Overview

overview

10

Static

static

10

394659c01b...46.msi

windows7-x64

10

394659c01b...46.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2025, 03:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    394659c01bd981c3a4d5840fbd624c20e3270c9defc432ff3fe6ddb482b5ad46.msi

  • Size

    2.9MB

  • MD5

    6032d2452e05a12f1449182deb3ab258

  • SHA1

    03a992f9020a003fe86e477ac28698afc16a73d3

  • SHA256

    394659c01bd981c3a4d5840fbd624c20e3270c9defc432ff3fe6ddb482b5ad46

  • SHA512

    1318d1844efe031d05499e642c9509422a9f92977b8b4c76d38c6c614d81813af4ec927d2dd807e9b7b205ab06ea1800eb4a082f1a89a4e3721a37301165e28d

  • SSDEEP

    49152:9+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:9+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 11 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\394659c01bd981c3a4d5840fbd624c20e3270c9defc432ff3fe6ddb482b5ad46.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4896
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:1652
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 7F710304E705B775E8ACDAC0DBCBA079
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4952
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIDDCD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240639671 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1768
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIE06E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240640140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4964
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIE4C4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240641250 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2952
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF091.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240644312 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1128
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 60459EE0791F400A3CEB579C3A132BCF E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4700
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4736
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:3276
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:5100
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QFoFLIA1" /AgentId="4accd7e7-6560-48a7-8998-7e9bfa056317"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:3120
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding C133141BB5963B3CF52018FB65E11C09 E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:3268
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{08ECF16C-C1EF-4F4F-B449-15664E0EB94A}
          3⤵
          • Executes dropped EXE
          PID:2248
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7955ECC0-6B77-464C-958E-9B4196B1E3DC}
          3⤵
          • Executes dropped EXE
          PID:2468
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BA7A7BCC-3A16-4D2E-BBD1-2125C4BA9F81}
          3⤵
          • Executes dropped EXE
          PID:3432
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8B6B7B02-99AF-413C-A3E5-55A2B4CDF3B4}
          3⤵
          • Executes dropped EXE
          PID:4336
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0F5B892-9D4B-40F1-9A4E-0925E36E2053}
          3⤵
          • Executes dropped EXE
          PID:1596
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AD869329-B964-4E45-8687-965F385879A6}
          3⤵
          • Executes dropped EXE
          PID:3752
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5161EF86-3C87-4E3F-B79A-A6938B89F3A3}
          3⤵
          • Executes dropped EXE
          PID:2692
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FC5BFBC5-E1A0-498B-B346-C43B2E14EEA7}
          3⤵
          • Executes dropped EXE
          PID:4848
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{114332BB-CBE6-47B3-B42F-9A2EC5441FE3}
          3⤵
          • Executes dropped EXE
          PID:4264
        • C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe
          C:\Windows\TEMP\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_is23B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FE1D7598-C6CC-4997-ADA5-5475247BCF82}
          3⤵
          • Executes dropped EXE
          PID:4952
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2648
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1136
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3180
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3168
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1624
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1292
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4844
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:5076
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4440
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4048
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4008
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4548
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2248
          • C:\Windows\System32\Conhost.exe
            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            4⤵
              PID:4848
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAgent.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:3696
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:4932
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:2080
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:1236
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRAudioChat.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:3096
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:4324
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill.exe /F /IM SRVirtualDisplay.exe /T
              4⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              PID:3296
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{24C12F12-91DC-4C25-B9A6-0B90392AC000}
            3⤵
            • Executes dropped EXE
            PID:3696
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{74FB5E9D-7C43-44C4-85F6-03A7B25687E5}
            3⤵
            • Executes dropped EXE
            PID:3636
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{17544601-1AA9-4476-A103-5BDFC27C4A58}
            3⤵
            • Executes dropped EXE
            PID:3260
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CEFC7EFD-CDB0-4FB4-85E8-CBD1E68E7C9F}
            3⤵
            • Executes dropped EXE
            PID:2880
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D5977469-91DA-4A04-9608-2D91C06087A1}
            3⤵
            • Executes dropped EXE
            PID:4048
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{964430AB-A86B-4EB1-9B2E-6DB40F1193FB}
            3⤵
            • Executes dropped EXE
            PID:1932
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{61084C42-4BA1-486E-BC95-E3BCD97CBF30}
            3⤵
            • Executes dropped EXE
            PID:3876
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8C9F7EB1-97A6-41C3-84C6-70034E9173AA}
            3⤵
            • Executes dropped EXE
            PID:3104
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1C659AAE-29E4-499C-B786-05A94F08CC81}
            3⤵
            • Executes dropped EXE
            PID:5036
          • C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
            C:\Windows\TEMP\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{72372FA0-E53D-40EA-829F-A95C8A0A0B16}
            3⤵
            • Executes dropped EXE
            PID:1184
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9F1441A8-3AB8-4385-9F49-5B6059B4A23F}
            3⤵
            • Executes dropped EXE
            PID:3260
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EF6CC754-0757-48BF-BADE-FE63462A8A86}
            3⤵
            • Executes dropped EXE
            PID:1292
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3ED8019D-89A1-4AB6-B02E-551599E78474}
            3⤵
            • Executes dropped EXE
            PID:4048
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B31785D-5FF4-41A1-A149-BE42A30CDD1D}
            3⤵
            • Executes dropped EXE
            PID:2816
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F862782F-B168-48D2-85B9-8EA439E5526E}
            3⤵
            • Executes dropped EXE
            PID:1028
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9F5F1B08-EBB7-4B08-9A6D-6697226BEDE3}
            3⤵
            • Executes dropped EXE
            PID:5036
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5C052AFA-2233-41FB-9075-0D5346D73A52}
            3⤵
            • Executes dropped EXE
            PID:1184
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A24331D-BBD9-42CA-BC1C-DE410E05E4FC}
            3⤵
            • Executes dropped EXE
            PID:1304
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{78F6CD85-9C91-4445-8430-8C72EF8C12F4}
            3⤵
            • Executes dropped EXE
            PID:3216
          • C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe
            C:\Windows\TEMP\{BB86DFE8-BEDC-4E37-A04A-A073A058C214}\_is40DE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6102657F-0762-47C9-A604-E5149E1A4D1D}
            3⤵
            • Executes dropped EXE
            PID:4084
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3096
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
            3⤵
            • Executes dropped EXE
            PID:2060
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            PID:3444
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:1136
              • C:\Windows\system32\cmd.exe
                "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
                4⤵
                  PID:812
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:4084
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8B94959B-5D7F-40FB-9276-6FC1910C2697}
                3⤵
                • Executes dropped EXE
                PID:3200
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DA2B5B3E-A43A-4183-B4BB-BFCE5A16B12F}
                3⤵
                • Executes dropped EXE
                PID:2916
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CAFE3812-E32D-4182-A742-566C8FA60699}
                3⤵
                • Executes dropped EXE
                PID:1740
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FAF8D29A-101A-4A42-9246-74F3F1EA8F5A}
                3⤵
                • Executes dropped EXE
                PID:3696
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EC6BA255-E3CB-4DEA-8230-FEE86246948B}
                3⤵
                • Executes dropped EXE
                PID:3752
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AB1D940D-9A3F-4098-85F4-9BDA7EE00F0D}
                3⤵
                • Executes dropped EXE
                PID:4048
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B5FBE03-F72E-4ADF-B278-9F0BA0E59376}
                3⤵
                • Executes dropped EXE
                PID:4940
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EEDB4128-601C-4928-8B45-2CB1F2B116C6}
                3⤵
                • Executes dropped EXE
                PID:1652
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2081EDA5-FDFA-43CD-A48C-7BD1A1EF561B}
                3⤵
                • Executes dropped EXE
                PID:3500
              • C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe
                C:\Windows\TEMP\{3D9C8837-D52D-4DF6-A6C5-5DDC46D4C205}\_is53BD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7B127001-171B-43ED-93D1-B585E843E773}
                3⤵
                • Executes dropped EXE
                PID:1176
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                PID:4332
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{81F82378-B751-4DD8-9B8A-64C2E60F9EE8}
                3⤵
                • Executes dropped EXE
                PID:4940
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{204813E8-B924-4603-B35C-A7D177CEC883}
                3⤵
                • Executes dropped EXE
                PID:748
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{81039644-BE6C-4D68-849E-13822ECD69B3}
                3⤵
                • Executes dropped EXE
                PID:4456
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C0357356-773D-4EC2-A899-94E135F71078}
                3⤵
                • Executes dropped EXE
                PID:1896
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D6CBE4C-0448-4E17-B996-AECFB59BEBD2}
                3⤵
                • Executes dropped EXE
                PID:4984
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{17D6C673-29FA-4C5F-8D21-1174CF60C799}
                3⤵
                • Executes dropped EXE
                PID:4540
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{03B16106-60C5-4060-B1B8-DE262B68523D}
                3⤵
                • Executes dropped EXE
                PID:3520
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{251CA570-CA70-436B-8870-C792C90ED9F3}
                3⤵
                • Executes dropped EXE
                PID:3260
              • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{74ED5318-8A09-4CC0-93D0-649708C07A11}
                3⤵
                  PID:2920
                • C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe
                  C:\Windows\TEMP\{292454D1-91C0-42E4-B178-FA200E626F8D}\_is56AC.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B240C0EF-2378-4BF6-8CA6-65414CC7D74A}
                  3⤵
                    PID:4940
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:3012
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding FAF13B919824F4F833E122483A30A9C8 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:5760
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI99CC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240687734 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                    3⤵
                    • Drops file in System32 directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5268
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSI9CAC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240688281 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5732
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIA392.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240690046 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                    3⤵
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5372
                  • C:\Windows\SysWOW64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:5452
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:5404
                  • C:\Windows\SysWOW64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:5896
                  • C:\Windows\syswow64\NET.exe
                    "NET" STOP AteraAgent
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:4728
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 STOP AteraAgent
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:5032
                  • C:\Windows\syswow64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:5272
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIC3B6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240698265 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    PID:5348
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                  2⤵
                  • Drops file in System32 directory
                  PID:4156
                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="2c917860-9125-41ea-ad8b-d181476a8e11"
                  2⤵
                  • Drops file in System32 directory
                  • Modifies data under HKEY_USERS
                  PID:5676
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding FD6DA02FEEACE3D21DE31ADAEF785AE9 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:3732
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 70B36C59177CBA1B537DDBFBBEFD3503 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:4928
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 4700B05C0FF47331B063E1D8D7A24E84 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:5796
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                • Checks SCSI registry key(s)
                • Suspicious use of AdjustPrivilegeToken
                PID:4460
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in System32 directory
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Modifies system certificate store
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:1764
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:4964
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "e8998491-2005-42e8-ae3a-53a3988c888f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QFoFLIA1
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2692
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "9035afd8-817d-431e-8dfd-100ec4829539" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QFoFLIA1
                  2⤵
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1536
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "ada0092f-85f6-4c22-ac5d-8bfdebf96e6e" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000QFoFLIA1
                  2⤵
                  • Executes dropped EXE
                  PID:2940
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "ad404902-c582-4685-a8c1-321b98a247d1" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000QFoFLIA1
                  2⤵
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:4092
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                    3⤵
                    • Drops file in System32 directory
                    • Command and Scripting Interpreter: PowerShell
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3444
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4980
                    • C:\Windows\system32\cscript.exe
                      cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      4⤵
                      • Modifies data under HKEY_USERS
                      PID:5036
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "e7030aa7-0d2e-49cd-955e-6f56a41854e8" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000QFoFLIA1
                  2⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:4432
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "54031d3a-b234-4ec0-a596-cea61ebe2116" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000QFoFLIA1
                  2⤵
                  • Downloads MZ/PE file
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:2968
                  • C:\Windows\TEMP\SplashtopStreamer.exe
                    "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:4696
