Overview

overview

10

Static

static

10

819ad25e1d...f9.msi

windows7-x64

10

819ad25e1d...f9.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-02-2025 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    819ad25e1dfd53f40ca7d7d176c2a1abf14b16fd5325936c1390ab3001e26af9.msi

  • Size

    2.9MB

  • MD5

    eaf2eab89c1b5f8eccf2e62a5a4fb002

  • SHA1

    24e2a1958e34f8db3378c8210ef5f0e5166a1537

  • SHA256

    819ad25e1dfd53f40ca7d7d176c2a1abf14b16fd5325936c1390ab3001e26af9

  • SHA512

    25e7a8b39e585867d71b8edc472b4240e051a5ef5e2c23ddcddc20dc556a8381adc783884c7e2183c778ca445379654bc59a0cf16e4029c2b4b479243d34494a

  • SSDEEP

    49152:P+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:P+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\819ad25e1dfd53f40ca7d7d176c2a1abf14b16fd5325936c1390ab3001e26af9.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4564
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4300
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 672E2121285EA151BEBB74C945C37C87
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2500
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIDF83.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240640140 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2224
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIE291.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240640671 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:5076
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIE65B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240641625 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1652
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF13D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240644421 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3288
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 800464AA389FFD1EBE1D217A1E9D19A2 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:768
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4596
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:4464
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3160
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Q2oReIAJ" /AgentId="5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:4488
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 6D6CD038E8AA38A7080BF984D9FC9FD0 E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3636
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3E9405BD-D958-40E3-A29A-6446DAB789BC}
          3⤵
          • Executes dropped EXE
          PID:4448
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13C97E96-8DE2-4593-8812-ECBD8B185544}
          3⤵
          • Executes dropped EXE
          PID:756
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8A2DB6A8-048E-4BA1-8627-AE760B881847}
          3⤵
          • Executes dropped EXE
          PID:3660
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D8D640-557F-4870-9146-DFF9EECD63B4}
          3⤵
          • Executes dropped EXE
          PID:4372
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D6025093-3ABD-4151-B30B-79D1539057A2}
          3⤵
          • Executes dropped EXE
          PID:1052
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DC229026-1CA4-4B1E-A45A-2B3A2FCA9052}
          3⤵
          • Executes dropped EXE
          PID:448
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EB2C0D16-4E66-4BDA-B4F3-E3A157AA7FC4}
          3⤵
          • Executes dropped EXE
          PID:724
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{696BE69D-A9DC-4A67-8275-9244185E1F98}
          3⤵
          • Executes dropped EXE
          PID:3172
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A62DF23C-543E-40D8-BA6F-6E8DCC99680E}
          3⤵
          • Executes dropped EXE
          PID:1468
        • C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe
          C:\Windows\TEMP\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_is29CA.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{198B3216-2786-4059-B8BE-464DEB9E3DCD}
          3⤵
          • Executes dropped EXE
          PID:4388
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3276
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1528
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2260
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2532
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4764
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1944
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3708
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1940
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4844
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1468
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4436
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • Kills process with taskkill
            PID:3168
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4488
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1704
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1300
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3424
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2880
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAudioChat.exe /T
            4⤵
            • Kills process with taskkill
            PID:1344
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1728
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRVirtualDisplay.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3184
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{311B76FC-A81B-4CA9-B215-45EC7307F243}
          3⤵
          • Executes dropped EXE
          PID:640
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{605320AC-1BB3-4657-AD04-9A70BDB63C26}
          3⤵
          • Executes dropped EXE
          PID:3160
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{06E9CB81-78AF-41AE-A1CF-52CD80273294}
          3⤵
          • Executes dropped EXE
          PID:2080
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B5D364E-5C60-4E34-9E28-D9CE855A4EA4}
          3⤵
          • Executes dropped EXE
          PID:3172
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{07E9D892-B7D3-4A74-9112-19A0305589C9}
          3⤵
          • Executes dropped EXE
          PID:3628
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37654211-60DC-4666-8887-CD42445450A4}
          3⤵
          • Executes dropped EXE
          PID:1640
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{41F01F35-F508-4052-8996-786FFD37269D}
          3⤵
          • Executes dropped EXE
          PID:3712
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FC481423-4D5B-40E7-8467-9FD1E30A1931}
          3⤵
          • Executes dropped EXE
          PID:5092
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5AC6199B-42FB-440F-93A0-5ADC6175EDB7}
          3⤵
          • Executes dropped EXE
          PID:4008
        • C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
          C:\Windows\TEMP\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D26DE083-89FD-4290-9367-8CC1B772345B}
          3⤵
          • Executes dropped EXE
          PID:4560
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{31C48F81-C38B-4CF3-9685-2298A3E55882}
          3⤵
          • Executes dropped EXE
          PID:1224
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D27A6741-2402-4B79-BEC7-30772B05CD5D}
          3⤵
          • Executes dropped EXE
          PID:1944
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FD6C84D8-1196-4615-886E-8438FFEA885C}
          3⤵
          • Executes dropped EXE
          PID:740
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7DB4F3BF-592C-40AF-ACA6-CE03B8969003}
          3⤵
          • Executes dropped EXE
          PID:2080
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BDF3D497-2083-486B-9371-23FEB437CA13}
          3⤵
          • Executes dropped EXE
          PID:5012
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D76C2D25-2B32-499D-9D8C-003927256BB2}
          3⤵
          • Executes dropped EXE
          PID:1172
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5AAA8547-127B-4B90-B055-5DB432AD8A19}
          3⤵
          • Executes dropped EXE
          PID:1356
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{84D64F30-9925-4C79-AE65-D1F6046E735B}
          3⤵
          • Executes dropped EXE
          PID:3712
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AE0A03CD-0BBD-4FD6-A413-C12023A74BED}
          3⤵
          • Executes dropped EXE
          PID:2448
        • C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe
          C:\Windows\TEMP\{29374E7D-54A9-40CE-895D-583B42588AAC}\_is42F2.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AEEE7317-4371-4760-976C-22328721138C}
          3⤵
          • Executes dropped EXE
          PID:1688
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3172
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4980
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:3264
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:708
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:1508
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:4432
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{08697329-6C03-403D-AE1D-C341056684D4}
              3⤵
              • Executes dropped EXE
              PID:4576
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FCC6A9B1-C598-481C-9758-B4602149BBFC}
              3⤵
              • Executes dropped EXE
              PID:4156
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{083CC364-599B-4C65-BBF3-19D702A669C2}
              3⤵
              • Executes dropped EXE
              PID:448
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B5D40BAB-F526-410A-8AC6-A8C4C85ED55B}
              3⤵
              • Executes dropped EXE
              PID:220
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F9D89B0F-D22A-4F4E-A587-6D66F42FE102}
              3⤵
              • Executes dropped EXE
              PID:2408
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D201CE68-5EE6-4DDD-A67F-F35EAC5DEF1B}
              3⤵
              • Executes dropped EXE
              PID:3252
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{23AB204C-6DE5-446E-A76D-9164A7811905}
              3⤵
              • Executes dropped EXE
              PID:1104
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E88008C9-101D-4C5E-A760-D9E2EAED712C}
              3⤵
              • Executes dropped EXE
              PID:4156
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{538BE275-9FD6-4A2B-B474-256D26EBEF07}
              3⤵
              • Executes dropped EXE
              PID:448
            • C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe
              C:\Windows\TEMP\{AE430676-7584-48BF-8B89-02C6638D00F8}\_is5562.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3FDF061D-24F8-4460-93A3-FD590BFE3197}
              3⤵
              • Executes dropped EXE
              PID:220
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              PID:1356
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{97ED26D6-B2FE-4E0E-BA06-64DA207FE85D}
              3⤵
              • Executes dropped EXE
              PID:3956
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0AECE086-0BFF-4702-9901-F1276E2C09CE}
              3⤵
              • Executes dropped EXE
              PID:4596
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1E9FC35A-D1FC-4829-BB14-F231376409A5}
              3⤵
              • Executes dropped EXE
              PID:3368
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{52C48BE5-C015-4818-9237-85020885A8C8}
              3⤵
              • Executes dropped EXE
              PID:2036
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4676E79E-074A-44C4-9FBA-8A1E874C8E98}
              3⤵
              • Executes dropped EXE
              PID:3632
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F220E22A-1D84-41DF-A2C1-70B227665AFF}
              3⤵
              • Executes dropped EXE
              PID:1172
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{45DDF9F1-2074-4544-BCE8-079D54E355A8}
              3⤵
              • Executes dropped EXE
              PID:1468
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B158CA-DE26-41BF-B93E-FAA12E7C7E52}
              3⤵
              • Executes dropped EXE
              PID:3896
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD9122AF-900F-4451-9B3C-56F931435784}
              3⤵
              • Executes dropped EXE
              PID:1640
            • C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe
              C:\Windows\TEMP\{A10692BD-2E68-4A36-92E5-DE8FDB8830B2}\_is598A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3380DF13-7EF2-41D6-AB22-31B8B9E31F28}
