:5260
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "3c52ab23-5e0e-4c8f-88e8-b09492b385fa" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Q4TE9IAN
                                                      2⤵
                                                      • Writes to the Master Boot Record (MBR)
                                                      PID:1244
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "dc426108-cf5d-4772-8b29-4690e5bc96c7" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Q4TE9IAN
                                                      2⤵
                                                        PID:5872
                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=5bf257123777a076dda6193081f87532&rmm_session_pwd_ttl=86400"
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:1360
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "4c7eb879-3e6b-4e78-96e0-c75caab4d19e" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Q4TE9IAN
                                                        2⤵
                                                          PID:5328
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "0a769980-051c-4f7f-9a5d-5fd179ce5963" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Q4TE9IAN
                                                          2⤵
                                                            PID:5924
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "a356b62a-c12a-41ff-8add-2aab9c2a1168" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Q4TE9IAN
                                                            2⤵
                                                              PID:1412
                                                              • C:\Windows\SYSTEM32\cmd.exe
                                                                "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                3⤵
                                                                • System Time Discovery
                                                                PID:820
                                                                • C:\Program Files\dotnet\dotnet.exe
                                                                  dotnet --list-runtimes
                                                                  4⤵
                                                                  • System Time Discovery
                                                                  PID:2852
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "548ba8ce-dbac-4651-b9f0-863cd4435aa7" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Q4TE9IAN
                                                              2⤵
                                                                PID:3924
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "00bda0b0-6bbb-4199-bd3b-a6efe9735a2d" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Q4TE9IAN
                                                                2⤵
                                                                  PID:6096
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "5c97094e-5c89-46d5-a892-2711b1676181" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Q4TE9IAN
                                                                  2⤵
                                                                    PID:1740
                                                                    • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                      "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "f3a051c6-646b-4a2e-82d1-9c137dfaf947" "5c97094e-5c89-46d5-a892-2711b1676181" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000Q4TE9IAN"
                                                                      3⤵
                                                                        PID:5872
                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" f3a051c6-646b-4a2e-82d1-9c137dfaf947 "0a12ab4d-821a-4cd0-9f7a-c589c173d46c" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q4TE9IAN
                                                                      2⤵
                                                                        PID:5144

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v15

                                                                    Reconnaissance

                                                                    Resource Development

                                                                    Initial Access

                                                                    Execution

                                                                    Command and Scripting Interpreter

                                                                    1
                                                                    T1059

                                                                    PowerShell

                                                                    1
                                                                    T1059.001

                                                                    Persistence

                                                                    Boot or Logon Autostart Execution

                                                                    1
                                                                    T1547

                                                                    Registry Run Keys / Startup Folder

                                                                    1
                                                                    T1547.001

                                                                    Event Triggered Execution

                                                                    2
                                                                    T1546

                                                                    Component Object Model Hijacking

                                                                    1
                                                                    T1546.015

                                                                    Installer Packages

                                                                    1
                                                                    T1546.016

                                                                    Pre-OS Boot

                                                                    1
                                                                    T1542

                                                                    Bootkit

                                                                    1
                                                                    T1542.003

                                                                    Privilege Escalation

                                                                    Boot or Logon Autostart Execution

                                                                    1
                                                                    T1547

                                                                    Registry Run Keys / Startup Folder

                                                                    1
                                                                    T1547.001

                                                                    Event Triggered Execution

                                                                    2
                                                                    T1546

                                                                    Component Object Model Hijacking

                                                                    1
                                                                    T1546.015

                                                                    Installer Packages

                                                                    1
                                                                    T1546.016

                                                                    Defense Evasion

                                                                    Modify Registry

                                                                    2
                                                                    T1112

                                                                    Pre-OS Boot

                                                                    1
                                                                    T1542

                                                                    Bootkit

                                                                    1
                                                                    T1542.003

                                                                    Subvert Trust Controls

                                                                    1
                                                                    T1553

                                                                    Install Root Certificate

                                                                    1
                                                                    T1553.004

                                                                    System Binary Proxy Execution

                                                                    1
                                                                    T1218

                                                                    Msiexec

                                                                    1
                                                                    T1218.007

                                                                    Credential Access

                                                                    Discovery

                                                                    Peripheral Device Discovery

                                                                    2
                                                                    T1120

                                                                    Query Registry

                                                                    4
                                                                    T1012

                                                                    System Information Discovery

                                                                    3
                                                                    T1082

                                                                    System Location Discovery

                                                                    1
                                                                    T1614

                                                                    System Language Discovery

                                                                    1
                                                                    T1614.001

                                                                    System Time Discovery

                                                                    1
                                                                    T1124

                                                                    Lateral Movement

                                                                    Collection

                                                                    Command and Control

                                                                    Exfiltration

                                                                    Impact

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Config.Msi\e57b392.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      e80b98529cc925bc5c791dbdacf65e96

                                                                      SHA1

                                                                      f98d934b224535a745f96e3ac421ad901c328568

                                                                      SHA256

                                                                      1fee8b4d2a7d848c0f649fd0cd9702415b4260fa5d4b579446cd015a918e4728

                                                                      SHA512

                                                                      7c5829a06b482b53d5148471d074559add5fa06e7b71fedae9fddb8deaec746041f5a57282b5d4df64c23a31fa12c18eaa96f16c2b0aa4dcf2fde7a1f0907a87

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b397.rbs
                                                                      Filesize

                                                                      74KB

                                                                      MD5

                                                                      7127ded07f37f1a0eed636ce9525e7ad

                                                                      SHA1

                                                                      f556c8238735d503e6d571b58088ecc2e5144534

                                                                      SHA256

                                                                      137b447271fe6a3ab17fb2c969ca4709ddea35d7abe014771f85c563d8294ae9

                                                                      SHA512

                                                                      e0978a3b05c19c0bcd613eb5db8e5549711648a9d8534c0ecc5d731b3fa673a95764892b27d160104377cb6b4cca995bf8440d08c215ba9b7d6c39404d7a5964

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b399.rbs
                                                                      Filesize

                                                                      464B

                                                                      MD5

                                                                      94ea92f23d6d03b4e80e1cf325ccaf48

                                                                      SHA1

                                                                      28741618775606736e41b887f2bebbb380de2661

                                                                      SHA256

                                                                      9a308b8e483bdf595a269d5d5c2658cc3356b036141b15815f4de2f5b96652a1

                                                                      SHA512

                                                                      b310c13529ccdd56a9909c3398df15d17d452dd139c120bfea45080bd13a562d86d477de7c6c76e842a3688b5551a1e2e489f540cbc8863502267d68de20300e

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b39f.rbs
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      9b71039028250399461db7ff6a636b42

                                                                      SHA1

                                                                      4a78bbdd638fa786b3972a40918aea0c7551046e

                                                                      SHA256

                                                                      119e65fa64ae4979604ec73897a993b2c13bbf6f2dc5e5d5a96011b195332d5e

                                                                      SHA512

                                                                      12ee607e5777416ccc94eb457fd8c76fc443e9787cba3ca285bbb4b24a1e7bd92dca0b1dc145909c9f6fd1145408e711e5a3bb37cee88cc4f82f5d0079feb52d

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b3a7.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      1bc01945c5b5d026259eb51968b306e5

                                                                      SHA1

                                                                      92aa1193197f4f34c27969d121229fdf6812e8e8

                                                                      SHA256

                                                                      2aa58d412c70118551c1903aa88d161c53641729f94b479d185afac06ea1fcf4

                                                                      SHA512

                                                                      24c0e20f7957f1a4043d243aa59915b107063bf30137e6b0431e6839958f3d87eeff22b6c9e216d5047a4bb031e272b5e66b0ceb378dded8e61e27117cbb4004