                    • C:\Windows\Temp\unpack\PreVerCheck.exe
                      "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      4⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:1412
                      • C:\Windows\SysWOW64\msiexec.exe
                        msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:3472
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Suspicious use of WriteProcessMemory
                PID:4412
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:4448
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "ee72a818-7d5a-4baf-bbce-645f3fb7fc37" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000QFoFLIA1
                  2⤵
                    PID:3568
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                      3⤵
                      • Drops file in System32 directory
                      • Command and Scripting Interpreter: PowerShell
                      • Modifies data under HKEY_USERS
                      PID:6036
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                        PID:5704
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          • Modifies system certificate store
                          PID:5444
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "8c3feaa4-76e0-49f8-9f16-a36176d85c15" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000QFoFLIA1
                      2⤵
                        PID:4976
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=e8f31dc1db31d492f470158bb1b2eee9&rmm_session_pwd_ttl=86400"
                          3⤵
                          • System Location Discovery: System Language Discovery
                          PID:4236
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "f7b3f916-14d5-4e02-a823-b9d4d389b29a" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QFoFLIA1
                        2⤵
                        • Drops file in System32 directory
                        PID:6100
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "947951bd-cd3d-44c8-8107-cdcc2b8cd786" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000QFoFLIA1
                        2⤵
                        • Drops file in System32 directory
                        • Drops file in Program Files directory
                        PID:4940
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "c42d350c-00d9-4022-ac84-b9f9c2d930a1" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000QFoFLIA1
                        2⤵
                        • Drops file in Program Files directory
                        • Modifies registry class
                        PID:3788
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "725c945a-fbb5-418e-912a-ea227324fff7" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000QFoFLIA1
                        2⤵
                        • Modifies data under HKEY_USERS
                        PID:4420
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "6ba16b03-3d54-4dee-851b-70750f93567a" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000QFoFLIA1
                        2⤵
                          PID:3592
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "7bfa2241-b3e3-4a8f-b6e6-6eca3e012b01" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000QFoFLIA1
                          2⤵
                            PID:5184
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "3ee8bfde-f561-4e86-801f-fa383d661841" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000QFoFLIA1
                            2⤵
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            PID:5532
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "28d1c4b2-5f01-471e-962c-b7f1294cb256" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000QFoFLIA1
                            2⤵
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            PID:5692
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "03683c7f-ecd1-4d37-847b-7b3ef544f1d4" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000QFoFLIA1
                            2⤵
                            • Drops file in System32 directory
                            PID:5768
                            • C:\Windows\SYSTEM32\msiexec.exe
                              "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                              3⤵
                              • Modifies data under HKEY_USERS
                              PID:5488
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "9a34dc7f-8551-4879-96aa-2b4bd7f3aa0c" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000QFoFLIA1
                            2⤵
                            • Drops file in System32 directory
                            PID:5860
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "e338be39-53c9-47cf-81ea-f88f564f81e0" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000QFoFLIA1
                            2⤵
                            • Writes to the Master Boot Record (MBR)
                            PID:5956
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "bb4f9c3d-f4e3-4e62-b491-877f7783d8fd" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000QFoFLIA1
                            2⤵
                            • Drops file in System32 directory
                            PID:5980
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "a100ec83-adae-4b9c-a551-3914185b3566" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000QFoFLIA1
                            2⤵
                            • Downloads MZ/PE file
                            • Drops file in System32 directory
                            PID:5180
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:5804
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5412
                            • C:\Program Files\dotnet\dotnet.exe
                              "C:\Program Files\dotnet\dotnet" --list-runtimes
                              3⤵
                              • System Time Discovery
                              PID:5776
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:5788
                              • C:\Windows\Temp\{C1969E0F-F8A1-41D2-9BFF-9254CED2AD52}\.cr\8-0-11.exe
                                "C:\Windows\Temp\{C1969E0F-F8A1-41D2-9BFF-9254CED2AD52}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=720 -burn.filehandle.self=724 /repair /quiet /norestart
                                4⤵
                                • System Location Discovery: System Language Discovery
                                • System Time Discovery
                                PID:4940
                                • C:\Windows\Temp\{3FFD50C1-3EC4-4D8E-9206-566355B7CC21}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                  "C:\Windows\Temp\{3FFD50C1-3EC4-4D8E-9206-566355B7CC21}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{1A8A3FB7-2DAF-431B-9B89-7CB26B0EEF15} {6D4EA6F5-71BE-44AF-B76F-E5E5331DBFBB} 4940
                                  5⤵
                                  • Adds Run key to start application
                                  • System Location Discovery: System Language Discovery
                                  • System Time Discovery
                                  • Modifies registry class
                                  PID:4100
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:5564
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:3924
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:5264
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5496
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                          1⤵
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1896
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                            2⤵
                            • Drops file in System32 directory
                            • Loads dropped DLL
                            • System Location Discovery: System Language Discovery
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3168
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                              -h
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SetWindowsHookEx
                              PID:3752
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2260
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                4⤵
                                  PID:1028
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of SetWindowsHookEx
                                PID:4048
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                PID:3476
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                  SRUtility.exe -r
                                  4⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:1596
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of SetWindowsHookEx
                                PID:5824
                                • C:\Windows\System32\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                  4⤵
                                    PID:4492
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c ver
                                      5⤵
                                        PID:5436
                                      • C:\Windows\system32\sc.exe
                                        sc query ddmgr
                                        5⤵
                                        • Launches sc.exe
                                        PID:2864
                                      • C:\Windows\system32\sc.exe
                                        sc query lci_proxykmd
                                        5⤵
                                        • Launches sc.exe
                                        PID:3612
                                      • C:\Windows\system32\rundll32.exe
                                        rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                        5⤵
                                        • Drops file in System32 directory
                                        • Drops file in Windows directory
                                        • Checks SCSI registry key(s)
                                        • Modifies data under HKEY_USERS
                                        PID:2336
                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                1⤵
                                • Drops file in Program Files directory
                                • Modifies data under HKEY_USERS
                                PID:2896
                                • C:\Windows\System32\sc.exe
                                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                  2⤵
                                  • Launches sc.exe
                                  PID:2864
                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "58eff35f-c7eb-4d01-beb1-9ca6e167dd94" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000QFoFLIA1
                                  2⤵
                                  • Drops file in Program Files directory
                                  PID:5312
                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                    3⤵
                                    • Drops file in System32 directory
                                    • Command and Scripting Interpreter: PowerShell
                                    • Modifies data under HKEY_USERS
                                    PID:6100
                                  • C:\Windows\System32\cmd.exe
                                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                    3⤵
                                      PID:4792
                                      • C:\Windows\system32\cscript.exe
                                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                        4⤵
                                        • Modifies data under HKEY_USERS
                                        PID:1408
                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "679b075e-5daa-41b4-8ac5-4412c6406cfd" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000QFoFLIA1
                                    2⤵
                                      PID:5260
                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "ad1add88-5bee-46d1-a069-7e6c66ca5d89" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000QFoFLIA1
                                      2⤵
                                        PID:3564
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "1c000924-f912-48c0-8c1c-04ebfa1c0723" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000QFoFLIA1
                                        2⤵
                                          PID:3300
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "998ab737-ab92-436a-9132-4b82448658b3" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000QFoFLIA1
                                          2⤵
                                          • Writes to the Master Boot Record (MBR)
                                          PID:6044
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "72bc589c-b7e9-4cd3-967d-6c70e135b95b" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000QFoFLIA1
                                          2⤵
                                            PID:5720
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=e8f31dc1db31d492f470158bb1b2eee9&rmm_session_pwd_ttl=86400"
                                              3⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:2632
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "ebfcd71d-d547-44d9-9eb1-233573de395f" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QFoFLIA1
                                            2⤵
                                              PID:948
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "f425aa93-ac45-421b-9109-708716038481" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000QFoFLIA1
                                              2⤵
                                                PID:5340
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "74d9ef12-0387-42ef-af51-76e4249b93d2" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000QFoFLIA1
                                                2⤵
                                                  PID:512
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "d8874e9b-8319-46d4-b090-2ae919a35353" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000QFoFLIA1
                                                  2⤵
                                                    PID:5748
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "bb0742f0-18c4-41bf-8fea-4b6f0103e128" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000QFoFLIA1
                                                    2⤵
                                                      PID:2940
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "e18fa489-35ed-4fa3-af8b-f72a8c264ce3" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000QFoFLIA1
                                                      2⤵
                                                      • Modifies registry class
                                                      PID:5856
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "cb5bc73e-fff2-4815-9b6b-f4a3813603dc" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000QFoFLIA1
                                                      2⤵
                                                        PID:4916
                                                        • C:\Windows\SYSTEM32\cmd.exe
                                                          "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                          3⤵
                                                          • System Time Discovery
                                                          PID:5600
                                                          • C:\Program Files\dotnet\dotnet.exe
                                                            dotnet --list-runtimes
                                                            4⤵
                                                            • System Time Discovery
                                                            PID:2716
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "64d38eea-7651-4b03-8b12-c2e0e10860a4" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000QFoFLIA1
                                                        2⤵
                                                          PID:4940
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "ebfcd71d-d547-44d9-9eb1-233573de395f" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QFoFLIA1
                                                          2⤵
                                                            PID:5472
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 4accd7e7-6560-48a7-8998-7e9bfa056317 "32ad38b6-1ae8-4c96-b5f0-70b730b34d7e" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000QFoFLIA1
                                                            2⤵
                                                              PID:5376
                                                              • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "4accd7e7-6560-48a7-8998-7e9bfa056317" "32ad38b6-1ae8-4c96-b5f0-70b730b34d7e" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000QFoFLIA1"
                                                                3⤵
                                                                  PID:5732
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                              1⤵
                                                              • Drops file in Windows directory
                                                              • Checks SCSI registry key(s)
                                                              PID:5360
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                2⤵
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                • Modifies data under HKEY_USERS
                                                                PID:2120
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "000000000000010C" "WinSta0\Default" "0000000000000164" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                2⤵
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                • Modifies data under HKEY_USERS
                                                                PID:5076
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "000000000000017C"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                PID:5316
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                PID:4880