              3⤵
                PID:4712
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                3⤵
                • System Location Discovery: System Language Discovery
                PID:2884
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 0ADC88397F853ADD57A1812F5AF3C2E2 E Global\MSI0000
              2⤵
              • System Location Discovery: System Language Discovery
              PID:6024
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI9C4D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240688234 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                3⤵
                • System Location Discovery: System Language Discovery
                PID:5964
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI9CFA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240688359 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                3⤵
                • Blocklisted process makes network request
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:3356
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSIA279.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240689796 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                3⤵
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:644
              • C:\Windows\SysWOW64\NET.exe
                "NET" STOP AteraAgent
                3⤵
                • System Location Discovery: System Language Discovery
                PID:5668
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 STOP AteraAgent
                  4⤵
                  • System Location Discovery: System Language Discovery
                  PID:5516
              • C:\Windows\SysWOW64\TaskKill.exe
                "TaskKill.exe" /f /im AteraAgent.exe
                3⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:5696
              • C:\Windows\syswow64\NET.exe
                "NET" STOP AteraAgent
                3⤵
                • System Location Discovery: System Language Discovery
                PID:5964
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 STOP AteraAgent
                  4⤵
                  • System Location Discovery: System Language Discovery
                  PID:5532
              • C:\Windows\syswow64\TaskKill.exe
                "TaskKill.exe" /f /im AteraAgent.exe
                3⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                PID:4388
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSIC6C3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240699046 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                3⤵
                • Blocklisted process makes network request
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:1132
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
              2⤵
                PID:3344
              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="f19b6ca9-a171-4321-ad97-538447ccd682"
                2⤵
                • Drops file in System32 directory
                • Drops file in Program Files directory
                • Modifies data under HKEY_USERS
                PID:768
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 23A252392BBDB3C5BD8968FD7F6EA329 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5176
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding D3CB8330E260925588514BD915DE036D E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5516
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 11743FFB7AB8697CB51BDDC5F71AA82C E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:2208
            • C:\Windows\system32\vssvc.exe
              C:\Windows\system32\vssvc.exe
              1⤵
              • Checks SCSI registry key(s)
              • Suspicious use of AdjustPrivilegeToken
              PID:3588
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Modifies system certificate store
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3988
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:5048
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "6ef9e9f9-9d80-46ac-8f7a-124820456802" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q2oReIAJ
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:1148
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "793768c4-0f9a-4bb3-bbcc-572c7c3e5cc0" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q2oReIAJ
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:2352
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "5bd9309d-cd9c-46dd-acfa-7517df0deca2" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Q2oReIAJ
                2⤵
                • Executes dropped EXE
                PID:1640
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "93c2ac87-c4fb-47e3-9b16-4be9af6c58d8" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Q2oReIAJ
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:2952
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                  3⤵
                  • Drops file in System32 directory
                  • Command and Scripting Interpreter: PowerShell
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1052
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  3⤵
                  • Suspicious use of WriteProcessMemory
                  PID:5008
                  • C:\Windows\system32\cscript.exe
                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    4⤵
                    • Modifies data under HKEY_USERS
                    PID:3668
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "3285a635-3616-4b7d-a7b6-2cd2d503b0bc" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Q2oReIAJ
                2⤵
                • Downloads MZ/PE file
                • Drops file in System32 directory
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4812
                • C:\Windows\TEMP\SplashtopStreamer.exe
                  "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                  3⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:2104
                  • C:\Windows\Temp\unpack\PreVerCheck.exe
                    "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    4⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:1068
                    • C:\Windows\SysWOW64\msiexec.exe
                      msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                      5⤵
                      • System Location Discovery: System Language Discovery
                      PID:320
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in Program Files directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Suspicious use of WriteProcessMemory
              PID:2432
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:4076
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "9e688334-cde6-438f-8684-a732b7c1d304" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Q2oReIAJ
                2⤵
                  PID:392
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                    3⤵
                    • Drops file in System32 directory
                    • Command and Scripting Interpreter: PowerShell
                    • Modifies data under HKEY_USERS
                    PID:1068
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                      PID:3132
                      • C:\Windows\system32\cscript.exe
                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        4⤵
                        • Modifies data under HKEY_USERS
                        PID:1004
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "9e7b7779-41f9-4138-9539-720059efebbb" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Q2oReIAJ
                    2⤵
                      PID:1212
                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=eca4c09b6017612acc60b93da2d9179d&rmm_session_pwd_ttl=86400"
                        3⤵
                        • System Location Discovery: System Language Discovery
                        PID:5600
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "a7706a59-299c-407d-a592-3d885bbcdb6a" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Q2oReIAJ
                      2⤵
                      • Drops file in System32 directory
                      • Drops file in Program Files directory
                      PID:3712
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "e70b6144-e393-4edc-a916-b061fe1c72f8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Q2oReIAJ
                      2⤵
                      • Drops file in System32 directory
                      PID:5276
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "b5a966a7-b03a-4d95-96ce-83232e5f36e5" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q2oReIAJ
                      2⤵
                      • Drops file in System32 directory
                      PID:5292
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "4fbc4fff-9ca0-4f48-87ef-cb2a28af61c5" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Q2oReIAJ
                      2⤵
                      • Writes to the Master Boot Record (MBR)
                      • Drops file in System32 directory
                      PID:5972
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "49cc5a5f-0df3-4088-8c06-f64d3e0b8354" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Q2oReIAJ
                      2⤵
                      • Drops file in System32 directory
                      PID:5996
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "a0f0ef47-3797-413c-86f8-9ba287ce3ccc" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Q2oReIAJ
                      2⤵
                      • Drops file in Program Files directory
                      PID:5384
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "2ff7668b-b5e7-4465-8c8f-1591a80759e3" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Q2oReIAJ
                      2⤵
                      • Drops file in System32 directory
                      PID:5704
                      • C:\Windows\SYSTEM32\msiexec.exe
                        "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                        3⤵
                          PID:5592
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "de2f86c5-7055-49e7-91d2-40a8478849e3" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Q2oReIAJ
                        2⤵
                          PID:5804
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "b93eb270-62ec-4858-9805-dc1bf496dd4f" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Q2oReIAJ
                          2⤵
                          • Drops file in System32 directory
                          • Drops file in Program Files directory
                          PID:2024
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "80d3e05f-35c9-43a1-a34f-018ed27fdbe8" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Q2oReIAJ
                          2⤵
                          • Drops file in System32 directory
                          PID:5688
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "edefc3f6-3c4e-465e-b2b2-ba1382033bcb" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Q2oReIAJ
                          2⤵
                            PID:6008
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "a2a33dcf-0a33-4ebb-ac7c-d5d62d032f08" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Q2oReIAJ
                            2⤵
                            • Drops file in System32 directory
                            PID:6056
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "7dd23144-2388-4ef1-aed2-73c728b4b6bd" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Q2oReIAJ
                            2⤵
                            • Downloads MZ/PE file
                            • Drops file in System32 directory
                            PID:3988
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:6120
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:2208
                            • C:\Program Files\dotnet\dotnet.exe
                              "C:\Program Files\dotnet\dotnet" --list-runtimes
                              3⤵
                              • System Time Discovery
                              PID:5884
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:6024
                              • C:\Windows\Temp\{E2E03ECA-6B54-467F-89F7-B7509D222A53}\.cr\8-0-11.exe
                                "C:\Windows\Temp\{E2E03ECA-6B54-467F-89F7-B7509D222A53}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=584 -burn.filehandle.self=684 /repair /quiet /norestart
                                4⤵
                                • System Location Discovery: System Language Discovery