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b3ac.rbs
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      5003d11677b3e252840913e85af79eb1

                                                                      SHA1

                                                                      2e348035e7a721e379c2d85b89a5a733f33072cf

                                                                      SHA256

                                                                      7a98d83ec10bf687e0302101770b8398e32a3ee449d95c1a2c6d3fed630f1f4b

                                                                      SHA512

                                                                      21c4948c83735e8dec3db50b384eec8137784518f8b8fd3b6f931f081c74bd59548005abbc4a347c1a8b9f72d3fa52c2ceab5960dbd5b8aa0ba8ce07125af966

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b3b1.rbs
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      0fc40d6eed6f8eadd9313053f43af33f

                                                                      SHA1

                                                                      441bd455395a1beea9d164b80e6bdf2578cc5623

                                                                      SHA256

                                                                      c88a89bd18c6907dd44ccf1039e21deedb8722f317d15eaa54e6461af1fe4f99

                                                                      SHA512

                                                                      83ccefb02519f2e355050647a22a9de7aa4eecf11349e055f6e5f07115c456d73bf7f984c5174de4b8f75d230b130e5750ce8ced63f995cffcf616877caf4744

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b3b6.rbs
                                                                      Filesize

                                                                      11KB

                                                                      MD5

                                                                      22bfb4bf96228707abd3a1c5497a3fd4

                                                                      SHA1

                                                                      bb2b625a8064b927f691d6c3952e552bc48cb7d9

                                                                      SHA256

                                                                      660fd038dde45a9e5b09f1df103e68323e21441a160360c9449b2c865a37eb0d

                                                                      SHA512

                                                                      206c3af575f0c857d10a909368c574094b4307f17b23179f4a6faee66d62305ec67a739424f2afe6504b53cf00481af762c8ed30b0ac6a91eb29a60c2e2785ed

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b3bb.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      75b1f1d566f397f92cf8b6eafbd3c015

                                                                      SHA1

                                                                      6b1f487a4f188e0a1e1a0e8c3ae9a91da5c2650c

                                                                      SHA256

                                                                      2d6399304f891bace44f0f3055c608513b825abf339df1865581052b015aeb8d

                                                                      SHA512

                                                                      bc8082ec2387c0660fa308b16165e6929e625d97affd842f371649d2a1ea9febea8c5d05794e56c56664a69a2dcb2c51fd49cfb08c3eb8c1f6e1521ed4719829

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b3bc.rbf
                                                                      Filesize

                                                                      143KB

                                                                      MD5

                                                                      33b4c87f18b4c49114d7a8980241657a

                                                                      SHA1

                                                                      254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                      SHA256

                                                                      587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                      SHA512

                                                                      42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57b3bd.rbf
                                                                      Filesize

                                                                      3B

                                                                      MD5

                                                                      21438ef4b9ad4fc266b6129a2f60de29

                                                                      SHA1

                                                                      5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                      SHA256

                                                                      13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                      SHA512

                                                                      37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                      Filesize

                                                                      142KB

                                                                      MD5

                                                                      477293f80461713d51a98a24023d45e8

                                                                      SHA1

                                                                      e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                      SHA256

                                                                      a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                      SHA512

                                                                      23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      b3bb71f9bb4de4236c26578a8fae2dcd

                                                                      SHA1

                                                                      1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                      SHA256

                                                                      e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                      SHA512

                                                                      fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                      Filesize

                                                                      210KB

                                                                      MD5

                                                                      c106df1b5b43af3b937ace19d92b42f3

                                                                      SHA1

                                                                      7670fc4b6369e3fb705200050618acaa5213637f

                                                                      SHA256

                                                                      2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                      SHA512

                                                                      616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      693KB

                                                                      MD5

                                                                      2c4d25b7fbd1adfd4471052fa482af72

                                                                      SHA1

                                                                      fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                      SHA256

                                                                      2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                      SHA512

                                                                      f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                      Filesize

                                                                      146KB

                                                                      MD5

                                                                      8d477b63bc5a56ae15314bda8dea7a3a

                                                                      SHA1

                                                                      3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                      SHA256

                                                                      9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                      SHA512

                                                                      44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                      Filesize

                                                                      145KB

                                                                      MD5

                                                                      2b9beb2fdbc41afc48d68d32ef41dd08

                                                                      SHA1

                                                                      4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                      SHA256

                                                                      977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                      SHA512

                                                                      3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                      Filesize

                                                                      51KB

                                                                      MD5

                                                                      3180c705182447f4bcc7ce8e2820b25d

                                                                      SHA1

                                                                      ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                      SHA256

                                                                      5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                      SHA512

                                                                      228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      1e065e191e89cc811ff49c96fa8fa5e6

                                                                      SHA1

                                                                      bc50ff2a20a8b83683583684fcac640a91689ed4

                                                                      SHA256

                                                                      d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                                                      SHA512

                                                                      5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                      Filesize

                                                                      247KB

                                                                      MD5

                                                                      aa5cf64d575b7544eefd77f256c4dc57

                                                                      SHA1

                                                                      bd23989db4f9af0aae34d032e817d802c06ca5a9

                                                                      SHA256

                                                                      79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                                                      SHA512

                                                                      774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                      Filesize

                                                                      546B

                                                                      MD5

                                                                      158fb7d9323c6ce69d4fce11486a40a1

                                                                      SHA1

                                                                      29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                                      SHA256

                                                                      5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                                      SHA512

                                                                      7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                      Filesize

                                                                      94KB

                                                                      MD5

                                                                      c69c7690482c75a8fc70df2990d7afc6

                                                                      SHA1

                                                                      79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

                                                                      SHA256

                                                                      580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

                                                                      SHA512

                                                                      ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      688KB

                                                                      MD5

                                                                      111e2e63bccead95bb5ffc53c9282070

                                                                      SHA1

                                                                      eaae7df21e291aa089bc101b1e265ca202be1225

                                                                      SHA256

                                                                      9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

                                                                      SHA512

                                                                      ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                      Filesize

                                                                      27KB

                                                                      MD5

                                                                      797c9554ec56fd72ebb3f6f6bef67fb5

                                                                      SHA1

                                                                      40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                      SHA256

                                                                      7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                      SHA512

                                                                      4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                      Filesize

                                                                      214KB

                                                                      MD5

                                                                      01807774f043028ec29982a62fa75941

                                                                      SHA1

                                                                      afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                      SHA256

                                                                      9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                      SHA512

                                                                      33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                      Filesize

                                                                      37KB

                                                                      MD5

                                                                      efb4712c8713cb05eb7fe7d87a83a55a

                                                                      SHA1

                                                                      c94d106bba77aecf88540807da89349b50ea5ae7

                                                                      SHA256

                                                                      30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                      SHA512

                                                                      3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                      Filesize

                                                                      3.4MB

                                                                      MD5

                                                                      93e4c198656fc267f392de11dee01cd0

                                                                      SHA1

                                                                      e92cb59486745ee7564f5b374e790a065e1f4678

                                                                      SHA256

                                                                      88b220f9f9bf25f856dda714aa1a1ae998720780cd3ec5b968154e03834fa965

                                                                      SHA512

                                                                      3a04a02982dbbbb9d54b6c5674f2f2c10e0cbce580e3974cd924cc9131cd94aece71c7b975c9abaae82f057c70243fb016d31339e8700c96bd55c434bb98105f