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Reconnaissance

                                                            Resource Development

                                                            Initial Access

                                                            Execution

                                                            Command and Scripting Interpreter

                                                            1
                                                            T1059

                                                            PowerShell

                                                            1
                                                            T1059.001

                                                            Persistence

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Event Triggered Execution

                                                            2
                                                            T1546

                                                            Component Object Model Hijacking

                                                            1
                                                            T1546.015

                                                            Installer Packages

                                                            1
                                                            T1546.016

                                                            Pre-OS Boot

                                                            1
                                                            T1542

                                                            Bootkit

                                                            1
                                                            T1542.003

                                                            Privilege Escalation

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Event Triggered Execution

                                                            2
                                                            T1546

                                                            Component Object Model Hijacking

                                                            1
                                                            T1546.015

                                                            Installer Packages

                                                            1
                                                            T1546.016

                                                            Defense Evasion

                                                            Modify Registry

                                                            2
                                                            T1112

                                                            Pre-OS Boot

                                                            1
                                                            T1542

                                                            Bootkit

                                                            1
                                                            T1542.003

                                                            Subvert Trust Controls

                                                            1
                                                            T1553

                                                            Install Root Certificate

                                                            1
                                                            T1553.004

                                                            System Binary Proxy Execution

                                                            1
                                                            T1218

                                                            Msiexec

                                                            1
                                                            T1218.007

                                                            Credential Access

                                                            Discovery

                                                            Peripheral Device Discovery

                                                            2
                                                            T1120

                                                            Query Registry

                                                            4
                                                            T1012

                                                            System Information Discovery

                                                            3
                                                            T1082

                                                            System Location Discovery

                                                            1
                                                            T1614

                                                            System Language Discovery

                                                            1
                                                            T1614.001

                                                            System Time Discovery

                                                            1
                                                            T1124

                                                            Lateral Movement

                                                            Collection

                                                            Command and Control

                                                            Exfiltration

                                                            Impact

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Config.Msi\e57dd32.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              0d8459d7d8507a78afe5c7eed39daaa9

                                                              SHA1

                                                              adb135e21139257f5641eb175b146c995288bba6

                                                              SHA256

                                                              611647c784d0016ae1028e0521e8103008af303c60234de3322d04cc414967e2

                                                              SHA512

                                                              5bc8a7dfa4a90f8647a87ae422e24332e6f45dde394ec89d12b5b3137255d934523b92465b35028f4ac2435813de12b7d99525714376ebe2ccfe68d00855c302

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd37.rbs
                                                              Filesize

                                                              74KB

                                                              MD5

                                                              5ab09f2f5fc9fe3627429f2347d7dda1

                                                              SHA1

                                                              e67adbf3d3c4f3b4e2f583b2abd8fa6dd9053183

                                                              SHA256

                                                              d6592c1eb480a0dbcf7ef75362f5ae7daa5f662f76d7034876e0fcdbbc746b57

                                                              SHA512

                                                              5958c58316f66644ee1bddca78105753eaf5bcc0178c7ee23df7587dcb8a07dd88d66882f61b27e40e8979059a4cb8e53ee06ddfeb478fdcf879c0512cb3fad1

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd39.rbs
                                                              Filesize

                                                              464B

                                                              MD5

                                                              604ce6e1818a17fa466949493a63668a

                                                              SHA1

                                                              5bdbb21d4e6b9739709ce8164c711c483946ed7a

                                                              SHA256

                                                              8633bfb2db8e58e5ca26cb826e634970bbb065303357b3b68c273a6124f53bab

                                                              SHA512

                                                              1248ff23fb018f5218383b9672c30330e876423b43473072873d2d18230056fe4d4b3c30ad4237f484ef01131cf4557bc0d8a9bec4d30621efa5d3c8995d7ed7

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd3f.rbs
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              8152c829c0450239c0bc5658ffa9b220

                                                              SHA1

                                                              3e2a2dd11ba7d193d38f55b606b2b5a65b401cf7

                                                              SHA256

                                                              bf3fcbb5560f64b8ec286700e076c69f4810044f62a0939f4d4c6d127db9aca3

                                                              SHA512

                                                              d7ee96194642f504fbcd0df7ab51c116d397a897a107787879246075509797c0e84b66569beccc438c3a888c5e611a1dca07d96f6a2b030d3ae9ecaecb1e6d48

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd47.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              992d456046e894955e5e24c94173bc1c

                                                              SHA1

                                                              7d6671fb8fa54b24d0ac1c6410ae726a3c6cd169

                                                              SHA256

                                                              cf38a5d13d5a00c55ac4dba2247b4c7a95ff155d9a4ec8ffc17595c750e488ce

                                                              SHA512

                                                              c7eeec15adba80d42e1682595eebdbb2f3eaf0627017eac4491a89cec21907ceaba9828c5f0528821f059067f72a0299984355312f9b74a0cd27d7b39c496299

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd4c.rbs
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              5ef1da6ea8661f112aa8973b5de89a97

                                                              SHA1

                                                              b75344e485ded6634f76f72bfe88c5bac480cd3c

                                                              SHA256

                                                              5d9c731d2e3a16e8b1a4ea191be5a942f8bb44461407b8f424fdf2e7c3be475c

                                                              SHA512

                                                              794cfae6a5187d78a60ed0cbfc11252343a86e760e0ccda67dd5524309d3e33840fe0e0bf63e1cbbfb70ddfe9c56b34cf16e2d5f00fd4b85598deed84f5a3064

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd51.rbs
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              db8ffee51ce602c7d82d34c7496e9d91

                                                              SHA1

                                                              02c1aef03492415071c5bc727f62a5e0ce41d079

                                                              SHA256

                                                              0df1fe29c155c742bae0b34fd33829beec59c6c77d7374c8e2f7a04ecdcc5d8e

                                                              SHA512

                                                              b04fb3d229f93911da002a773c612fb22346e8f6e8ff371a904d7bc1530a2f099a7f3992db4099451e435f00bd0d99b36e731350cf48bd247f928e5b2154f95b

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd56.rbs
                                                              Filesize

                                                              11KB

                                                              MD5

                                                              c22f6b1f9aa30d1830bf063468684d34

                                                              SHA1

                                                              e49d76d06d45f800764fcd1d21321328d4767e60

                                                              SHA256

                                                              d73b2b74b0966a812aca5b898fe0f6914fc90f313198f67300f9f4e71a237b5c

                                                              SHA512

                                                              ef2c64f8d69c88f862a43c58055b63c2ab18056bfaf819c32129319a7d3f928485c005484029589a5bc190e43790eec8a1b0ea69ff397d0be98d51573d26a40b

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd5b.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              fb6ab1ebac7fdc22d914716c45d6ad10

                                                              SHA1

                                                              57f3bf3ab13c6bfc5d758d59f84d6d49a41fa09a

                                                              SHA256

                                                              e6b78e88803c57e853350119a64049ef6d3cfacdd8c3aabd74f8daa1e0ce1038

                                                              SHA512

                                                              7bf01aece0256e5a495d02308ae03add210f0d4653e9fb959323c6120dc05d125eaab5b789552871915fcb97ebf86c1f0cadb79f67530a81d0877d55a0e5a911

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd5c.rbf
                                                              Filesize

                                                              143KB

                                                              MD5

                                                              33b4c87f18b4c49114d7a8980241657a

                                                              SHA1

                                                              254c67b915e45ad8584434a4af5e06ca730baa3b

                                                              SHA256

                                                              587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                              SHA512

                                                              42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                              Download Submit

                                                            • C:\Config.Msi\e57dd5d.rbf
                                                              Filesize

                                                              3B

                                                              MD5

                                                              21438ef4b9ad4fc266b6129a2f60de29

                                                              SHA1

                                                              5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                              SHA256

                                                              13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                              SHA512