                                • System Time Discovery
                                PID:5592
                                • C:\Windows\Temp\{2298F4CC-C6BA-400A-BFDB-76FDE04E7473}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                  "C:\Windows\Temp\{2298F4CC-C6BA-400A-BFDB-76FDE04E7473}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{C706EF26-E8F7-436A-AD35-F13FF78FCB26} {2D892990-0DF6-4A03-A07D-078E15EBB2C6} 5592
                                  5⤵
                                  • Adds Run key to start application
                                  • System Location Discovery: System Language Discovery
                                  • System Time Discovery
                                  • Modifies registry class
                                  PID:208
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:760
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5936
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:3952
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5356
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                          1⤵
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5076
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                            2⤵
                            • Drops file in System32 directory
                            • Loads dropped DLL
                            • System Location Discovery: System Language Discovery
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4440
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                              -h -t
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of SetWindowsHookEx
                              PID:2036
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:220
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                4⤵
                                  PID:3368
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of SetWindowsHookEx
                                PID:2308
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                PID:4632
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                  SRUtility.exe -r
                                  4⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:2080
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious use of SetWindowsHookEx
                                PID:2328
                                • C:\Windows\System32\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                  4⤵
                                    PID:3856
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c ver
                                      5⤵
                                        PID:4424
                                      • C:\Windows\system32\sc.exe
                                        sc query ddmgr
                                        5⤵
                                        • Launches sc.exe
                                        PID:5444
                                      • C:\Windows\system32\sc.exe
                                        sc query lci_proxykmd
                                        5⤵
                                        • Launches sc.exe
                                        PID:3712
                                      • C:\Windows\system32\rundll32.exe
                                        rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                        5⤵
                                        • Drops file in System32 directory
                                        • Drops file in Windows directory
                                        • Checks SCSI registry key(s)
                                        • Modifies data under HKEY_USERS
                                        PID:5460
                              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                1⤵
                                • Drops file in Program Files directory
                                • Modifies data under HKEY_USERS
                                PID:872
                                • C:\Windows\System32\sc.exe
                                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                  2⤵
                                  • Launches sc.exe
                                  PID:2208
                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "edee4053-5a11-4dae-be14-cbd1fe4e3d60" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Q2oReIAJ
                                  2⤵
                                    PID:1052
                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "c54bfec6-836a-409a-a244-c2bf24b50576" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q2oReIAJ
                                    2⤵
                                      PID:5152
                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "668a5661-3881-4985-809c-2834e64bdda8" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Q2oReIAJ
                                      2⤵
                                        PID:3772
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "ce351798-0f76-4838-9db4-25692a6f0313" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Q2oReIAJ
                                        2⤵
                                          PID:5232
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "37a5ae70-bfb7-4509-b0a6-87dc9cd846bc" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Q2oReIAJ
                                          2⤵
                                            PID:2760
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "972644ee-4b59-4ff2-a8ec-5ed9ee29be5a" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Q2oReIAJ
                                            2⤵
                                              PID:5192
                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=eca4c09b6017612acc60b93da2d9179d&rmm_session_pwd_ttl=86400"
                                                3⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:5388
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "cd32f15c-188d-4b56-9726-1d021ccfcfc6" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Q2oReIAJ
                                              2⤵
                                              • Modifies data under HKEY_USERS
                                              PID:5668
                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                3⤵
                                                • Drops file in System32 directory
                                                • Command and Scripting Interpreter: PowerShell
                                                • Modifies data under HKEY_USERS
                                                PID:5456
                                              • C:\Windows\System32\cmd.exe
                                                "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                3⤵
                                                  PID:3772
                                                  • C:\Windows\system32\cscript.exe
                                                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                    4⤵
                                                    • Modifies data under HKEY_USERS
                                                    PID:3856
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "a6764b81-ecd8-4ac5-8a71-b5ea7d02c011" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Q2oReIAJ
                                                2⤵
                                                • Drops file in Program Files directory
                                                PID:3632
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "fe9e6eea-3db9-4361-a2be-3fb8e838a5c1" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Q2oReIAJ
                                                2⤵
                                                  PID:5228
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "2e100417-e03c-4b18-ad34-7818d61110a4" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Q2oReIAJ
                                                  2⤵
                                                  • Writes to the Master Boot Record (MBR)
                                                  PID:1356
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "980e7cb4-84e5-4561-ab2f-dbccaae76c0a" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Q2oReIAJ
                                                  2⤵
                                                    PID:1520
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "c73a8c43-0585-412a-8624-42e973be4cf4" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Q2oReIAJ
                                                    2⤵
                                                      PID:5360
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "25923d6f-5983-4d76-9e3e-25f377d4f647" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Q2oReIAJ
                                                      2⤵
                                                        PID:512
                                                        • C:\Windows\SYSTEM32\cmd.exe
                                                          "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                          3⤵
                                                          • System Time Discovery
                                                          PID:4832
                                                          • C:\Program Files\dotnet\dotnet.exe
                                                            dotnet --list-runtimes
                                                            4⤵
                                                            • System Time Discovery
                                                            PID:2940
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "959d4a00-28fd-4d52-afca-3a9cbd7a049b" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Q2oReIAJ
                                                        2⤵
                                                          PID:5484
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "c54bfec6-836a-409a-a244-c2bf24b50576" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q2oReIAJ
                                                          2⤵
                                                            PID:5124
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e "b5154ede-90be-480c-a72a-86e9aa294134" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Q2oReIAJ
                                                            2⤵
                                                              PID:4504
                                                              • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "5c00ccae-ec0d-44ef-8b97-f1ba8505eb9e" "b5154ede-90be-480c-a72a-86e9aa294134" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000Q2oReIAJ"
                                                                3⤵
                                                                  PID:6120
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                              1⤵
                                                              • Drops file in Windows directory
                                                              • Checks SCSI registry key(s)
                                                              PID:6020
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "00000000000000F8" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                2⤵
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                • Modifies data under HKEY_USERS
                                                                PID:5428
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000138" "WinSta0\Default" "000000000000015C" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                2⤵
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                • Modifies data under HKEY_USERS
                                                                PID:3052
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000154"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • Checks SCSI registry key(s)
                                                                PID:5136
                                                              • C:\Windows\system32\DrvInst.exe
                                                                DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Checks SCSI registry key(s)
                                                                PID:5652