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                      Filesize

                                                                      397KB

                                                                      MD5

                                                                      810f893e58861909b134fa72e3bc90cd

                                                                      SHA1

                                                                      524977f32836634132d23997b23304574d8d156a

                                                                      SHA256

                                                                      b83b6c1f64b6700d7444586a6214858a1479c58571f5e7bf4f023166c9016733

                                                                      SHA512

                                                                      db463d34a37403a9248d463ae63989b40a0172d9543bda922dacb10a624eb603700628a67d9c86df2605c36d789902ec79228aa29f26c49be0195c54a9e4a191

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      856da6c0926c8aac92a9b8641656435d

                                                                      SHA1

                                                                      81d49e0980d1d17efc1413a813bd3653e8a38411

                                                                      SHA256

                                                                      07b1165234560a973ae686d85d64e82506760b980db1ffa8ee164dc0ff852a3c

                                                                      SHA512

                                                                      cc71bcddc3be879fe146b8efd242fd80194457e1efe6add58368de758e261d6a1bd7e906d5f3e0a5e265117692899f3c1554fd639c484e54bc71ecd50153f26a

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                      Filesize

                                                                      197KB

                                                                      MD5

                                                                      d0d21e16e57a1a73056eae228da1e287

                                                                      SHA1

                                                                      ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                                      SHA256

                                                                      3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                                      SHA512

                                                                      470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                                      Filesize

                                                                      56KB

                                                                      MD5

                                                                      d0aa95693d78fd438552bd9df01fec78

                                                                      SHA1

                                                                      0e7173c1af5d5543d5a41aed690e59f3ae4bb0b9

                                                                      SHA256

                                                                      11201ece7c3ee4bbcde0b84a2bc7c251ef57fce5200b2a1ae437fc959c7ad8a7

                                                                      SHA512

                                                                      7b48864e72627bb51063ea49f6459eb6c05baa64066d8e6c85f2ff7b7de26b633ff973e2a830da63b6824eaea65690e3f6b29af8adbc0c24724016a8764f3b15

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      9d1528a2ce17522f6de064ae2c2b608e

                                                                      SHA1

                                                                      2f1ce8b589e57ab300bb93dde176689689f75114

                                                                      SHA256

                                                                      11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                                      SHA512

                                                                      a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.1700.update
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      14ffcf07375b3952bd3f2fe52bb63c14

                                                                      SHA1

                                                                      ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                                      SHA256

                                                                      6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                                      SHA512

                                                                      14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      aab95b9fd77a74fe110629a9ef4a6286

                                                                      SHA1

                                                                      0bd223208bc73eadaecfabc978d071810295f916

                                                                      SHA256

                                                                      40ee292ac8189306925df3a7ddc1097018c436b99d2aecb7e102692afebafc16

                                                                      SHA512

                                                                      ce18ccd3c430c0bc023dad593c446e215f533e5e6a7c82faff9ba3c36e2f453137e8fce4df27f83d7007c185deccfa1e669e5374714367de3ff91fa7afc71139

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                                      Filesize

                                                                      2B

                                                                      MD5

                                                                      81051bcc2cf1bedf378224b0a93e2877

                                                                      SHA1

                                                                      ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                                      SHA256

                                                                      7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                                      SHA512

                                                                      1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                      Filesize

                                                                      54KB

                                                                      MD5

                                                                      77c613ffadf1f4b2f50d31eeec83af30

                                                                      SHA1

                                                                      76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                                      SHA256

                                                                      2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                                      SHA512

                                                                      29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                      Filesize

                                                                      333KB

                                                                      MD5

                                                                      745714d838c4d4f88c6e0db6a434f444

                                                                      SHA1

                                                                      90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                      SHA256

                                                                      e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                      SHA512

                                                                      08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                      Filesize

                                                                      70KB

                                                                      MD5

                                                                      e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                      SHA1

                                                                      22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                      SHA256

                                                                      bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                      SHA512

                                                                      00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                      Filesize

                                                                      50KB

                                                                      MD5

                                                                      5bb0687e2384644ea48f688d7e75377b

                                                                      SHA1

                                                                      44e4651a52517570894cfec764ec790263b88c4a

                                                                      SHA256

                                                                      963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                      SHA512

                                                                      260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                      Filesize

                                                                      32KB

                                                                      MD5

                                                                      2ec1d28706b9713026e8c6814e231d7c

                                                                      SHA1

                                                                      7ef12a01182d28a5ebf049cc1cb80619cd1e391a

                                                                      SHA256

                                                                      c9514bf67df87ac6cc1002f3585d5b6f7d4093a7a794d524fa8c635f052733de

                                                                      SHA512

                                                                      9e23588dc6d721f42e309974c3f3089f845f10d1dee87fb26213ba3810ee3c272d758632cf1c9157f6862ba0e582afc49c1ee51540461f41840650f216f35aeb

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                      Filesize

                                                                      59KB

                                                                      MD5

                                                                      26c25e48b69eb8df7d6cea01fd66f3df

                                                                      SHA1

                                                                      d70e92a8b8d358c7a2e200b11e23703cf43d93e9

                                                                      SHA256

                                                                      f6da2cc4a4ca0a4cff92a2c9f61e546255bfe9d02eb1087a033b1a45e06fec87

                                                                      SHA512

                                                                      6414db6ba626fe4b39155052638a15707cf60836056560fceeb5a1ea8faee1bee830840900f1635ff5a0ce1d271f73062660bd0ec582815e0bc56f4997a45feb

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                      Filesize

                                                                      588KB

                                                                      MD5

                                                                      17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                      SHA1

                                                                      bc0316e11c119806907c058d62513eb8ce32288c

                                                                      SHA256

                                                                      13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                      SHA512

                                                                      f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                      Filesize

                                                                      217B

                                                                      MD5

                                                                      ceaa487b52ef14edd6eb9c4fa60f54f4

                                                                      SHA1

                                                                      134216b06c22adc63cc94b18b23ed2f84d710e54

                                                                      SHA256

                                                                      0c78789b73f439e1a8087edf74904a052e8f6ce4ff9a2109af2d86aaafe58c94

                                                                      SHA512

                                                                      211531fe3e35aa100da643f996cb6701cfb93e22ba6e7667fd2b7a54d7915c5d686408c8d4d9387107aa6daf4ef89c8c19321e2aa1d9ca58d1412ff058175f9c

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      1ef7574bc4d8b6034935d99ad884f15b

                                                                      SHA1

                                                                      110709ab33f893737f4b0567f9495ac60c37667c

                                                                      SHA256

                                                                      0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                      SHA512

                                                                      947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      f512536173e386121b3ebd22aac41a4e

                                                                      SHA1

                                                                      74ae133215345beaebb7a95f969f34a40dda922a

                                                                      SHA256

                                                                      a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                      SHA512

                                                                      1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                      Filesize

                                                                      76KB

                                                                      MD5

                                                                      b40fe65431b18a52e6452279b88954af

                                                                      SHA1

                                                                      c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                      SHA256

                                                                      800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                      SHA512

                                                                      e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                      Filesize

                                                                      80KB

                                                                      MD5

                                                                      3904d0698962e09da946046020cbcb17

                                                                      SHA1

                                                                      edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                      SHA256

                                                                      a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                      SHA512

                                                                      c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                      Filesize