                                                              37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              753B

                                                              MD5

                                                              8298451e4dee214334dd2e22b8996bdc

                                                              SHA1

                                                              bc429029cc6b42c59c417773ea5df8ae54dbb971

                                                              SHA256

                                                              6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

                                                              SHA512

                                                              cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              3840b31c383fdf49bfd6740d945c9032

                                                              SHA1

                                                              a6f50164a69718bcef4664d7c47534f0d721866a

                                                              SHA256

                                                              1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

                                                              SHA512

                                                              f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                              Filesize

                                                              142KB

                                                              MD5

                                                              477293f80461713d51a98a24023d45e8

                                                              SHA1

                                                              e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                              SHA256

                                                              a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                              SHA512

                                                              23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              b3bb71f9bb4de4236c26578a8fae2dcd

                                                              SHA1

                                                              1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                              SHA256

                                                              e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                              SHA512

                                                              fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                              Filesize

                                                              210KB

                                                              MD5

                                                              c106df1b5b43af3b937ace19d92b42f3

                                                              SHA1

                                                              7670fc4b6369e3fb705200050618acaa5213637f

                                                              SHA256

                                                              2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                              SHA512

                                                              616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                              Filesize

                                                              693KB

                                                              MD5

                                                              2c4d25b7fbd1adfd4471052fa482af72

                                                              SHA1

                                                              fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                              SHA256

                                                              2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                              SHA512

                                                              f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                              Filesize

                                                              146KB

                                                              MD5

                                                              8d477b63bc5a56ae15314bda8dea7a3a

                                                              SHA1

                                                              3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                              SHA256

                                                              9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                              SHA512

                                                              44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                              Filesize

                                                              145KB

                                                              MD5

                                                              2b9beb2fdbc41afc48d68d32ef41dd08

                                                              SHA1

                                                              4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                              SHA256

                                                              977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                              SHA512

                                                              3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                              Filesize

                                                              51KB

                                                              MD5

                                                              3180c705182447f4bcc7ce8e2820b25d

                                                              SHA1

                                                              ad6486557819a33d3f29b18d92b43b11707aae6e

                                                              SHA256

                                                              5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                              SHA512

                                                              228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                              Filesize

                                                              12B

                                                              MD5

                                                              1e065e191e89cc811ff49c96fa8fa5e6

                                                              SHA1

                                                              bc50ff2a20a8b83683583684fcac640a91689ed4

                                                              SHA256

                                                              d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                                              SHA512

                                                              5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                              Filesize

                                                              247KB

                                                              MD5

                                                              aa5cf64d575b7544eefd77f256c4dc57

                                                              SHA1

                                                              bd23989db4f9af0aae34d032e817d802c06ca5a9

                                                              SHA256

                                                              79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                                              SHA512

                                                              774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                              Filesize

                                                              546B

                                                              MD5

                                                              158fb7d9323c6ce69d4fce11486a40a1

                                                              SHA1

                                                              29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                              SHA256

                                                              5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                              SHA512

                                                              7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                              Filesize

                                                              94KB

                                                              MD5

                                                              c69c7690482c75a8fc70df2990d7afc6

                                                              SHA1

                                                              79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

                                                              SHA256

                                                              580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

                                                              SHA512

                                                              ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                              Filesize

                                                              688KB

                                                              MD5

                                                              111e2e63bccead95bb5ffc53c9282070

                                                              SHA1

                                                              eaae7df21e291aa089bc101b1e265ca202be1225

                                                              SHA256

                                                              9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

                                                              SHA512

                                                              ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                              Filesize

                                                              27KB

                                                              MD5

                                                              797c9554ec56fd72ebb3f6f6bef67fb5

                                                              SHA1

                                                              40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                              SHA256

                                                              7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                              SHA512

                                                              4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                              Filesize

                                                              214KB

                                                              MD5

                                                              01807774f043028ec29982a62fa75941

                                                              SHA1

                                                              afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                              SHA256

                                                              9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                              SHA512

                                                              33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                              Filesize

                                                              37KB

                                                              MD5

                                                              efb4712c8713cb05eb7fe7d87a83a55a

                                                              SHA1

                                                              c94d106bba77aecf88540807da89349b50ea5ae7

                                                              SHA256

                                                              30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                              SHA512

                                                              3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                              Filesize

                                                              3.4MB

                                                              MD5

                                                              93e4c198656fc267f392de11dee01cd0

                                                              SHA1

                                                              e92cb59486745ee7564f5b374e790a065e1f4678

                                                              SHA256

                                                              88b220f9f9bf25f856dda714aa1a1ae998720780cd3ec5b968154e03834fa965

                                                              SHA512

                                                              3a04a02982dbbbb9d54b6c5674f2f2c10e0cbce580e3974cd924cc9131cd94aece71c7b975c9abaae82f057c70243fb016d31339e8700c96bd55c434bb98105f

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                              Filesize

                                                              397KB

                                                              MD5

                                                              810f893e58861909b134fa72e3bc90cd

                                                              SHA1

                                                              524977f32836634132d23997b23304574d8d156a

                                                              SHA256

                                                              b83b6c1f64b6700d7444586a6214858a1479c58571f5e7bf4f023166c9016733

                                                              SHA512

                                                              db463d34a37403a9248d463ae63989b40a0172d9543bda922dacb10a624eb603700628a67d9c86df2605c36d789902ec79228aa29f26c49be0195c54a9e4a191

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              d4526e189dc14cdc5797fa646d9faa21

                                                              SHA1

                                                              fe9f3503ebcbeed6c87f1977a1ad79bf6002f0cc

                                                              SHA256

                                                              91d411b598afad3b7ac3ab720b9b464b3e2a079218965d208746883ce91bf095

                                                              SHA512

                                                              4ae4d4d0d04dd1fb2a82bfac711067287213dcfe40a014163b04525fd955ecb0af34ca958f8579db531db77a7087692c093fd4439e883e54cd96c107707fccaf

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                              Filesize

                                                              197KB

                                                              MD5

                                                              d0d21e16e57a1a73056eae228da1e287

                                                              SHA1

                                                              ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                              SHA256

                                                              3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                              SHA512

                                                              470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                              Filesize

                                                              56KB

                                                              MD5

                                                              d0aa95693d78fd438552bd9df01fec78

                                                              SHA1

                                                              0e7173c1af5d5543d5a41aed690e59f3ae4bb0b9

                                                              SHA256

                                                              11201ece7c3ee4bbcde0b84a2bc7c251ef57fce5200b2a1ae437fc959c7ad8a7

                                                              SHA512

                                                              7b48864e72627bb51063ea49f6459eb6c05baa64066d8e6c85f2ff7b7de26b633ff973e2a830da63b6824eaea65690e3f6b29af8adbc0c24724016a8764f3b15

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              9d1528a2ce17522f6de064ae2c2b608e

                                                              SHA1

                                                              2f1ce8b589e57ab300bb93dde176689689f75114

                                                              SHA256

                                                              11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                              SHA512

                                                              a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.5692.update
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              14ffcf07375b3952bd3f2fe52bb63c14

                                                              SHA1

                                                              ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                              SHA256

                                                              6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                              SHA512

                                                              14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              fe295e65aa8a1872768dfca00fef290f

                                                              SHA1

                                                              fdd8d98f3262a238f153f69d3cd902ab55871f81

                                                              SHA256

                                                              6614601b55848c48a1fcde37032fd9548c1ed228b81fa67fe81e11916cfa3352

                                                              SHA512

                                                              27630e99df0a8e40f3ff26118480163f1fc10679ecfe11cd1ae7ee7451ea51617cb2d3a8b8cd91f8bb92363c314a0104c54d39b304e211cc8dc062be2ab5b769

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                              Filesize

                                                              2B

                                                              MD5

                                                              81051bcc2cf1bedf378224b0a93e2877

                                                              SHA1

                                                              ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                              SHA256

                                                              7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                              SHA512

                                                              1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                              Filesize

                                                              54KB

                                                              MD5

                                                              77c613ffadf1f4b2f50d31eeec83af30

                                                              SHA1

                                                              76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                              SHA256

                                                              2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                              SHA512

                                                              29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                              Filesize

                                                              333KB

                                                              MD5

                                                              745714d838c4d4f88c6e0db6a434f444

                                                              SHA1

                                                              90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                              SHA256

                                                              e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                              SHA512

                                                              08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                              Filesize

                                                              70KB

                                                              MD5

                                                              e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                              SHA1

                                                              22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                              SHA256

                                                              bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                              SHA512

                                                              00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                              Filesize

                                                              50KB

                                                              MD5

                                                              5bb0687e2384644ea48f688d7e75377b

                                                              SHA1

                                                              44e4651a52517570894cfec764ec790263b88c4a

                                                              SHA256

                                                              963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                              SHA512

                                                              260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                              Filesize

                                                              32KB

                                                              MD5

                                                              2ec1d28706b9713026e8c6814e231d7c

                                                              SHA1

                                                              7ef12a01182d28a5ebf049cc1cb80619cd1e391a

                                                              SHA256

                                                              c9514bf67df87ac6cc1002f3585d5b6f7d4093a7a794d524fa8c635f052733de

                                                              SHA512

                                                              9e23588dc6d721f42e309974c3f3089f845f10d1dee87fb26213ba3810ee3c272d758632cf1c9157f6862ba0e582afc49c1ee51540461f41840650f216f35aeb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                              Filesize

                                                              59KB

                                                              MD5

                                                              26c25e48b69eb8df7d6cea01fd66f3df

                                                              SHA1

                                                              d70e92a8b8d358c7a2e200b11e23703cf43d93e9

                                                              SHA256

                                                              f6da2cc4a4ca0a4cff92a2c9f61e546255bfe9d02eb1087a033b1a45e06fec87

                                                              SHA512

                                                              6414db6ba626fe4b39155052638a15707cf60836056560fceeb5a1ea8faee1bee830840900f1635ff5a0ce1d271f73062660bd0ec582815e0bc56f4997a45feb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                              Filesize