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Reconnaissance

                                                            Resource Development

                                                            Initial Access

                                                            Execution

                                                            Command and Scripting Interpreter

                                                            1
                                                            T1059

                                                            PowerShell

                                                            1
                                                            T1059.001

                                                            Persistence

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Event Triggered Execution

                                                            2
                                                            T1546

                                                            Component Object Model Hijacking

                                                            1
                                                            T1546.015

                                                            Installer Packages

                                                            1
                                                            T1546.016

                                                            Pre-OS Boot

                                                            1
                                                            T1542

                                                            Bootkit

                                                            1
                                                            T1542.003

                                                            Privilege Escalation

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Event Triggered Execution

                                                            2
                                                            T1546

                                                            Component Object Model Hijacking

                                                            1
                                                            T1546.015

                                                            Installer Packages

                                                            1
                                                            T1546.016

                                                            Defense Evasion

                                                            Modify Registry

                                                            2
                                                            T1112

                                                            Pre-OS Boot

                                                            1
                                                            T1542

                                                            Bootkit

                                                            1
                                                            T1542.003

                                                            Subvert Trust Controls

                                                            1
                                                            T1553

                                                            Install Root Certificate

                                                            1
                                                            T1553.004

                                                            System Binary Proxy Execution

                                                            1
                                                            T1218

                                                            Msiexec

                                                            1
                                                            T1218.007

                                                            Credential Access

                                                            Discovery

                                                            Peripheral Device Discovery

                                                            2
                                                            T1120

                                                            Query Registry

                                                            4
                                                            T1012

                                                            System Information Discovery

                                                            3
                                                            T1082

                                                            System Location Discovery

                                                            1
                                                            T1614

                                                            System Language Discovery

                                                            1
                                                            T1614.001

                                                            System Time Discovery

                                                            1
                                                            T1124

                                                            Lateral Movement

                                                            Collection

                                                            Command and Control

                                                            Exfiltration

                                                            Impact

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Config.Msi\e57def7.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              0f12d37dcc040ef9f1b93b54d968b727

                                                              SHA1

                                                              f032deb5742239cafdb190b622dab643b57543f2

                                                              SHA256

                                                              b440acb66e09026946e3741c84dce01b75cdebfad358c4ccaf206254936d037c

                                                              SHA512

                                                              390b6e99d6fa6160ddf368455c65a8d14908b58490f6c34d4fcef50488aa6a4ad8f650b20de1341ef926b8c1c045996aee21f9dd6093c6883ab36ca633fab512

                                                              Download Submit

                                                            • C:\Config.Msi\e57defc.rbs
                                                              Filesize

                                                              74KB

                                                              MD5

                                                              21548f2b225ec58e3fff895c7f06e4d6

                                                              SHA1

                                                              7b8f0e56607d029ca0652338d38a8bce4b5d9686

                                                              SHA256

                                                              8a339ffba02318478eaf975b4bc3b206d99bde7c7aa9334ff3c697db7964bca9

                                                              SHA512

                                                              57a861821054398c32418daba54877a1e414b8ca47ef26a07647dc847070ec7e1217a30a306b69824c123c6c41c777981564c60f28e9ca40a7bef5bc1b8b4fcc

                                                              Download Submit

                                                            • C:\Config.Msi\e57defe.rbs
                                                              Filesize