                                                                      96KB

                                                                      MD5

                                                                      ab083e58b7e2ae0d16df8d88e1f954a6

                                                                      SHA1

                                                                      66c49df9cf99c0ce8ad72c1592a30d6a73148565

                                                                      SHA256

                                                                      1b55cb7cb1ac117ddab2be9eed5ed91e82c097b5c840f62fa0cda171d4434b7a

                                                                      SHA512

                                                                      be8f62487efe74449578d9bc4955aed07777cc220ed62c9b908c88f713c95d1d5e5822a3bc2e10d3b8d33ea529e07c70ff3a625539a9f12f2b1d5998dce11fb7

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                      Filesize

                                                                      433B

                                                                      MD5

                                                                      cf5f69533151675ab4f248fbc8cdedeb

                                                                      SHA1

                                                                      eb736e17118ac79e341b49eb29ea04433e65e66f

                                                                      SHA256

                                                                      e774620005d8e57306dcad1f2b427044f0be3da21897de56258fed1f8c565486

                                                                      SHA512

                                                                      e9954bab77bc76a3b85bcd988f05356c8dfa1f109c5fd58e5f2d214ed266ddbc520159a416fbfb0a4e24133b143e873ee3d9e88d62db4c486403215d76394f84

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      362ce475f5d1e84641bad999c16727a0

                                                                      SHA1

                                                                      6b613c73acb58d259c6379bd820cca6f785cc812

                                                                      SHA256

                                                                      1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                      SHA512

                                                                      7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                      Filesize

                                                                      1.3MB

                                                                      MD5

                                                                      40df7f2a02cdfa70ae76d70d21473428

                                                                      SHA1

                                                                      4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                      SHA256

                                                                      f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                      SHA512

                                                                      2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                      Filesize

                                                                      1.8MB

                                                                      MD5

                                                                      5ed9543e9f5826ead203316ef0a8863d

                                                                      SHA1

                                                                      8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                      SHA256

                                                                      33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                      SHA512

                                                                      5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      9a9b1fd85b5f1dcd568a521399a0d057

                                                                      SHA1

                                                                      34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                      SHA256

                                                                      88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                      SHA512

                                                                      7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                      Filesize

                                                                      383KB

                                                                      MD5

                                                                      f6f297c704f4f4c13d50f971daea3b56

                                                                      SHA1

                                                                      118581c847ea863ff8bca0a38b5469577ac6b227

                                                                      SHA256

                                                                      a92e1c423c30b6bb4c73f8807890b6020e12cad4143ebf6548d6562cd04f0b4b

                                                                      SHA512

                                                                      b312447f381d48b68308b68cd841a4274897fe4e4bd5ea3fcdfd598a6926db1ad43443bf7c0b103fdf06e1b511f5ea1b2e8018abc62a39b9b7f2d4be17a7c848

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                      Filesize

                                                                      321KB

                                                                      MD5

                                                                      d3901e62166e9c42864fe3062cb4d8d5

                                                                      SHA1

                                                                      c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                      SHA256

                                                                      dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                      SHA512

                                                                      ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                      Filesize

                                                                      814KB

                                                                      MD5

                                                                      9b1f97a41bfb95f148868b49460d9d04

                                                                      SHA1

                                                                      768031d5e877e347a249dfdeab7c725df941324b

                                                                      SHA256

                                                                      09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                      SHA512

                                                                      9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                      Filesize

                                                                      1.2MB

                                                                      MD5

                                                                      e74d2a16da1ddb7f9c54f72b8a25897c

                                                                      SHA1

                                                                      32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                      SHA256

                                                                      a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                      SHA512

                                                                      52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                                      Filesize

                                                                      11B

                                                                      MD5

                                                                      5eda46a55c61b07029e7202f8cf1781c

                                                                      SHA1

                                                                      862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                                      SHA256

                                                                      12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                                      SHA512

                                                                      4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      a6bd887ee94e12d3c42a5d47b4c73826

                                                                      SHA1

                                                                      6b30541a5b528ff8a8befdb5cab0b9dccf4b2491

                                                                      SHA256

                                                                      643d32f1b400e5cdc5b76067eac006167c07b321d5abd06b30f1a45e9fe2253c

                                                                      SHA512

                                                                      ec86b4beda8995c13f550ce0f1c60b7bf384f706d37c516a12c6e6d6e0040bc11f72e9af09117d78b46bb799e9e41f4f6b2e78b84c2cf087ac76a1eb94986171

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      b4a865268d5aca5f93bab91d7d83c800

                                                                      SHA1

                                                                      95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                      SHA256

                                                                      5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                      SHA512

                                                                      c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      5cf881db0dc27c1414d6c1bf21e72f5e

                                                                      SHA1

                                                                      ea7987cd17bd0d5e49ffb361e293600950bba740

                                                                      SHA256

                                                                      b05d859063bebadea0cd2ecbe34eab2272ec9d442a2ae9140b9c7f7283cf09c8

                                                                      SHA512

                                                                      5b82ddb83b118928d13924cee7888eb924bfe8ac6d06173e668897b0a38b18cf47a2f88753ed19575167e874f8ed9b7ec762a4925d2fa7323f14138cde842ccf

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      83b2332f898309cde27b0f5b7fcfd1c6

                                                                      SHA1

                                                                      ccc2ae2c1f6c99bdbb910405c0b55d3e3b0986f5

                                                                      SHA256

                                                                      2754115ed10fc341186593bbc3ee1e8c731d83efba592b774612b9e723c272c7

                                                                      SHA512

                                                                      dcec9154ad43a112bd69cfd24146c979ec003bb88a95b4cfcf0ca2e0dd7ffd0dc620d0760e779a2ec9b2074bafe41a0715a8af827a42f2a2957fd76c6049fc08

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                      Filesize

                                                                      2.8MB

                                                                      MD5

                                                                      ab8d85c093d6f0180bf09ec0f466b78b

                                                                      SHA1

                                                                      1daf355d14d45b1e411f96fa394a98a84c09e53e

                                                                      SHA256

                                                                      d1e08c8dbf3bfc34e3fdfc390d2e7f5b871f95376e7dda93e3dd0051d580db40

                                                                      SHA512

                                                                      2882292301e1fb85b410570ece6cf05f3e89968a02450dba192a1f97282f1c08ed30819e3d36c524fba3baeb6a2c22a10a762c8313e8823c07554b4b975cc00e

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.ini
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      9a5e9a329e4e73e0c499371205a810db

                                                                      SHA1

                                                                      5b6d85657d4acd89867283fbe372e9e85c30686f

                                                                      SHA256

                                                                      d109087c4ca318cad74b7560c32594d37181885adbdc9348ba1dd35d47b35b92

                                                                      SHA512

                                                                      02bd5261b9e795ed5a07badd65a6cf71d18751452fb44bdd424dfcc6c50ba7441e0066b125e731018fd6f1a8a002ac4e6961c7eff21c36fbda58c8015a100c43

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                                      Filesize

                                                                      2.9MB

                                                                      MD5

                                                                      f39fbf03ca870084bde8bfd5e6e1ec39

                                                                      SHA1

                                                                      00febae56b76f76166fa64a0c0dc746b9feb61e4

                                                                      SHA256

                                                                      1c2761c31cf551a7b3034618fd0018d1a304bbcb97383d2bb13c47aeb8b23c60

                                                                      SHA512

                                                                      4c974603fb33e3711dc7f28e4580fef2a197ee1abfcc2c2384e4053c939847fa94b5d27a44ca6ad1fc8799dd80c2cc975c87e55e15902786e4b1e8dbe362bf7a

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      6c6f85e896655a6eb726482f04c49086

                                                                      SHA1

                                                                      2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                                      SHA256

                                                                      e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                                      SHA512

                                                                      b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                      Filesize