                                                              588KB

                                                              MD5

                                                              17d74c03b6bcbcd88b46fcc58fc79a0d

                                                              SHA1

                                                              bc0316e11c119806907c058d62513eb8ce32288c

                                                              SHA256

                                                              13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                              SHA512

                                                              f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                              Filesize

                                                              218B

                                                              MD5

                                                              8ad10c450a7daf3dcf6e53781c229c56

                                                              SHA1

                                                              1b23454c687fa16b0a1da8411e299aa5a142a5ec

                                                              SHA256

                                                              d2e11c6bf4d9bfb8ab00141bbb8fc11578fe874c945f9bf7dfe824e82a4e84c8

                                                              SHA512

                                                              147efef2f63ea9a1166c281041e4295f8fb79b49705a6248812e26e8076421a22d1fcc43f87413e6c2bffca90d1d1bc8ae8399147baf76a7a7e8df880589b2a9

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              1ef7574bc4d8b6034935d99ad884f15b

                                                              SHA1

                                                              110709ab33f893737f4b0567f9495ac60c37667c

                                                              SHA256

                                                              0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                              SHA512

                                                              947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              f512536173e386121b3ebd22aac41a4e

                                                              SHA1

                                                              74ae133215345beaebb7a95f969f34a40dda922a

                                                              SHA256

                                                              a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                              SHA512

                                                              1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                              Filesize

                                                              76KB

                                                              MD5

                                                              b40fe65431b18a52e6452279b88954af

                                                              SHA1

                                                              c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                              SHA256

                                                              800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                              SHA512

                                                              e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                              Filesize

                                                              80KB

                                                              MD5

                                                              3904d0698962e09da946046020cbcb17

                                                              SHA1

                                                              edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                              SHA256

                                                              a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                              SHA512

                                                              c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                              Filesize

                                                              96KB

                                                              MD5

                                                              7cfb0b44268ebf2c5363bdec2b5006f3

                                                              SHA1

                                                              9a76c25620cda32e6f0d39266288878ea647341b

                                                              SHA256

                                                              40083b031de47bbfffd401892dc35ad690e9ac020c7c03c8f180d22f7ae1ec23

                                                              SHA512

                                                              3955fbd15bec38988d38c1737e794d4399a38493dff52f3743b318c442d83d9b009e4d7a7e2d3dc614fc42ac0ddef8ea127af5c4ff31136c24be2c8b04419587

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              287B

                                                              MD5

                                                              fcad4da5d24f95ebf38031673ddbcdb8

                                                              SHA1

                                                              3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                              SHA256

                                                              7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                              SHA512

                                                              1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              362ce475f5d1e84641bad999c16727a0

                                                              SHA1

                                                              6b613c73acb58d259c6379bd820cca6f785cc812

                                                              SHA256

                                                              1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                              SHA512

                                                              7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                              Filesize

                                                              1.3MB

                                                              MD5

                                                              40df7f2a02cdfa70ae76d70d21473428

                                                              SHA1

                                                              4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                              SHA256

                                                              f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                              SHA512

                                                              2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              5ed9543e9f5826ead203316ef0a8863d

                                                              SHA1

                                                              8235c0e7568ec42d6851c198adc76f006883eb4b

                                                              SHA256

                                                              33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                              SHA512

                                                              5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              9a9b1fd85b5f1dcd568a521399a0d057

                                                              SHA1

                                                              34ed149b290a3a94260d889ba50cb286f1795fa6

                                                              SHA256

                                                              88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                              SHA512

                                                              7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                              Filesize

                                                              383KB

                                                              MD5

                                                              f6f297c704f4f4c13d50f971daea3b56

                                                              SHA1

                                                              118581c847ea863ff8bca0a38b5469577ac6b227

                                                              SHA256

                                                              a92e1c423c30b6bb4c73f8807890b6020e12cad4143ebf6548d6562cd04f0b4b

                                                              SHA512

                                                              b312447f381d48b68308b68cd841a4274897fe4e4bd5ea3fcdfd598a6926db1ad43443bf7c0b103fdf06e1b511f5ea1b2e8018abc62a39b9b7f2d4be17a7c848

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                              Filesize

                                                              321KB

                                                              MD5

                                                              d3901e62166e9c42864fe3062cb4d8d5

                                                              SHA1

                                                              c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                              SHA256

                                                              dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                              SHA512

                                                              ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                              Filesize

                                                              814KB

                                                              MD5

                                                              9b1f97a41bfb95f148868b49460d9d04

                                                              SHA1

                                                              768031d5e877e347a249dfdeab7c725df941324b

                                                              SHA256

                                                              09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                              SHA512

                                                              9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                              Filesize

                                                              1.2MB

                                                              MD5

                                                              e74d2a16da1ddb7f9c54f72b8a25897c

                                                              SHA1

                                                              32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                              SHA256

                                                              a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                              SHA512

                                                              52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                              Filesize

                                                              11B

                                                              MD5

                                                              5eda46a55c61b07029e7202f8cf1781c

                                                              SHA1

                                                              862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                              SHA256

                                                              12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                              SHA512

                                                              4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              a6bd887ee94e12d3c42a5d47b4c73826

                                                              SHA1

                                                              6b30541a5b528ff8a8befdb5cab0b9dccf4b2491

                                                              SHA256

                                                              643d32f1b400e5cdc5b76067eac006167c07b321d5abd06b30f1a45e9fe2253c

                                                              SHA512

                                                              ec86b4beda8995c13f550ce0f1c60b7bf384f706d37c516a12c6e6d6e0040bc11f72e9af09117d78b46bb799e9e41f4f6b2e78b84c2cf087ac76a1eb94986171

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              2d9e4265d02772969dcb3595c7ab5edb

                                                              SHA1

                                                              1021ab614fb2ee73885c5b4cef8cee1e11bff8c5

                                                              SHA256

                                                              987504b21dc53a476e3f922f852ba44fc2b659045fed05b796741a4c95cb7dce

                                                              SHA512

                                                              d43d864fb16093cfaff5e53a18af309735d1821c0594eb334495b79c7a612a77232aee4082a058a5dfa49b34d7774d9809a38e1e26a32a9c1739f0420f92e982

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              af360ed19704b663adb7a1f8f8bc808c

                                                              SHA1

                                                              b53fd10c43d8909551ff145e2e8f50707d804f9e

                                                              SHA256

                                                              e1bbe05b47d4b6a3ddb1e006b9989c3bbf2a871b957042631dfafa767b1d12d4

                                                              SHA512

                                                              7b9e38ac5b7f3bc7422ab9879d6bb08b228b8942354202789af600ae9faf24bfb4abc0ce613b43c1a89aec1aeb78f3758def66f95f9344b8126b0662c19143f1

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                              Filesize

                                                              2.8MB

                                                              MD5

                                                              ab8d85c093d6f0180bf09ec0f466b78b

                                                              SHA1

                                                              1daf355d14d45b1e411f96fa394a98a84c09e53e

                                                              SHA256

                                                              d1e08c8dbf3bfc34e3fdfc390d2e7f5b871f95376e7dda93e3dd0051d580db40

                                                              SHA512

                                                              2882292301e1fb85b410570ece6cf05f3e89968a02450dba192a1f97282f1c08ed30819e3d36c524fba3baeb6a2c22a10a762c8313e8823c07554b4b975cc00e

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              f39fbf03ca870084bde8bfd5e6e1ec39

                                                              SHA1

                                                              00febae56b76f76166fa64a0c0dc746b9feb61e4

                                                              SHA256

                                                              1c2761c31cf551a7b3034618fd0018d1a304bbcb97383d2bb13c47aeb8b23c60

                                                              SHA512

                                                              4c974603fb33e3711dc7f28e4580fef2a197ee1abfcc2c2384e4053c939847fa94b5d27a44ca6ad1fc8799dd80c2cc975c87e55e15902786e4b1e8dbe362bf7a

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              6c6f85e896655a6eb726482f04c49086

                                                              SHA1

                                                              2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                              SHA256

                                                              e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                              SHA512

                                                              b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                              Filesize

                                                              541B

                                                              MD5

                                                              d0efb0a6d260dbe5d8c91d94b77d7acd

                                                              SHA1

                                                              e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                              SHA256

                                                              7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                              SHA512

                                                              a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              880d31390a25de6a9cd34463b46c75e6

                                                              SHA1

                                                              837af65938c9606b5de3c6f2195fc3e855554cd7

                                                              SHA256

                                                              425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                              SHA512

                                                              8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                              Filesize

                                                              670KB

                                                              MD5

                                                              96e50bbca30d75af7b8b40acf8dda817

                                                              SHA1

                                                              4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                              SHA256

                                                              a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                              SHA512

                                                              0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                              Filesize

                                                              3.1MB

                                                              MD5

                                                              8e70af11d0ee2abe139b40d67e70b73c

                                                              SHA1

                                                              18582e88e16255d5d267904bdf0357ec9ff333e0

                                                              SHA256

                                                              5c687adaa48b83de220e8489e0ceb0093be1f94260750c8d94a1b8497781327e

                                                              SHA512

                                                              3a845ed4ab368b0dde7e98d77fb796e9070f6bb9472ea833e52b19eb5bd47260e0b288fd3c8d19235bd9ded6f7b11ea10985ad871c8f5c82751249301d3ee4a6

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              9a5e9a329e4e73e0c499371205a810db

                                                              SHA1

                                                              5b6d85657d4acd89867283fbe372e9e85c30686f

                                                              SHA256

                                                              d109087c4ca318cad74b7560c32594d37181885adbdc9348ba1dd35d47b35b92

                                                              SHA512

                                                              02bd5261b9e795ed5a07badd65a6cf71d18751452fb44bdd424dfcc6c50ba7441e0066b125e731018fd6f1a8a002ac4e6961c7eff21c36fbda58c8015a100c43

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                              Filesize