                                                              464B

                                                              MD5

                                                              ac5a9c3e960d63d5ccb1eb4b1c764fb1

                                                              SHA1

                                                              da67f791afbe1a2d6039c4ecc82f8edbd9bddfef

                                                              SHA256

                                                              56022a7d359d63f7d9c5a8af48f5cce38ac4a8753b94eb556b5daf805248094d

                                                              SHA512

                                                              3538ddb8e73ed6bf722ffe988df71a59a7d2d82b8f7cd1aeb66b23fbc0c62590b42fe2721d1ff7e23ac8b2726310e8165c57dd53f580ed0e94c108079930adef

                                                              Download Submit

                                                            • C:\Config.Msi\e57df04.rbs
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              cdb3b5cf4a4c773e074d8056dc28fe28

                                                              SHA1

                                                              171d2635a75f2aab38aed9a54fc9942427a537e9

                                                              SHA256

                                                              ff3838f772967614dc8465bdcd0b83ac4b2e80d9109f955f539db37e47f17a74

                                                              SHA512

                                                              e9cf44aaa5087b853f1d611507bf46c26254cec498861b7b3a1057ff34cb7d05f542ffbfa6f4bff05f789e997899933041144c63c60e2b6a763d6f47fb78c1c1

                                                              Download Submit

                                                            • C:\Config.Msi\e57df0c.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              ba0cce1d4d2c420a5ea36df1cec4a2c0

                                                              SHA1

                                                              a74109f1525efb6381c606d21840bec9a102c3f7

                                                              SHA256

                                                              7a274c220afec0eb8aee1a3fa8a415b736700803436d571eaea86a314aad9a5f

                                                              SHA512

                                                              6e88ff05ad569fade5a78a928144140ed871a1ffe5fdea6273050c1328f60ea9236365504bd86546358dbbbf8094217982cb7f1c921dab39a02cb81c6271fd5d

                                                              Download Submit

                                                            • C:\Config.Msi\e57df11.rbs
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              f53300ca300074469b8e1060307ba33e

                                                              SHA1

                                                              498ceea70c9a7764582c40dbaf966f31c020fe11

                                                              SHA256

                                                              b6f180ac87907e771d214c03da4ecfd53e9951ba9176a3f6d20f0f24418b85ca

                                                              SHA512

                                                              c12ef882674942dab4ad3eb1a8f17e195f44fbbb3ea7c9e6e6ba7355f0ae1e0d3734a4b4ffd261af71ba2860b640f50f7009079d3eff1e3bc6348c71278077a6

                                                              Download Submit

                                                            • C:\Config.Msi\e57df16.rbs
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              4771cee668807f59223413345c85abd4

                                                              SHA1

                                                              6047da988ee2362183dd20db6f912acad012bb4c

                                                              SHA256

                                                              822daa22ac0256aae43d826c21c1166d57d9c8a6e59f655096ea4dc3df20b782

                                                              SHA512

                                                              1d0cafcba5d44a7031ad2713fd1d1b374f21e6d95dfb6d2e52154f6e4cdeb46cf4b1f4be00cbb94c34049d27121457a71c18d9e7353d9e36448c63b467efd5b6

                                                              Download Submit

                                                            • C:\Config.Msi\e57df1b.rbs
                                                              Filesize

                                                              11KB

                                                              MD5

                                                              7ac76e5c4d5fc2164fe215225a8296f4

                                                              SHA1

                                                              690364c752d16caabebbdd9d8f7805aaa856e1cc

                                                              SHA256

                                                              2e4d0bb5deafeca6b66a6c902dab4df71dc501ca5d78ed2cd0c181e1ebf0f36f

                                                              SHA512

                                                              4e7ce58d7de998f67357628afa7d997b08bcb8fc5ca9bb32cc2e0540e808a1eb3b3b62dd925bb8c2b8214d72508bb8dfa1dcf138814bd1f8875dba05b14496dd

                                                              Download Submit

                                                            • C:\Config.Msi\e57df20.rbs
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              0713a69ff71225e561de60fdfb2b506c

                                                              SHA1

                                                              dbbb87a9d074881dea89ea2d56fcab02fc21b0cf

                                                              SHA256

                                                              fd5412979917de3c5742b4c0931d63ee9f416f662aedf27d277a99eece4c3aa8

                                                              SHA512

                                                              aa5ebf4f5e80e2b961c6a3afa6f89ddc6384d8219b6ae4727fb2fd964aac866a27cf50c8f45b09f5263f634d1486bfb7865361122391d17e5e501ec054a269aa

                                                              Download Submit

                                                            • C:\Config.Msi\e57df21.rbf
                                                              Filesize

                                                              143KB

                                                              MD5

                                                              33b4c87f18b4c49114d7a8980241657a

                                                              SHA1

                                                              254c67b915e45ad8584434a4af5e06ca730baa3b

                                                              SHA256

                                                              587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                              SHA512

                                                              42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                              Download Submit

                                                            • C:\Config.Msi\e57df22.rbf
                                                              Filesize

                                                              3B

                                                              MD5

                                                              21438ef4b9ad4fc266b6129a2f60de29

                                                              SHA1

                                                              5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                              SHA256

                                                              13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                              SHA512

                                                              37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              3840b31c383fdf49bfd6740d945c9032

                                                              SHA1

                                                              a6f50164a69718bcef4664d7c47534f0d721866a

                                                              SHA256

                                                              1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

                                                              SHA512

                                                              f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                              Filesize

                                                              142KB

                                                              MD5

                                                              477293f80461713d51a98a24023d45e8

                                                              SHA1

                                                              e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                              SHA256

                                                              a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                              SHA512

                                                              23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              b3bb71f9bb4de4236c26578a8fae2dcd

                                                              SHA1

                                                              1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                              SHA256

                                                              e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                              SHA512

                                                              fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                              Filesize

                                                              210KB

                                                              MD5

                                                              c106df1b5b43af3b937ace19d92b42f3

                                                              SHA1

                                                              7670fc4b6369e3fb705200050618acaa5213637f

                                                              SHA256

                                                              2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                              SHA512

                                                              616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                              Filesize

                                                              693KB

                                                              MD5

                                                              2c4d25b7fbd1adfd4471052fa482af72

                                                              SHA1

                                                              fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                              SHA256

                                                              2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                              SHA512

                                                              f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                              Filesize

                                                              146KB

                                                              MD5

                                                              8d477b63bc5a56ae15314bda8dea7a3a

                                                              SHA1

                                                              3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                              SHA256

                                                              9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                              SHA512

                                                              44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                              Filesize

                                                              145KB

                                                              MD5

                                                              2b9beb2fdbc41afc48d68d32ef41dd08

                                                              SHA1

                                                              4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                              SHA256