                                                                      541B

                                                                      MD5

                                                                      d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                      SHA1

                                                                      e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                      SHA256

                                                                      7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                      SHA512

                                                                      a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      880d31390a25de6a9cd34463b46c75e6

                                                                      SHA1

                                                                      837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                      SHA256

                                                                      425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                      SHA512

                                                                      8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                      Filesize

                                                                      670KB

                                                                      MD5

                                                                      96e50bbca30d75af7b8b40acf8dda817

                                                                      SHA1

                                                                      4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                      SHA256

                                                                      a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                      SHA512

                                                                      0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                      Filesize

                                                                      3.1MB

                                                                      MD5

                                                                      8e70af11d0ee2abe139b40d67e70b73c

                                                                      SHA1

                                                                      18582e88e16255d5d267904bdf0357ec9ff333e0

                                                                      SHA256

                                                                      5c687adaa48b83de220e8489e0ceb0093be1f94260750c8d94a1b8497781327e

                                                                      SHA512

                                                                      3a845ed4ab368b0dde7e98d77fb796e9070f6bb9472ea833e52b19eb5bd47260e0b288fd3c8d19235bd9ded6f7b11ea10985ad871c8f5c82751249301d3ee4a6

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                                      Filesize

                                                                      572KB

                                                                      MD5

                                                                      7062f2490fde7624ceab2fac6a996b98

                                                                      SHA1

                                                                      63a355ebf702bd6fb4e10f4353e5dbaa036ff635

                                                                      SHA256

                                                                      dbf3e40e068c22a995bb917ef51153bf1d4dd06ab8a5bb5486ea017245edbf1c

                                                                      SHA512

                                                                      5674e823473887669a1d12ecea9f7569633fb885f570b3c7bd8fbb706b214c564a0aaf0bedebd0a61add76582316c7de9a2f5af5b4cd8d04f426d80987f2d7b3

                                                                      Download Submit

                                                                    • C:\Program Files\dotnet\dotnet.exe
                                                                      Filesize

                                                                      143KB

                                                                      MD5

                                                                      71026b098f8fb39c88b003df746d9fa0

                                                                      SHA1

                                                                      013ca259f551ad6f33db53fff0e121e74408e20e

                                                                      SHA256

                                                                      11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                      SHA512

                                                                      9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                      Download Submit

                                                                    • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\1ff53fdad677ad3b971b55d2c2072540
                                                                      Filesize

                                                                      16KB

                                                                      MD5

                                                                      b2e89027a140a89b6e3eb4e504e93d96

                                                                      SHA1

                                                                      f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                      SHA256

                                                                      5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                      SHA512

                                                                      93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                      Download Submit

                                                                    • C:\ProgramData\chocolatey\config\chocolatey.config
                                                                      Filesize

                                                                      809B

                                                                      MD5

                                                                      8b6737800745d3b99886d013b3392ac3

                                                                      SHA1

                                                                      bb94da3f294922d9e8d31879f2d145586a182e19

                                                                      SHA256

                                                                      86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                                      SHA512

                                                                      654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                                      Download Submit

                                                                    • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      e04d57b79e24c19bc65d5d7458b44c2f

                                                                      SHA1

                                                                      c5626e65584672c20a5d70702ab8e651dd91cc80

                                                                      SHA256

                                                                      769c22bfda1e67929b7ceed7cddb3164b1f7ebe12449cb8fb5cbcae2427148f5

                                                                      SHA512

                                                                      4efb3a29a758cf435d12903f3dc4687064b8e238fe1092d5eeb0d2b20e788a283abc7d434ba43482a8df50f423fc5c9691d886368f15680eb42c4cc4eca74a80

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                      Filesize

                                                                      727B

                                                                      MD5

                                                                      62f50b09757845b91a11afe304f912e7

                                                                      SHA1

                                                                      ca2093d46e2a9138ef71e5cb6d53d6ced356ec76

                                                                      SHA256

                                                                      9979dad90650f1a6d82d38cb84e4055e46b88f28bcc099b51cd5e2444cc280e9

                                                                      SHA512

                                                                      6b54ad0a12455914f3140a1f5341807cbd97470419109470eabab6cfa1083b703dfd19ea276caba534777bcc8265d80659e6d8db06bc03de57fb6fb3d9e68133

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                      Filesize

                                                                      404B

                                                                      MD5

                                                                      920e5de54a86bd0ccb133516985ef8a5

                                                                      SHA1

                                                                      b13fdcdb8f6bbb1e71f744afa4593391441ef6e4

                                                                      SHA256

                                                                      dcb3d08a6215aeed905b21ab4a977c3ab8aea17bd20e8bb7d162626ff3fdc7fa

                                                                      SHA512

                                                                      43e370230f92e7bb9e9228b7bc542380d4da6bda1251d5e01d856cbb6d87a9f3e96c82aabcc22ab5364e84e1589861099e55cf82cdcf41de2564c354700e830a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                      Filesize

                                                                      651B

                                                                      MD5

                                                                      9bbfe11735bac43a2ed1be18d0655fe2

                                                                      SHA1

                                                                      61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                      SHA256

                                                                      549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                      SHA512

                                                                      a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI1015.tmp
                                                                      Filesize

                                                                      219KB

                                                                      MD5

                                                                      928f4b0fc68501395f93ad524a36148c

                                                                      SHA1

                                                                      084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                      SHA256

                                                                      2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                      SHA512

                                                                      7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI1779.tmp
                                                                      Filesize

                                                                      4.5MB

                                                                      MD5

                                                                      08211c29e0d617a579ffa2c41bde1317

                                                                      SHA1

                                                                      4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                      SHA256

                                                                      3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                      SHA512

                                                                      d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI8E72.tmp-\System.Management.dll
                                                                      Filesize

                                                                      60KB

                                                                      MD5

                                                                      878e361c41c05c0519bfc72c7d6e141c

                                                                      SHA1

                                                                      432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                      SHA256

                                                                      24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                      SHA512

                                                                      59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIB41D.tmp
                                                                      Filesize

                                                                      509KB

                                                                      MD5

                                                                      88d29734f37bdcffd202eafcdd082f9d

                                                                      SHA1

                                                                      823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                      SHA256

                                                                      87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                      SHA512

                                                                      1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIB41D.tmp-\AlphaControlAgentInstallation.dll
                                                                      Filesize

                                                                      25KB

                                                                      MD5

                                                                      aa1b9c5c685173fad2dabebeb3171f01

                                                                      SHA1

                                                                      ed756b1760e563ce888276ff248c734b7dd851fb

                                                                      SHA256

                                                                      e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                      SHA512

                                                                      d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIB41D.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      1a5caea6734fdd07caa514c3f3fb75da

                                                                      SHA1

                                                                      f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                      SHA256

                                                                      cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                      SHA512

                                                                      a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIB71C.tmp-\CustomAction.config
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      bc17e956cde8dd5425f2b2a68ed919f8

                                                                      SHA1

                                                                      5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                      SHA256

                                                                      e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                      SHA512

                                                                      02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIB71C.tmp-\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      695KB

                                                                      MD5

                                                                      715a1fbee4665e99e859eda667fe8034

                                                                      SHA1

                                                                      e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                      SHA256

                                                                      c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                      SHA512

                                                                      bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIBD1A.tmp
                                                                      Filesize

                                                                      211KB

                                                                      MD5

                                                                      a3ae5d86ecf38db9427359ea37a5f646

                                                                      SHA1

                                                                      eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                      SHA256

                                                                      c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                      SHA512