                                                              572KB

                                                              MD5

                                                              7062f2490fde7624ceab2fac6a996b98

                                                              SHA1

                                                              63a355ebf702bd6fb4e10f4353e5dbaa036ff635

                                                              SHA256

                                                              dbf3e40e068c22a995bb917ef51153bf1d4dd06ab8a5bb5486ea017245edbf1c

                                                              SHA512

                                                              5674e823473887669a1d12ecea9f7569633fb885f570b3c7bd8fbb706b214c564a0aaf0bedebd0a61add76582316c7de9a2f5af5b4cd8d04f426d80987f2d7b3

                                                              Download Submit

                                                            • C:\Program Files\dotnet\dotnet.exe
                                                              Filesize

                                                              143KB

                                                              MD5

                                                              71026b098f8fb39c88b003df746d9fa0

                                                              SHA1

                                                              013ca259f551ad6f33db53fff0e121e74408e20e

                                                              SHA256

                                                              11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                              SHA512

                                                              9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                              Download Submit

                                                            • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\710c04881ef62b711355b9c030d8f4e2
                                                              Filesize

                                                              16KB

                                                              MD5

                                                              b2e89027a140a89b6e3eb4e504e93d96

                                                              SHA1

                                                              f3b1b34874b73ae3032decb97ef96a53a654228f

                                                              SHA256

                                                              5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                              SHA512

                                                              93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                              Download Submit

                                                            • C:\ProgramData\chocolatey\config\chocolatey.config
                                                              Filesize

                                                              809B

                                                              MD5

                                                              8b6737800745d3b99886d013b3392ac3

                                                              SHA1

                                                              bb94da3f294922d9e8d31879f2d145586a182e19

                                                              SHA256

                                                              86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                              SHA512

                                                              654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                              Download Submit

                                                            • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              f960e4e449584b7de0ba44c8d7e862e4

                                                              SHA1

                                                              0ac8aad5a9d53ba6fac22974f7ddf2cbf74f1e99

                                                              SHA256

                                                              b6a46ce9a7d2d69ad7e88efaf2d6eb5f3a4ce8e7d4dbbe6046aae5502a55a35a

                                                              SHA512

                                                              8d7e495ffaff055f1b849fdf9d0e0ab86116768c7350c734a6508e7fbddab4689fe69b0fb659ce2598d95a6ec5d3db7eb97c92f4c29712bb7d46277439a8c8d7

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                              Filesize

                                                              471B

                                                              MD5

                                                              a92359bcd40ab68df3b2a726b293703e

                                                              SHA1

                                                              03af49fbe93ce7312ceb352c712941d1ac5fd2f0

                                                              SHA256

                                                              e61fca89129e6e9eecaafaa8612f1d82efb267b900a8ca27427fa0b32e065c63

                                                              SHA512

                                                              f2f2ff4c354ce68642ec37357e40c28cfc2449bfa9971ffe59c800a50287f8a39b5729a6fb2aaf8f23b9f45ea3e478a9f12dbba0479d93e4c2c598263aa7ce92

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              727B

                                                              MD5

                                                              12d865d718c648c03e5657a02fbd7128

                                                              SHA1

                                                              67992668978bbcf0dc94166c3d68fe91adf5a4f7

                                                              SHA256

                                                              605bc5c5942c346edd5a9639cd65d9829c8aa80d06b01dfd1b7c8dfa5fc5f671

                                                              SHA512

                                                              02628a076f36de16e92be4b799074dcc843df16a065313662b163a368b46e9a458388e9e4a5c7deedeb9ea3db9da47ba886fa9be7fb8724c5f6af46a372c4c41

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              727B

                                                              MD5

                                                              7ede1c2319349ee09eef9b918f848ee1

                                                              SHA1

                                                              907bc671d8865713c6c6758ab35d880bc195cd26

                                                              SHA256

                                                              0091300b2b650fad4fdf32c8681ca431aa280403bb7afec50e1e3b2232537c9e

                                                              SHA512

                                                              673710e89af144f22a6a69011341e48681cf2b46ec58fa7ceed13688f3dfa17e5c8ea9f8054cb99c054864ec980fa0acebdb480ce9abf4d1d7a8ec46dcfb5866

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                              Filesize

                                                              400B

                                                              MD5

                                                              5ca29b78d84fd3a726f069c885e5ebfe

                                                              SHA1

                                                              4fd5bd50523ff34617dd6ed02313f77b0cd39625

                                                              SHA256

                                                              576a0520dc8d4c00940ca0a101a8cabc569bff0b267a1f9d8a38689d92952cae

                                                              SHA512

                                                              6d23577456090a56ff14005e01e852c2499c800476033d8eb815ea640eda1fce5b14cf6c5e959208e9319dd13d770b048b64228d29a20c3cbf0491f6213683cc

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              404B

                                                              MD5

                                                              68223b2e0a49ae2c2ae1647d37c39fac

                                                              SHA1

                                                              ec1e78906ed758e9a46bc41138ce4fb20a5106f6

                                                              SHA256

                                                              77049ea6b1a71cee2b868507e07ea7b04646f8428e1efd2d3fa37f96365db595

                                                              SHA512

                                                              8841a495782e9ccc10e6411aca3dbd14714ab381b121275c21850eb65ad3d0e022180a7fb050b5e572a79519aea8b7afd86e560d19f4e7c9a60f790409004220

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              412B

                                                              MD5

                                                              31f1aba1e22457219038bb22154ad14a

                                                              SHA1

                                                              88eb373fb452f0b7e7730d4870f35af75903ac8e

                                                              SHA256

                                                              f2cf9e4babd300a2ffc6fee094ceac29d26b43f5bf781e276eca61f0a758d795

                                                              SHA512

                                                              5c4897e0cedb7f27e02a9b68604d2344367adea389a90b34f4bfe9f90b7b3d41884011fb8dbb7f3ef6d4f6a0d838609806d8f17033b95c56018f57f2a1958589

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                              Filesize

                                                              651B

                                                              MD5

                                                              9bbfe11735bac43a2ed1be18d0655fe2

                                                              SHA1

                                                              61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                              SHA256

                                                              549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                              SHA512

                                                              a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                              Download Submit

                                                            • C:\Windows\Installer\MSI4000.tmp
                                                              Filesize

                                                              4.5MB

                                                              MD5

                                                              08211c29e0d617a579ffa2c41bde1317

                                                              SHA1

                                                              4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                              SHA256

                                                              3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                              SHA512

                                                              d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                              Download Submit

                                                            • C:\Windows\Installer\MSI99CC.tmp-\System.Management.dll
                                                              Filesize

                                                              60KB

                                                              MD5

                                                              878e361c41c05c0519bfc72c7d6e141c

                                                              SHA1

                                                              432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                              SHA256

                                                              24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                              SHA512

                                                              59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIDDCD.tmp
                                                              Filesize

                                                              509KB

                                                              MD5

                                                              88d29734f37bdcffd202eafcdd082f9d

                                                              SHA1

                                                              823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                              SHA256

                                                              87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                              SHA512

                                                              1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIDDCD.tmp-\AlphaControlAgentInstallation.dll
                                                              Filesize

                                                              25KB

                                                              MD5

                                                              aa1b9c5c685173fad2dabebeb3171f01

                                                              SHA1

                                                              ed756b1760e563ce888276ff248c734b7dd851fb

                                                              SHA256

                                                              e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                              SHA512

                                                              d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIDDCD.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              1a5caea6734fdd07caa514c3f3fb75da

                                                              SHA1

                                                              f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                              SHA256

                                                              cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                              SHA512

                                                              a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIE06E.tmp-\CustomAction.config
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              bc17e956cde8dd5425f2b2a68ed919f8

                                                              SHA1

                                                              5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                              SHA256

                                                              e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                              SHA512

                                                              02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIE06E.tmp-\Newtonsoft.Json.dll
                                                              Filesize

                                                              695KB

                                                              MD5

                                                              715a1fbee4665e99e859eda667fe8034

                                                              SHA1

                                                              e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                              SHA256

                                                              c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                              SHA512

                                                              bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIE68B.tmp
                                                              Filesize

                                                              211KB

                                                              MD5

                                                              a3ae5d86ecf38db9427359ea37a5f646

                                                              SHA1

                                                              eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                              SHA256

                                                              c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                              SHA512

                                                              96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIEB09.tmp
                                                              Filesize

                                                              219KB

                                                              MD5

                                                              928f4b0fc68501395f93ad524a36148c

                                                              SHA1

                                                              084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                              SHA256

                                                              2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                              SHA512

                                                              7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                              Download Submit

                                                            • C:\Windows\Installer\e57dd31.msi
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              6032d2452e05a12f1449182deb3ab258

                                                              SHA1

                                                              03a992f9020a003fe86e477ac28698afc16a73d3

                                                              SHA256

                                                              394659c01bd981c3a4d5840fbd624c20e3270c9defc432ff3fe6ddb482b5ad46

                                                              SHA512

                                                              1318d1844efe031d05499e642c9509422a9f92977b8b4c76d38c6c614d81813af4ec927d2dd807e9b7b205ab06ea1800eb4a082f1a89a4e3721a37301165e28d

                                                              Download Submit

                                                            • C:\Windows\Installer\e57dd49.msi
                                                              Filesize

                                                              26.3MB

                                                              MD5

                                                              b9c6d23462adef092b8a5b7880531b03

                                                              SHA1

                                                              9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                              SHA256

                                                              2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                              SHA512

                                                              18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                              Download Submit

                                                            • C:\Windows\Installer\e57dd52.msi
                                                              Filesize

                                                              772KB

                                                              MD5

                                                              d73de5788ab129f16afdd990d8e6bfa9

                                                              SHA1

                                                              88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                              SHA256

                                                              4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                              SHA512

                                                              bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{148aa660-5dd5-a74b-8a57-99a56a670a06}\lci_proxywddm.cat
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              8e16d54f986dbe98812fd5ec04d434e8

                                                              SHA1

                                                              8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                              SHA256

                                                              7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                              SHA512