                                                              977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                              SHA512

                                                              3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                              Filesize

                                                              51KB

                                                              MD5

                                                              3180c705182447f4bcc7ce8e2820b25d

                                                              SHA1

                                                              ad6486557819a33d3f29b18d92b43b11707aae6e

                                                              SHA256

                                                              5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                              SHA512

                                                              228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                              Filesize

                                                              12B

                                                              MD5

                                                              1e065e191e89cc811ff49c96fa8fa5e6

                                                              SHA1

                                                              bc50ff2a20a8b83683583684fcac640a91689ed4

                                                              SHA256

                                                              d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                                              SHA512

                                                              5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                              Filesize

                                                              247KB

                                                              MD5

                                                              aa5cf64d575b7544eefd77f256c4dc57

                                                              SHA1

                                                              bd23989db4f9af0aae34d032e817d802c06ca5a9

                                                              SHA256

                                                              79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                                              SHA512

                                                              774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                              Filesize

                                                              546B

                                                              MD5

                                                              158fb7d9323c6ce69d4fce11486a40a1

                                                              SHA1

                                                              29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                              SHA256

                                                              5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                              SHA512

                                                              7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                              Filesize

                                                              94KB

                                                              MD5

                                                              c69c7690482c75a8fc70df2990d7afc6

                                                              SHA1

                                                              79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

                                                              SHA256

                                                              580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

                                                              SHA512

                                                              ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                              Filesize

                                                              688KB

                                                              MD5

                                                              111e2e63bccead95bb5ffc53c9282070

                                                              SHA1

                                                              eaae7df21e291aa089bc101b1e265ca202be1225

                                                              SHA256

                                                              9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

                                                              SHA512

                                                              ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                              Filesize

                                                              27KB

                                                              MD5

                                                              797c9554ec56fd72ebb3f6f6bef67fb5

                                                              SHA1

                                                              40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                              SHA256

                                                              7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                              SHA512

                                                              4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                              Filesize

                                                              214KB

                                                              MD5

                                                              01807774f043028ec29982a62fa75941

                                                              SHA1

                                                              afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                              SHA256

                                                              9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                              SHA512

                                                              33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                              Filesize

                                                              37KB

                                                              MD5

                                                              efb4712c8713cb05eb7fe7d87a83a55a

                                                              SHA1

                                                              c94d106bba77aecf88540807da89349b50ea5ae7

                                                              SHA256

                                                              30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                              SHA512

                                                              3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                              Filesize

                                                              397KB

                                                              MD5

                                                              810f893e58861909b134fa72e3bc90cd

                                                              SHA1

                                                              524977f32836634132d23997b23304574d8d156a

                                                              SHA256

                                                              b83b6c1f64b6700d7444586a6214858a1479c58571f5e7bf4f023166c9016733

                                                              SHA512

                                                              db463d34a37403a9248d463ae63989b40a0172d9543bda922dacb10a624eb603700628a67d9c86df2605c36d789902ec79228aa29f26c49be0195c54a9e4a191

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                              Filesize

                                                              197KB

                                                              MD5

                                                              d0d21e16e57a1a73056eae228da1e287

                                                              SHA1

                                                              ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                              SHA256

                                                              3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                              SHA512

                                                              470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                              Filesize

                                                              56KB

                                                              MD5

                                                              d0aa95693d78fd438552bd9df01fec78

                                                              SHA1

                                                              0e7173c1af5d5543d5a41aed690e59f3ae4bb0b9

                                                              SHA256

                                                              11201ece7c3ee4bbcde0b84a2bc7c251ef57fce5200b2a1ae437fc959c7ad8a7

                                                              SHA512

                                                              7b48864e72627bb51063ea49f6459eb6c05baa64066d8e6c85f2ff7b7de26b633ff973e2a830da63b6824eaea65690e3f6b29af8adbc0c24724016a8764f3b15

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              9d1528a2ce17522f6de064ae2c2b608e

                                                              SHA1

                                                              2f1ce8b589e57ab300bb93dde176689689f75114

                                                              SHA256

                                                              11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                              SHA512

                                                              a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                              Filesize

                                                              809B

                                                              MD5

                                                              8b6737800745d3b99886d013b3392ac3

                                                              SHA1

                                                              bb94da3f294922d9e8d31879f2d145586a182e19

                                                              SHA256

                                                              86f10504ca147d13a157944f926141fe164a89fa8a71847458bda7102abb6594

                                                              SHA512

                                                              654dda9b645b4900ac6e5bb226494921194dab7de71d75806f645d9b94ed820055914073ef9a5407e468089c0b2ee4d021f03c2ea61e73889b553895e79713df

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.5384.update
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              14ffcf07375b3952bd3f2fe52bb63c14

                                                              SHA1

                                                              ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                              SHA256

                                                              6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                              SHA512

                                                              14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              c41ad6d7b090f3a4d6a863bb3cf18c6e

                                                              SHA1

                                                              fceb5f17d815ece8e7d895af5ea1a2b5f244d801

                                                              SHA256

                                                              edc07bdfab4b29c181fe6115d7e16f210e274a436357fe6f2ba0819277f0ee83

                                                              SHA512

                                                              dca09eaa2f71e7a54b0e138af52f05e03d683dcca8653a98bfb6509ab0a61014ecb5d2a606971b3898ce66ca1e985c8eac42550fa94a7f789d1941d9dffca760

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                              Filesize

                                                              13KB

                                                              MD5

                                                              379cc01abc62eaf2d2878ccf0b167fea

                                                              SHA1

                                                              4e79b82c63e56c61eacf6eef57d8fb6801a1a9b3

                                                              SHA256

                                                              a3b8a85a2a88fefb2b5d7b47b15a8be6e0c427652c1aef50616cbbc30cf63bad

                                                              SHA512

                                                              255bd9cfe15cdc6af5a2083b31146be40b287a03ab3c2cb3a78c1dd6f981e2851f38f252f4e9f737e30475bb11d551d931384f12cc6fc5d5b2263b4e6a52d84d

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                              Filesize

                                                              2B

                                                              MD5

                                                              81051bcc2cf1bedf378224b0a93e2877

                                                              SHA1

                                                              ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                              SHA256

                                                              7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                              SHA512

                                                              1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                              Filesize

                                                              54KB

                                                              MD5

                                                              77c613ffadf1f4b2f50d31eeec83af30

                                                              SHA1

                                                              76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                              SHA256

                                                              2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                              SHA512

                                                              29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                              Filesize

                                                              333KB

                                                              MD5

                                                              745714d838c4d4f88c6e0db6a434f444

                                                              SHA1

                                                              90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                              SHA256