                                                                      96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e57b391.msi
                                                                      Filesize

                                                                      2.9MB

                                                                      MD5

                                                                      f08f1cfeb4906ab03141d5fb2ddfa8f8

                                                                      SHA1

                                                                      6a57e1496d50b4a7067c661bc6ed1b9ed4910517

                                                                      SHA256

                                                                      bc0c575d69f00c3ee2314cbb379628b5b6cad499b7db5c6fc60cbfb02257145f

                                                                      SHA512

                                                                      71e063d066b6513da6cc24c8d852812489f1e29b4a381bf0b9f69016b8927852b5f21ae9a7b41f0a0fd63f943c51e536618052f3f6d906bde8fb03d40fa592d8

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e57b3ad.msi
                                                                      Filesize

                                                                      26.3MB

                                                                      MD5

                                                                      b9c6d23462adef092b8a5b7880531b03

                                                                      SHA1

                                                                      9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                      SHA256

                                                                      2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                      SHA512

                                                                      18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e57b3ae.msi
                                                                      Filesize

                                                                      772KB

                                                                      MD5

                                                                      d73de5788ab129f16afdd990d8e6bfa9

                                                                      SHA1

                                                                      88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                      SHA256

                                                                      4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                      SHA512

                                                                      bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf0e2cf4-349f-1f45-ad1a-c3100f81eb4b}\lci_proxywddm.cat
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      8e16d54f986dbe98812fd5ec04d434e8

                                                                      SHA1

                                                                      8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                      SHA256

                                                                      7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                      SHA512

                                                                      e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf0e2cf4-349f-1f45-ad1a-c3100f81eb4b}\lci_proxywddm.inf
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      0315a579f5afe989154cb7c6a6376b05

                                                                      SHA1

                                                                      e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                      SHA256

                                                                      d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                      SHA512

                                                                      c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf0e2cf4-349f-1f45-ad1a-c3100f81eb4b}\x64\lci_proxyumd.dll
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      4dc11547a5fc28ca8f6965fa21573481

                                                                      SHA1

                                                                      d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                      SHA256

                                                                      e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                      SHA512

                                                                      bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf0e2cf4-349f-1f45-ad1a-c3100f81eb4b}\x64\lci_proxyumd32.dll
                                                                      Filesize

                                                                      135KB

                                                                      MD5

                                                                      67ae7b2c36c9c70086b9d41b4515b0a8

                                                                      SHA1

                                                                      ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                      SHA256

                                                                      79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                      SHA512

                                                                      4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{cf0e2cf4-349f-1f45-ad1a-c3100f81eb4b}\x64\lci_proxywddm.sys
                                                                      Filesize

                                                                      119KB

                                                                      MD5

                                                                      b9b0e9b4d93b18b99ece31a819d71d00

                                                                      SHA1

                                                                      2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                      SHA256

                                                                      0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                      SHA512

                                                                      465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{f8121021-bcc5-2b45-8ea1-d92c54a41526}\lci_iddcx.cat
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      62458e58313475c9a3642a392363e359

                                                                      SHA1

                                                                      e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                      SHA256

                                                                      85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                      SHA512

                                                                      49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{f8121021-bcc5-2b45-8ea1-d92c54a41526}\lci_iddcx.inf
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      1cec22ca85e1b5a8615774fca59a420b

                                                                      SHA1

                                                                      049a651751ef38321a1088af6a47c4380f9293fc

                                                                      SHA256

                                                                      60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                      SHA512

                                                                      0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{f8121021-bcc5-2b45-8ea1-d92c54a41526}\x64\lci_iddcx.dll
                                                                      Filesize

                                                                      52KB

                                                                      MD5

                                                                      01e8bc64139d6b74467330b11331858d

                                                                      SHA1

                                                                      b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                      SHA256

                                                                      148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                      SHA512

                                                                      4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                      Download Submit

                                                                    • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-05-14-28.dat
                                                                      Filesize

                                                                      602B

                                                                      MD5

                                                                      e10307d175de463233f5f6da83698ac1

                                                                      SHA1

                                                                      10094eda3d281a4df69f3a05d798a3cd41cbe4a8

                                                                      SHA256

                                                                      14c723a701414198419594dd7c63c07b45cc321b1958af5c2012f69a289aa37c

                                                                      SHA512

                                                                      fe7e60b10d6e3a864b6490117d1a0a297050200202d1f41f19b592f971feacd1097d5db3c412882476c8a2e7dab0b5d7028eb5c65ec759660f3dfb79da7012a6

                                                                      Download Submit

                                                                    • C:\Windows\Temp\InstallUtil.log
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      2fe914222e6625889d54a3b21ab8bb1a

                                                                      SHA1

                                                                      854609c9efc7315b24bc34c2836b5ec47c0a3dcd

                                                                      SHA256

                                                                      e8d7ecfef041b02cd173b30beb0f4a0255b924a1c1af963ba29aed963c01a949

                                                                      SHA512

                                                                      33b744b41f70bd9e8d729fca81811838664de4481c857a84df5f27ca68545ddb28b230f13522faae21a070cf15b82c2c5d02fdb053750cc57abd1223f1f8748e

                                                                      Download Submit

                                                                    • C:\Windows\Temp\InstallUtil.log
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      f87fb9709482315dbc82347ae07b2b21

                                                                      SHA1

                                                                      c2dfa4a29595ea73b1ed8062d01effd90078b477

                                                                      SHA256

                                                                      f6b0e866469b08fea7410928c1dd5e43f880b43fc54e2a94986d85112da5a677

                                                                      SHA512

                                                                      866deb0e642f851aa12907ef38f03181a0dbbdb157626a70b33f57c7f403be43f5f0485bb872d3e28a639310091e5417f3a6df5330f5b000db4844b4346dbef7

                                                                      Download Submit

                                                                    • C:\Windows\Temp\PreVer.log
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      99531fb2bdd0917d72665e290e521fe6

                                                                      SHA1

                                                                      9fb730fb41aac01bbb2733695fd78a233f1b31b9

                                                                      SHA256

                                                                      85613255f8e874ec132fafdc104d1af106a92cda0d3e5c9a6ac5d3080bbac1c2

                                                                      SHA512

                                                                      a1edffb82e618650fd57ca0af481ac05347bffe53331eb97eb22b9ef560398ad8ebd27570c6247de2594771a051e1823c74a6ff9bfef0cdf67478f7033340525

                                                                      Download Submit

                                                                    • C:\Windows\Temp\__PSScriptPolicyTest_knulfnf5.dym.ps1
                                                                      Filesize

                                                                      60B

                                                                      MD5

                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                      SHA1

                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                      SHA256

                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                      SHA512

                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                      Download Submit

                                                                    • C:\Windows\Temp\unpack.log
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      9abc1cb8fd25b6c62d06c117ffde0176

                                                                      SHA1

                                                                      c887dc906000fa390402e8fc2f3e04d8f322c26a

                                                                      SHA256

                                                                      6905d477ac52b2856ad99cc3882853a12850f60ab0410f65d7830951863d1b04

                                                                      SHA512

                                                                      7945371577bf1f6885072b941d3a4d212d425f3d0b56c3740433115e9303589399ce202990568d1e648903d85fba004e4fba86b0e95687b4be2d63f6daa29c47

                                                                      Download Submit

                                                                    • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                      Filesize

                                                                      3.2MB

                                                                      MD5

                                                                      2c18826adf72365827f780b2a1d5ea75

                                                                      SHA1

                                                                      a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                      SHA256

                                                                      ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                      SHA512