                                                              e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{148aa660-5dd5-a74b-8a57-99a56a670a06}\lci_proxywddm.inf
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              0315a579f5afe989154cb7c6a6376b05

                                                              SHA1

                                                              e352ff670358cf71e0194918dfe47981e9ccbb88

                                                              SHA256

                                                              d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                              SHA512

                                                              c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{148aa660-5dd5-a74b-8a57-99a56a670a06}\x64\lci_proxyumd.dll
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              4dc11547a5fc28ca8f6965fa21573481

                                                              SHA1

                                                              d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                              SHA256

                                                              e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                              SHA512

                                                              bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{148aa660-5dd5-a74b-8a57-99a56a670a06}\x64\lci_proxyumd32.dll
                                                              Filesize

                                                              135KB

                                                              MD5

                                                              67ae7b2c36c9c70086b9d41b4515b0a8

                                                              SHA1

                                                              ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                              SHA256

                                                              79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                              SHA512

                                                              4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{148aa660-5dd5-a74b-8a57-99a56a670a06}\x64\lci_proxywddm.sys
                                                              Filesize

                                                              119KB

                                                              MD5

                                                              b9b0e9b4d93b18b99ece31a819d71d00

                                                              SHA1

                                                              2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                              SHA256

                                                              0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                              SHA512

                                                              465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{70fd5d69-d79d-e948-add5-4dbc394ea364}\lci_iddcx.cat
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              62458e58313475c9a3642a392363e359

                                                              SHA1

                                                              e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                              SHA256

                                                              85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                              SHA512

                                                              49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{70fd5d69-d79d-e948-add5-4dbc394ea364}\lci_iddcx.inf
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              1cec22ca85e1b5a8615774fca59a420b

                                                              SHA1

                                                              049a651751ef38321a1088af6a47c4380f9293fc

                                                              SHA256

                                                              60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                              SHA512

                                                              0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{70fd5d69-d79d-e948-add5-4dbc394ea364}\x64\lci_iddcx.dll
                                                              Filesize

                                                              52KB

                                                              MD5

                                                              01e8bc64139d6b74467330b11331858d

                                                              SHA1

                                                              b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                              SHA256

                                                              148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                              SHA512

                                                              4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                              Download Submit

                                                            • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-03-38-27.dat
                                                              Filesize

                                                              602B

                                                              MD5

                                                              7104ef033b2dcacf06fe3f8dc4f5103d

                                                              SHA1

                                                              3ee83e848080bbe930a4f6ddf2256e69cc20ea17

                                                              SHA256

                                                              17ab2665cc1f7c7b2b111269c973f3a04080d69dfaef25bf37128ae176069ec3

                                                              SHA512

                                                              551eabc1c05e1cf4dc442b8dc5c0173eff77d96a03e448e55294555f489fb38e549debce8025272d7a4511cb90ced6cfcc9f0b6b493bf069ec4e8999d7b4a6cf

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              3b923438f4d6446d49a6f9da234f47d8

                                                              SHA1

                                                              bea36cd9a2cfb9206c1072281577cea7c6d80077

                                                              SHA256

                                                              c4219e7119cc998c8ca194d0bd8e0dbe06b7fb8ada12a85a18c2b1b8a20d1e2f

                                                              SHA512

                                                              87da7385eaf42a21baadab8958f12cd304044d6e0fca8e368c22dc7ee2e2a18e5a5b5814a672cd1f55c394a831899548fde16752fbb0eb6eec84bf80c64c5906

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              976B

                                                              MD5

                                                              2d272eb92ed96337eacae7888dc33c7a

                                                              SHA1

                                                              6ee8ab55d3f106791c15a8c099df868e4501d592

                                                              SHA256

                                                              6a41bb78eb0522d4e8b782018acc0b92825f66fcb0f88442f8e63206b7d6c832

                                                              SHA512

                                                              a71eba4f4ae18372673801de6e11d84b1f8beed7633a1c5b1d33c769fcd36574db0a6a8f0a579cd2b027745b9a94a8a6f765b608167a6fdd335c847b303e74ce

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              89f5e230abcb74ea207a8dc36b3290d5

                                                              SHA1

                                                              d632b55c9debba3286254fc6fec9b79daea1592d

                                                              SHA256

                                                              d287106e39b958a89ee121bbd40b3222af58d8e52f604531954b8660665f1a9c

                                                              SHA512

                                                              be68f30ecae0e281c38306711a06e78f02388aaf1d4623b0806cf2df8ab5f80db7dbf550fa1b45f6cf13d27d468bf622a9830ad7f409612b1877b42911ce6d01

                                                              Download Submit

                                                            • C:\Windows\Temp\PreVer.log
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              27efd7cd76620bd35b9ec42de78e29d0

                                                              SHA1

                                                              f9409280055bd4fcd3fc2708e56973b11217372e

                                                              SHA256

                                                              41f84d6f8bda5d8a12768bc6a9f1b02a176a61478d020e746b2f1c471b3404c5

                                                              SHA512

                                                              760d6c34c0b5cfae12c57a18cabb191496506b7d4a8262ced34056fde0a9baf2f7ff2c09be9d3a46f45020f09d305648201e3b0a707cfb91562435acc33396d9

                                                              Download Submit

                                                            • C:\Windows\Temp\__PSScriptPolicyTest_h2sk3dms.owd.ps1
                                                              Filesize

                                                              60B

                                                              MD5

                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                              SHA1

                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                              SHA256

                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                              SHA512

                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              Download Submit

                                                            • C:\Windows\Temp\unpack.log
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              a74e41794022f9c27ba5bc5a9568d143

                                                              SHA1

                                                              42823669f522c4a6fe7e7ce6e6b8fdb10ba4511f

                                                              SHA256

                                                              5d715b48c9f13e3b5b5c0bd8c7ce0807974c5cbf286c9ff2f2fd5c791608ec48

                                                              SHA512

                                                              dcea69b3214c1780adf34891d3fbb41b15696c41bb6deea4ce6ac870046c02bdb6f972586260f0c31f3263309585dd9218539071be6a4575965fba6e0e792f3c

                                                              Download Submit

                                                            • C:\Windows\Temp\unpack.log
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              98f5d00e8334a5022808c8f7dfbba64b

                                                              SHA1

                                                              7a3dc94862284746bb9d9699a99958539531d832

                                                              SHA256

                                                              6e873ae7bdb62baded042be6d56c6b71a53a543e4ce6d4ee1e15785b578ab4ba

                                                              SHA512

                                                              d63733aac7239c972a521c22e995142a26bc033520491a68c878bfade004f85fc46670b4af077b5e7da0a6cf4726a2b7799c1f99f6e03700c17ea559ace614ce

                                                              Download Submit

                                                            • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                              Filesize

                                                              3.2MB

                                                              MD5

                                                              2c18826adf72365827f780b2a1d5ea75

                                                              SHA1

                                                              a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                              SHA256

                                                              ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                              SHA512

                                                              474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                              Download Submit

                                                            • C:\Windows\Temp\{3FFD50C1-3EC4-4D8E-9206-566355B7CC21}\.ba\bg.png
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              9eb0320dfbf2bd541e6a55c01ddc9f20

                                                              SHA1

                                                              eb282a66d29594346531b1ff886d455e1dcd6d99

                                                              SHA256

                                                              9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                              SHA512

                                                              9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                              Download Submit

                                                            • C:\Windows\Temp\{3FFD50C1-3EC4-4D8E-9206-566355B7CC21}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                              Filesize

                                                              607KB

                                                              MD5

                                                              669de3ab32955e69decfe13a3c89891e

                                                              SHA1

                                                              ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                              SHA256

                                                              2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                              SHA512

                                                              be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                              Download Submit

                                                            • C:\Windows\Temp\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\IsConfig.ini
                                                              Filesize

                                                              571B

                                                              MD5

                                                              d239b8964e37974225ad69d78a0a8275

                                                              SHA1

                                                              cf208e98a6f11d1807cd84ca61504ad783471679

                                                              SHA256

                                                              0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                              SHA512

                                                              88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                              Download Submit

                                                            • C:\Windows\Temp\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\String1033.txt
                                                              Filesize

                                                              182KB

                                                              MD5

                                                              99bbffd900115fe8672c73fb1a48a604

                                                              SHA1

                                                              8f587395fa6b954affef337c70781ce00913950e

                                                              SHA256

                                                              57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                              SHA512

                                                              d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                              Download Submit

                                                            • C:\Windows\Temp\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\_is31DA.exe
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              7a1c100df8065815dc34c05abc0c13de

                                                              SHA1

                                                              3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                              SHA256

                                                              e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                              SHA512

                                                              bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                              Download Submit

                                                            • C:\Windows\Temp\{B09D7DD6-DC11-4B03-B058-A778425D73B8}\setup.inx
                                                              Filesize

                                                              345KB

                                                              MD5

                                                              0376dd5b7e37985ea50e693dc212094c

                                                              SHA1

                                                              02859394164c33924907b85ab0aaddc628c31bf1

                                                              SHA256

                                                              c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                              SHA512

                                                              69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                              Download Submit

                                                            • C:\Windows\Temp\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\ISRT.dll
                                                              Filesize

                                                              427KB

                                                              MD5

                                                              85315ad538fa5af8162f1cd2fce1c99d

                                                              SHA1

                                                              31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                              SHA256

                                                              70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                              SHA512

                                                              877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                              Download Submit

                                                            • C:\Windows\Temp\{DECDC4E4-87D0-4B7B-A703-93782874F6FE}\_isres_0x0409.dll
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              befe2ef369d12f83c72c5f2f7069dd87

                                                              SHA1

                                                              b89c7f6da1241ed98015dc347e70322832bcbe50

                                                              SHA256

                                                              9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                              SHA512

                                                              760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                              Download Submit