                                                              e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                              SHA512

                                                              08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                              Filesize

                                                              70KB

                                                              MD5

                                                              e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                              SHA1

                                                              22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                              SHA256

                                                              bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                              SHA512

                                                              00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                              Filesize

                                                              50KB

                                                              MD5

                                                              5bb0687e2384644ea48f688d7e75377b

                                                              SHA1

                                                              44e4651a52517570894cfec764ec790263b88c4a

                                                              SHA256

                                                              963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                              SHA512

                                                              260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                              Filesize

                                                              32KB

                                                              MD5

                                                              2ec1d28706b9713026e8c6814e231d7c

                                                              SHA1

                                                              7ef12a01182d28a5ebf049cc1cb80619cd1e391a

                                                              SHA256

                                                              c9514bf67df87ac6cc1002f3585d5b6f7d4093a7a794d524fa8c635f052733de

                                                              SHA512

                                                              9e23588dc6d721f42e309974c3f3089f845f10d1dee87fb26213ba3810ee3c272d758632cf1c9157f6862ba0e582afc49c1ee51540461f41840650f216f35aeb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                              Filesize

                                                              59KB

                                                              MD5

                                                              26c25e48b69eb8df7d6cea01fd66f3df

                                                              SHA1

                                                              d70e92a8b8d358c7a2e200b11e23703cf43d93e9

                                                              SHA256

                                                              f6da2cc4a4ca0a4cff92a2c9f61e546255bfe9d02eb1087a033b1a45e06fec87

                                                              SHA512

                                                              6414db6ba626fe4b39155052638a15707cf60836056560fceeb5a1ea8faee1bee830840900f1635ff5a0ce1d271f73062660bd0ec582815e0bc56f4997a45feb

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                              Filesize

                                                              588KB

                                                              MD5

                                                              17d74c03b6bcbcd88b46fcc58fc79a0d

                                                              SHA1

                                                              bc0316e11c119806907c058d62513eb8ce32288c

                                                              SHA256

                                                              13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                              SHA512

                                                              f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                              Download Submit

                                                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                              Filesize

                                                              208B

                                                              MD5

                                                              1b71d593c0e05bc2638b27d773d43a46

                                                              SHA1

                                                              db1b62ac7d37906820259b75096c0a50c263e52c

                                                              SHA256

                                                              b8441e22e4797ee620dcf2b08f8cd8764991b18d9db0646d57f69f2a0658c176

                                                              SHA512

                                                              042472a1a51a47415200549df1eb3e2c8a4c9d8ed3057ea2d0951ee1daf65e849e730cd4e369412ea5b81a2be30247cc53bd533df74bf9ccfd20e8281d68af6b

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              1ef7574bc4d8b6034935d99ad884f15b

                                                              SHA1

                                                              110709ab33f893737f4b0567f9495ac60c37667c

                                                              SHA256

                                                              0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                              SHA512

                                                              947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              f512536173e386121b3ebd22aac41a4e

                                                              SHA1

                                                              74ae133215345beaebb7a95f969f34a40dda922a

                                                              SHA256

                                                              a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                              SHA512

                                                              1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                              Filesize

                                                              76KB

                                                              MD5

                                                              b40fe65431b18a52e6452279b88954af

                                                              SHA1

                                                              c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                              SHA256

                                                              800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                              SHA512

                                                              e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                              Filesize

                                                              80KB

                                                              MD5

                                                              3904d0698962e09da946046020cbcb17

                                                              SHA1

                                                              edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                              SHA256

                                                              a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                              SHA512

                                                              c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                              Download Submit

                                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                              Filesize

                                                              96KB

                                                              MD5

                                                              673a852565144454735207b2ee20669c

                                                              SHA1

                                                              83ae0fa25e78c0997fec89a54464817c76e4f609

                                                              SHA256

                                                              1e6575dfadceb251556a4a355b689b69ead75295f56a353f69676c54ff048210

                                                              SHA512

                                                              aa8baa48449d8755a284c1ebc955cfb6af796f3ab287559a13fdff04d4f272a69073f7806d33560357fe61ad4bd1c0b4c21816ee41349d4f63475cde35b9dc7c

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                              Filesize

                                                              287B

                                                              MD5

                                                              fcad4da5d24f95ebf38031673ddbcdb8

                                                              SHA1

                                                              3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                              SHA256

                                                              7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                              SHA512

                                                              1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              362ce475f5d1e84641bad999c16727a0

                                                              SHA1

                                                              6b613c73acb58d259c6379bd820cca6f785cc812

                                                              SHA256

                                                              1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                              SHA512

                                                              7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                              Filesize

                                                              1.3MB

                                                              MD5

                                                              40df7f2a02cdfa70ae76d70d21473428

                                                              SHA1

                                                              4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                              SHA256

                                                              f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                              SHA512

                                                              2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              5ed9543e9f5826ead203316ef0a8863d

                                                              SHA1

                                                              8235c0e7568ec42d6851c198adc76f006883eb4b

                                                              SHA256

                                                              33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                              SHA512

                                                              5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              9a9b1fd85b5f1dcd568a521399a0d057

                                                              SHA1

                                                              34ed149b290a3a94260d889ba50cb286f1795fa6

                                                              SHA256

                                                              88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                              SHA512

                                                              7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                              Filesize

                                                              383KB

                                                              MD5

                                                              f6f297c704f4f4c13d50f971daea3b56

                                                              SHA1

                                                              118581c847ea863ff8bca0a38b5469577ac6b227

                                                              SHA256

                                                              a92e1c423c30b6bb4c73f8807890b6020e12cad4143ebf6548d6562cd04f0b4b

                                                              SHA512

                                                              b312447f381d48b68308b68cd841a4274897fe4e4bd5ea3fcdfd598a6926db1ad43443bf7c0b103fdf06e1b511f5ea1b2e8018abc62a39b9b7f2d4be17a7c848

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                              Filesize

                                                              321KB

                                                              MD5

                                                              d3901e62166e9c42864fe3062cb4d8d5

                                                              SHA1

                                                              c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                              SHA256

                                                              dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                              SHA512

                                                              ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                              Filesize

                                                              814KB

                                                              MD5

                                                              9b1f97a41bfb95f148868b49460d9d04

                                                              SHA1

                                                              768031d5e877e347a249dfdeab7c725df941324b

                                                              SHA256

                                                              09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                              SHA512

                                                              9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe.config
                                                              Filesize

                                                              541B

                                                              MD5

                                                              d0efb0a6d260dbe5d8c91d94b77d7acd

                                                              SHA1

                                                              e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                              SHA256

                                                              7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                              SHA512