                                                                      474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\ISRT.dll
                                                                      Filesize

                                                                      427KB

                                                                      MD5

                                                                      85315ad538fa5af8162f1cd2fce1c99d

                                                                      SHA1

                                                                      31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                      SHA256

                                                                      70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                      SHA512

                                                                      877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{3B516C10-5505-40CA-BC74-3C358AD0E6CF}\_isres_0x0409.dll
                                                                      Filesize

                                                                      1.8MB

                                                                      MD5

                                                                      befe2ef369d12f83c72c5f2f7069dd87

                                                                      SHA1

                                                                      b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                      SHA256

                                                                      9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                      SHA512

                                                                      760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\IsConfig.ini
                                                                      Filesize

                                                                      571B

                                                                      MD5

                                                                      d239b8964e37974225ad69d78a0a8275

                                                                      SHA1

                                                                      cf208e98a6f11d1807cd84ca61504ad783471679

                                                                      SHA256

                                                                      0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                      SHA512

                                                                      88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\String1033.txt
                                                                      Filesize

                                                                      182KB

                                                                      MD5

                                                                      99bbffd900115fe8672c73fb1a48a604

                                                                      SHA1

                                                                      8f587395fa6b954affef337c70781ce00913950e

                                                                      SHA256

                                                                      57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                      SHA512

                                                                      d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\_isDB8.exe
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      7a1c100df8065815dc34c05abc0c13de

                                                                      SHA1

                                                                      3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                      SHA256

                                                                      e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                      SHA512

                                                                      bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{A70A2084-5C36-4BE9-8E5A-26DDC86240CD}\setup.inx
                                                                      Filesize

                                                                      345KB

                                                                      MD5

                                                                      0376dd5b7e37985ea50e693dc212094c

                                                                      SHA1

                                                                      02859394164c33924907b85ab0aaddc628c31bf1

                                                                      SHA256

                                                                      c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                      SHA512

                                                                      69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{D427BD6C-A5D2-4B38-8737-8B22BC07B93F}\.ba\bg.png
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                      SHA1

                                                                      eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                      SHA256

                                                                      9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                      SHA512

                                                                      9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{D427BD6C-A5D2-4B38-8737-8B22BC07B93F}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                      Filesize

                                                                      607KB

                                                                      MD5

                                                                      669de3ab32955e69decfe13a3c89891e

                                                                      SHA1

                                                                      ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                      SHA256

                                                                      2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                      SHA512

                                                                      be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                      Download Submit

                                                                    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      727B

                                                                      MD5

                                                                      f11d59d55f077f02f2651680043ddaa2

                                                                      SHA1

                                                                      0146112dcbb3b26a6c6f24839f6b1276934eb35b

                                                                      SHA256

                                                                      a642d13d047785429ffb39d7bfc6e7dd0b92b1be61170e6ecc876671a02fb6e2

                                                                      SHA512

                                                                      313151140da21c56c26d5ec8a4a49e791d9654e15fb387b5f1374337a644c0e7deb0e3d9c45a9f02b3ee5b83b6cd1a03fa4bbda857d3ce5a332eaa06487be5b4

                                                                      Download Submit

                                                                    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                                      Filesize

                                                                      404B

                                                                      MD5

                                                                      6de1bccc2149ebe23fc09ff1192f7b63

                                                                      SHA1

                                                                      93181767d1e55418788f76db32d303ab972c581a

                                                                      SHA256

                                                                      02d0f43a6956aaf6de5aaec7cb2e0aabe900239c3d0717423d1154a9ecfbe9f1

                                                                      SHA512

                                                                      863ff256ff19873470baddb0a986d3cb4b8ad6823401b7666111e1624d9b2c1c08aba9d90d2ee8709e9fe3045fdcb1c103dd852518ffe4f622c2b4821b3f82a7

                                                                      Download Submit

                                                                    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      412B

                                                                      MD5

                                                                      0ab4bb47c010f0ee9fcb7e4d6d1ca791

                                                                      SHA1

                                                                      3de1e6e87d815adba9b0594e857877b12088a9cb

                                                                      SHA256

                                                                      fe55b9aac98bad2da2d0385c8d7d1298f8c9ba3ad925408ff0f3225e11ee3106

                                                                      SHA512

                                                                      c9c61b5edb42bebc15daaf52931cfe63293127bc86e7ca58102ce30786ba4c7439faf9ccc6441639d12f3f44b196e4f6523231a26d4bf0cb0130073aad08a52a

                                                                      Download Submit

                                                                    • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      9cad061ddf5ad182cfe7879190aeed71

                                                                      SHA1

                                                                      cfd292d16d937f95b642527464403b7e5ef6af96

                                                                      SHA256

                                                                      b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                                      SHA512

                                                                      df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                                      Download Submit

                                                                    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                      Filesize

                                                                      24.1MB

                                                                      MD5

                                                                      7f7e003937f9fa1511bba313198b74da

                                                                      SHA1

                                                                      5d1eceed66f0b7c1027e6db7dba0dbc7395975f1

                                                                      SHA256

                                                                      9be6186423c3e22d94c7aa0b6663b6d93174b22a61937503e4467a90ad103cf2

                                                                      SHA512

                                                                      e72be55bbd3b8b82c795ab6f6972162043d28937a5c0294f9b87ce9ad36010ee8e4c099e31b7b0c3b265e44dca434f4ca0e91bedafcd1cc75c7f9d060d76807d

                                                                      Download Submit

                                                                    • \??\Volume{37f9f0cb-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{af06a628-2bf1-4538-a4b7-2f317ef6c3d8}_OnDiskSnapshotProp
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      05848bc7b9fd94b85c7342f19d62b908

                                                                      SHA1

                                                                      4f7dc7285d126d582f70764f79f43a25cf58058a

                                                                      SHA256

                                                                      2aa050731144df063901136c266894444149c6507ca2d3d2e2436272b6307cad

                                                                      SHA512

                                                                      db837aa263d39d48b2939acbb2ec7dfc079700505de8d2b7326fb0b34dd540e635523cf6898473457c8c3989a37052a5c244af6653d4b5fce36a6ab70a17fb28

                                                                      Download Submit

                                                                    • memory/812-3551-0x000001F678B10000-0x000001F678D2C000-memory.dmp

                                                                      Filesize

                                                                      2.1MB

                                                                      Download

                                                                    • memory/1004-1685-0x00000226D0570000-0x00000226D0622000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/1004-1677-0x00000226B7670000-0x00000226B768C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/1004-1676-0x00000226B7B70000-0x00000226B7BBA000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/1004-1675-0x00000226B71D0000-0x00000226B71E2000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/1004-1686-0x00000226D0710000-0x00000226D07EC000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/1004-1690-0x00000226B7D70000-0x00000226B7D8A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                      Download

                                                                    • memory/1096-1500-0x000002E12D640000-0x000002E12D674000-memory.dmp

                                                                      Filesize

                                                                      208KB

                                                                      Download

                                                                    • memory/1096-1503-0x000002E12E060000-0x000002E12E078000-memory.dmp

                                                                      Filesize

                                                                      96KB

                                                                      Download

                                                                    • memory/1096-1501-0x000002E12E010000-0x000002E12E05A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/1096-1511-0x000002E146950000-0x000002E14696C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/1096-1502-0x000002E12DB00000-0x000002E12DB1C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/1096-1504-0x000002E12DB20000-0x000002E12DB2A000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/1096-1505-0x000002E1467C0000-0x000002E14680A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/1096-1510-0x000002E146A90000-0x000002E146AF2000-memory.dmp