                                                            • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              404B

                                                              MD5

                                                              c0cf1dba229c922aaf132f876df2ec76

                                                              SHA1

                                                              38e01ff3a57f93fa28b24187db71f179f2e20acc

                                                              SHA256

                                                              f29b0cfe28a93032ef8b04e940df5f71e42de49f05c554d20a2d3b062d5b2556

                                                              SHA512

                                                              e9b9ea5a63b252300baaf33dca154c67be0fc64d80f2eda8e9ade8489d1775e3b26da33916677e305d8297de6025d41fbafbaeb57982dceead51a76f9175d950

                                                              Download Submit

                                                            • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              412B

                                                              MD5

                                                              c56e56b42343c59182a94f4474a1d5cd

                                                              SHA1

                                                              08111e5b5f445c2ec756a29b89045f10086e83fe

                                                              SHA256

                                                              b85f4f5948e66028b9a36c70ef6acd631e89980637fd3560ac45ea221a11b0be

                                                              SHA512

                                                              790eb98ddb84c4c97709f5294481ba67361681bd99cbd7c1c599608f563a42d4f11fc77d0428fea5edae4bfd96aaa0d06d52ba4a2fb84121317c01f37fe9938f

                                                              Download Submit

                                                            • memory/1764-205-0x00000167FB6C0000-0x00000167FB6E2000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/1764-202-0x00000167FC9B0000-0x00000167FCA62000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/1764-241-0x00000167FCEB0000-0x00000167FCEE8000-memory.dmp

                                                              Filesize

                                                              224KB

                                                              Download

                                                            • memory/1768-39-0x00000000026F0000-0x000000000271E000-memory.dmp

                                                              Filesize

                                                              184KB

                                                              Download

                                                            • memory/1768-43-0x0000000002730000-0x000000000273C000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/2260-4657-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/2260-1158-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/2260-1244-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/2260-4656-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/2260-1243-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/2692-273-0x000001CF40260000-0x000001CF40310000-memory.dmp

                                                              Filesize

                                                              704KB

                                                              Download

                                                            • memory/2692-275-0x000001CF27900000-0x000001CF2791C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/2692-270-0x000001CF27070000-0x000001CF270B2000-memory.dmp

                                                              Filesize

                                                              264KB

                                                              Download

                                                            • memory/2952-110-0x0000000005470000-0x00000000054D6000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/2968-356-0x000001BE608F0000-0x000001BE609A2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/2968-357-0x000001BE47BB0000-0x000001BE47BCC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/2968-354-0x000001BE47700000-0x000001BE47716000-memory.dmp

                                                              Filesize

                                                              88KB

                                                              Download

                                                            • memory/3120-148-0x000001D591A80000-0x000001D591AA8000-memory.dmp

                                                              Filesize

                                                              160KB

                                                              Download

                                                            • memory/3120-160-0x000001D5936D0000-0x000001D593768000-memory.dmp

                                                              Filesize

                                                              608KB

                                                              Download

                                                            • memory/3120-164-0x000001D593630000-0x000001D593642000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/3120-165-0x000001D5AC0A0000-0x000001D5AC0DC000-memory.dmp

                                                              Filesize

                                                              240KB

                                                              Download

                                                            • memory/3168-2893-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3168-2294-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3168-1223-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3168-2295-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3168-2894-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3168-1146-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3168-1145-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3168-1834-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3168-1222-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3168-1835-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3268-1092-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3268-916-0x0000000003880000-0x0000000003A47000-memory.dmp

                                                              Filesize

                                                              1.8MB

                                                              Download

                                                            • memory/3268-494-0x0000000003840000-0x0000000003A07000-memory.dmp

                                                              Filesize

                                                              1.8MB

                                                              Download

                                                            • memory/3268-490-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3268-1000-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3752-4655-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3752-4654-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3752-1186-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3752-1836-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3752-1837-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3752-1183-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3752-2906-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3752-2907-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/3788-1773-0x0000015E6B930000-0x0000015E6B9E2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/3788-1720-0x0000015E530D0000-0x0000015E530E8000-memory.dmp

                                                              Filesize

                                                              96KB

                                                              Download

                                                            • memory/3788-1717-0x0000015E52770000-0x0000015E5277C000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/3788-1817-0x0000015E530F0000-0x0000015E53110000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/4236-1861-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/4236-1862-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/4236-1874-0x0000000072D40000-0x000000007310D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/4236-1873-0x0000000073110000-0x000000007322C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/4420-1788-0x0000021224310000-0x000002122435A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/4420-1816-0x0000021223EB0000-0x0000021223ECC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/4420-1750-0x0000021223A20000-0x0000021223A2C000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/4420-1855-0x000002123CD50000-0x000002123CE00000-memory.dmp

                                                              Filesize

                                                              704KB

                                                              Download

                                                            • memory/4432-370-0x0000027C25DE0000-0x0000027C25E0A000-memory.dmp

                                                              Filesize

                                                              168KB

                                                              Download

                                                            • memory/4432-368-0x0000027C25C70000-0x0000027C25C78000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/4432-360-0x0000027C0D2E0000-0x0000027C0D2EA000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/4432-355-0x0000027C25B70000-0x0000027C25BBC000-memory.dmp

                                                              Filesize

                                                              304KB

                                                              Download

                                                            • memory/4432-359-0x0000027C0D2B0000-0x0000027C0D2B8000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/4432-364-0x0000027C25E90000-0x0000027C25F6C000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/4432-365-0x0000027C25F70000-0x0000027C26022000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4432-367-0x0000027C25C60000-0x0000027C25C68000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/4432-366-0x0000027C25B60000-0x0000027C25B68000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/4432-358-0x0000027C25BC0000-0x0000027C25C08000-memory.dmp

                                                              Filesize

                                                              288KB

                                                              Download

                                                            • memory/4432-369-0x0000027C25E20000-0x0000027C25E88000-memory.dmp

                                                              Filesize

                                                              416KB

                                                              Download

                                                            • memory/4432-372-0x0000027C25DB0000-0x0000027C25DD6000-memory.dmp

                                                              Filesize

                                                              152KB

                                                              Download

                                                            • memory/4432-352-0x0000027C0D2C0000-0x0000027C0D2DC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/4432-371-0x0000027C260B0000-0x0000027C260EA000-memory.dmp

                                                              Filesize

                                                              232KB

                                                              Download

                                                            • memory/4432-349-0x0000027C0CA10000-0x0000027C0CA78000-memory.dmp

                                                              Filesize

                                                              416KB

                                                              Download

                                                            • memory/4432-351-0x0000027C25AD0000-0x0000027C25B1A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/4940-1856-0x0000017AC3940000-0x0000017AC3988000-memory.dmp

                                                              Filesize

                                                              288KB

                                                              Download

                                                            • memory/4940-1685-0x0000017AAA800000-0x0000017AAA83A000-memory.dmp

                                                              Filesize

                                                              232KB

                                                              Download

                                                            • memory/4940-1844-0x0000017AC38D0000-0x0000017AC38EC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/4940-1840-0x0000017AC39E0000-0x0000017AC3A92000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4964-80-0x0000000004940000-0x0000000004C94000-memory.dmp

                                                              Filesize

                                                              3.3MB

                                                              Download

                                                            • memory/4964-79-0x00000000047C0000-0x00000000047E2000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/4964-76-0x0000000004880000-0x0000000004932000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5180-1852-0x00000220139C0000-0x00000220139D2000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/5180-1854-0x000002202CA60000-0x000002202CAAA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5180-1864-0x0000022014220000-0x000002201423C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5532-1828-0x000002817D390000-0x000002817D3DA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5532-1875-0x000002817DF00000-0x000002817DFB2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5532-1831-0x000002817D360000-0x000002817D37C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5532-1822-0x000002817CB00000-0x000002817CB34000-memory.dmp

                                                              Filesize

                                                              208KB

                                                              Download

                                                            • memory/5532-1833-0x000002817D380000-0x000002817D38A000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/5532-1832-0x000002817D530000-0x000002817D548000-memory.dmp

                                                              Filesize

                                                              96KB

                                                              Download

                                                            • memory/5532-1841-0x000002817DC90000-0x000002817DCDA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5692-1826-0x000002CDE0680000-0x000002CDE06A0000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/5692-1853-0x000002CDF8F80000-0x000002CDF8FC6000-memory.dmp

                                                              Filesize

                                                              280KB

                                                              Download

                                                            • memory/5692-1820-0x000002CDDFE20000-0x000002CDDFE32000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/5692-1821-0x000002CDE0650000-0x000002CDE0660000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/5692-1824-0x000002CDF8FF0000-0x000002CDF90A2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5692-1851-0x000002CDF9810000-0x000002CDF9E6C000-memory.dmp

                                                              Filesize

                                                              6.4MB

                                                              Download

                                                            • memory/5768-1829-0x000001853BA20000-0x000001853BA3C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5768-1827-0x000001853B1E0000-0x000001853B1F2000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/5768-1839-0x0000018554380000-0x0000018554432000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5860-1838-0x0000020C40DC0000-0x0000020C40DD0000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/5860-1863-0x0000020C415F0000-0x0000020C4160C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5860-1867-0x0000020C5A0D0000-0x0000020C5A1AC000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/5860-1842-0x0000020C59E60000-0x0000020C59EAA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5980-1865-0x0000029169870000-0x00000291698D6000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/5980-1849-0x0000029150B30000-0x0000029150B50000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/5980-1848-0x00000291506A0000-0x00000291506B0000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/5980-1850-0x00000291697B0000-0x0000029169862000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5980-1866-0x0000029151020000-0x0000029151034000-memory.dmp

                                                              Filesize

                                                              80KB

                                                              Download

                                                            • memory/6100-1847-0x000001A1CED00000-0x000001A1CF228000-memory.dmp

                                                              Filesize

                                                              5.2MB

                                                              Download

                                                            • memory/6100-1630-0x000001A1B54B0000-0x000001A1B54BA000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/6100-1633-0x000001A1B5890000-0x000001A1B58AA000-memory.dmp

                                                              Filesize

                                                              104KB

                                                              Download

                                                            • memory/6100-1643-0x000001A1CE610000-0x000001A1CE6C2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download