                                                                      Filesize

                                                                      392KB

                                                                      Download

                                                                    • memory/1096-1509-0x000002E146B70000-0x000002E146C4C000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/1096-1508-0x000002E1469D0000-0x000002E146A82000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/1156-295-0x000001AB2FBE0000-0x000001AB2FBF6000-memory.dmp

                                                                      Filesize

                                                                      88KB

                                                                      Download

                                                                    • memory/1156-296-0x000001AB30610000-0x000001AB306C2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/1156-297-0x000001AB30550000-0x000001AB3056C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/1368-33-0x0000000005450000-0x000000000545C000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/1368-29-0x0000000005420000-0x000000000544E000-memory.dmp

                                                                      Filesize

                                                                      184KB

                                                                      Download

                                                                    • memory/1444-1717-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1444-1295-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1444-1149-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/1444-1148-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1444-1718-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/1444-1226-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/1444-1227-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/1444-1296-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/1496-1689-0x00000234C3A70000-0x00000234C3A96000-memory.dmp

                                                                      Filesize

                                                                      152KB

                                                                      Download

                                                                    • memory/2400-263-0x00000184AFE10000-0x00000184AFEC0000-memory.dmp

                                                                      Filesize

                                                                      704KB

                                                                      Download

                                                                    • memory/2400-260-0x0000018496C60000-0x0000018496CA2000-memory.dmp

                                                                      Filesize

                                                                      264KB

                                                                      Download

                                                                    • memory/2400-265-0x0000018497160000-0x000001849717C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/2508-1155-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/2508-1154-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/2508-1297-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/2508-4658-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/2508-4659-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/2508-2711-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/2508-2710-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/2508-1298-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/2832-1681-0x0000014F5DFD0000-0x0000014F5DFD8000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/2832-1618-0x0000014F76860000-0x0000014F768AA000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2832-1615-0x0000014F5D760000-0x0000014F5D770000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/2832-1619-0x0000014F5DFA0000-0x0000014F5DFBC000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/2832-1650-0x0000014F76AF0000-0x0000014F76BCC000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/2832-1674-0x0000014F76BD0000-0x0000014F76C82000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/3108-150-0x000002479FF00000-0x000002479FF98000-memory.dmp

                                                                      Filesize

                                                                      608KB

                                                                      Download

                                                                    • memory/3108-155-0x0000024785DB0000-0x0000024785DEC000-memory.dmp

                                                                      Filesize

                                                                      240KB

                                                                      Download

                                                                    • memory/3108-154-0x0000024785D50000-0x0000024785D62000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/3108-138-0x0000024785940000-0x0000024785968000-memory.dmp

                                                                      Filesize

                                                                      160KB

                                                                      Download

                                                                    • memory/3216-1790-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/3216-1730-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/3216-1803-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/3460-1361-0x000001A464200000-0x000001A4642B2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/3460-1359-0x000001A44B030000-0x000001A44B03C000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/3460-1360-0x000001A44B870000-0x000001A44B888000-memory.dmp

                                                                      Filesize

                                                                      96KB

                                                                      Download

                                                                    • memory/3460-1362-0x000001A44B890000-0x000001A44B8B0000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/3704-1678-0x000001594EC10000-0x000001594EC22000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/3704-1679-0x000001594F580000-0x000001594F59C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/3704-1680-0x000001594F660000-0x000001594F712000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/3704-1691-0x000001594F600000-0x000001594F654000-memory.dmp

                                                                      Filesize

                                                                      336KB

                                                                      Download

                                                                    • memory/3928-70-0x00000000052C0000-0x0000000005614000-memory.dmp

                                                                      Filesize

                                                                      3.3MB

                                                                      Download

                                                                    • memory/3928-69-0x0000000005140000-0x0000000005162000-memory.dmp

                                                                      Filesize

                                                                      136KB

                                                                      Download

                                                                    • memory/3928-66-0x0000000005200000-0x00000000052B2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/4616-1023-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4616-1051-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4616-521-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4616-490-0x0000000002BD0000-0x0000000002D97000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/4616-487-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4616-911-0x0000000002C10000-0x0000000002DD7000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/4616-1088-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4676-231-0x0000016972B80000-0x0000016972BB8000-memory.dmp

                                                                      Filesize

                                                                      224KB

                                                                      Download

                                                                    • memory/4676-186-0x0000016970FA0000-0x0000016970FC2000-memory.dmp

                                                                      Filesize

                                                                      136KB

                                                                      Download

                                                                    • memory/4676-185-0x0000016972C00000-0x0000016972CB2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/4852-1612-0x000001B6ED560000-0x000001B6ED580000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/4852-1616-0x000001B6ED5A0000-0x000001B6ED5B4000-memory.dmp

                                                                      Filesize

                                                                      80KB

                                                                      Download

                                                                    • memory/4852-1614-0x000001B6ED9D0000-0x000001B6EDA36000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/4852-1613-0x000001B6EE2B0000-0x000001B6EE362000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/4852-1609-0x000001B6ED0D0000-0x000001B6ED0E0000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/4940-1156-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4940-4660-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/4940-1300-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/4940-1157-0x0000000073E50000-0x000000007421D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/4940-1299-0x0000000074220000-0x000000007433C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5032-353-0x0000015213520000-0x000001521353C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5032-358-0x000001522C470000-0x000001522C54C000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/5032-352-0x00000152138F0000-0x000001521393A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/5032-354-0x000001522C1D0000-0x000001522C21C000-memory.dmp

                                                                      Filesize

                                                                      304KB

                                                                      Download

                                                                    • memory/5032-355-0x000001522C220000-0x000001522C268000-memory.dmp

                                                                      Filesize

                                                                      288KB

                                                                      Download

                                                                    • memory/5032-364-0x000001522C3E0000-0x000001522C40A000-memory.dmp

                                                                      Filesize

                                                                      168KB

                                                                      Download

                                                                    • memory/5032-351-0x0000015213030000-0x0000015213098000-memory.dmp

                                                                      Filesize

                                                                      416KB

                                                                      Download

                                                                    • memory/5032-357-0x0000015213940000-0x000001521394A000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/5032-356-0x0000015213540000-0x0000015213548000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5032-360-0x000001522C270000-0x000001522C278000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5032-365-0x000001522C6C0000-0x000001522C6FA000-memory.dmp

                                                                      Filesize

                                                                      232KB

                                                                      Download

                                                                    • memory/5032-366-0x000001522C3B0000-0x000001522C3D6000-memory.dmp

                                                                      Filesize

                                                                      152KB

                                                                      Download

                                                                    • memory/5032-363-0x000001522C610000-0x000001522C678000-memory.dmp

                                                                      Filesize

                                                                      416KB

                                                                      Download

                                                                    • memory/5032-362-0x000001522C3A0000-0x000001522C3A8000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5032-361-0x000001522C390000-0x000001522C398000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5032-359-0x000001522C550000-0x000001522C602000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5056-100-0x0000000004990000-0x00000000049F6000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/5132-1780-0x000002250BAB0000-0x000002250BAEA000-memory.dmp

                                                                      Filesize

                                                                      232KB

                                                                      Download

                                                                    • memory/5192-1808-0x0000023269A00000-0x0000023269A1A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                      Download

                                                                    • memory/5192-1806-0x0000023269640000-0x000002326964A000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/5488-1809-0x0000022F200D0000-0x0000022F200DC000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/5488-1811-0x0000022F20A20000-0x0000022F20A3C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5488-1810-0x0000022F39150000-0x0000022F3919A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download