                                                              a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                              Filesize

                                                              1.2MB

                                                              MD5

                                                              e74d2a16da1ddb7f9c54f72b8a25897c

                                                              SHA1

                                                              32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                              SHA256

                                                              a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                              SHA512

                                                              52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                              Filesize

                                                              11B

                                                              MD5

                                                              5eda46a55c61b07029e7202f8cf1781c

                                                              SHA1

                                                              862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                              SHA256

                                                              12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                              SHA512

                                                              4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                              Filesize

                                                              3.4MB

                                                              MD5

                                                              93e4c198656fc267f392de11dee01cd0

                                                              SHA1

                                                              e92cb59486745ee7564f5b374e790a065e1f4678

                                                              SHA256

                                                              88b220f9f9bf25f856dda714aa1a1ae998720780cd3ec5b968154e03834fa965

                                                              SHA512

                                                              3a04a02982dbbbb9d54b6c5674f2f2c10e0cbce580e3974cd924cc9131cd94aece71c7b975c9abaae82f057c70243fb016d31339e8700c96bd55c434bb98105f

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              b4a865268d5aca5f93bab91d7d83c800

                                                              SHA1

                                                              95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                              SHA256

                                                              5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                              SHA512

                                                              c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              82080d3f1398c0948453f1be972e998d

                                                              SHA1

                                                              30c92ce0d93204e53477d19e556c3864324dfea9

                                                              SHA256

                                                              104c009b87fb0b0189ee1800b1b1cd7b25cb8c858451b42c9665b4618c90ae2a

                                                              SHA512

                                                              f1b60c2020afb3145a960834d0b5174e5f52bccba88ce4dc44a91597186008f9bb36593e3d0bea1fd86379d84cba43967df76b571d277c28634576053ec400de

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              9eb245ce648f09215156328a102a8a58

                                                              SHA1

                                                              191f3608c8d5b4434b82e3e8cb04049d2c70c3a0

                                                              SHA256

                                                              7132f7036b743e7fbdd83e22842bfe9b2cd019c0505a25780127b9a4b67333e0

                                                              SHA512

                                                              f74a83b53deb4a6c3982189cc764a702ee02f43d430e686be07f4d98502031b7d42729f9db2f956eb3afd668a317aa5e57025d313857b6fc8437765caec422ea

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                              Filesize

                                                              2.8MB

                                                              MD5

                                                              ab8d85c093d6f0180bf09ec0f466b78b

                                                              SHA1

                                                              1daf355d14d45b1e411f96fa394a98a84c09e53e

                                                              SHA256

                                                              d1e08c8dbf3bfc34e3fdfc390d2e7f5b871f95376e7dda93e3dd0051d580db40

                                                              SHA512

                                                              2882292301e1fb85b410570ece6cf05f3e89968a02450dba192a1f97282f1c08ed30819e3d36c524fba3baeb6a2c22a10a762c8313e8823c07554b4b975cc00e

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              f39fbf03ca870084bde8bfd5e6e1ec39

                                                              SHA1

                                                              00febae56b76f76166fa64a0c0dc746b9feb61e4

                                                              SHA256

                                                              1c2761c31cf551a7b3034618fd0018d1a304bbcb97383d2bb13c47aeb8b23c60

                                                              SHA512

                                                              4c974603fb33e3711dc7f28e4580fef2a197ee1abfcc2c2384e4053c939847fa94b5d27a44ca6ad1fc8799dd80c2cc975c87e55e15902786e4b1e8dbe362bf7a

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              6c6f85e896655a6eb726482f04c49086

                                                              SHA1

                                                              2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                              SHA256

                                                              e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                              SHA512

                                                              b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              880d31390a25de6a9cd34463b46c75e6

                                                              SHA1

                                                              837af65938c9606b5de3c6f2195fc3e855554cd7

                                                              SHA256

                                                              425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                              SHA512

                                                              8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                              Filesize

                                                              670KB

                                                              MD5

                                                              96e50bbca30d75af7b8b40acf8dda817

                                                              SHA1

                                                              4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                              SHA256

                                                              a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                              SHA512

                                                              0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                              Filesize

                                                              3.1MB

                                                              MD5

                                                              8e70af11d0ee2abe139b40d67e70b73c

                                                              SHA1

                                                              18582e88e16255d5d267904bdf0357ec9ff333e0

                                                              SHA256

                                                              5c687adaa48b83de220e8489e0ceb0093be1f94260750c8d94a1b8497781327e

                                                              SHA512

                                                              3a845ed4ab368b0dde7e98d77fb796e9070f6bb9472ea833e52b19eb5bd47260e0b288fd3c8d19235bd9ded6f7b11ea10985ad871c8f5c82751249301d3ee4a6

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.ini
                                                              Filesize

                                                              12B

                                                              MD5

                                                              9a5e9a329e4e73e0c499371205a810db

                                                              SHA1

                                                              5b6d85657d4acd89867283fbe372e9e85c30686f

                                                              SHA256

                                                              d109087c4ca318cad74b7560c32594d37181885adbdc9348ba1dd35d47b35b92

                                                              SHA512

                                                              02bd5261b9e795ed5a07badd65a6cf71d18751452fb44bdd424dfcc6c50ba7441e0066b125e731018fd6f1a8a002ac4e6961c7eff21c36fbda58c8015a100c43

                                                              Download Submit

                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                              Filesize

                                                              572KB

                                                              MD5

                                                              7062f2490fde7624ceab2fac6a996b98

                                                              SHA1

                                                              63a355ebf702bd6fb4e10f4353e5dbaa036ff635

                                                              SHA256

                                                              dbf3e40e068c22a995bb917ef51153bf1d4dd06ab8a5bb5486ea017245edbf1c

                                                              SHA512

                                                              5674e823473887669a1d12ecea9f7569633fb885f570b3c7bd8fbb706b214c564a0aaf0bedebd0a61add76582316c7de9a2f5af5b4cd8d04f426d80987f2d7b3

                                                              Download Submit

                                                            • C:\Program Files\dotnet\dotnet.exe
                                                              Filesize

                                                              143KB

                                                              MD5

                                                              71026b098f8fb39c88b003df746d9fa0

                                                              SHA1

                                                              013ca259f551ad6f33db53fff0e121e74408e20e

                                                              SHA256

                                                              11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                              SHA512

                                                              9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                              Download Submit

                                                            • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\4e56e935146f775307d07efb0f0735be
                                                              Filesize

                                                              16KB

                                                              MD5

                                                              b2e89027a140a89b6e3eb4e504e93d96

                                                              SHA1

                                                              f3b1b34874b73ae3032decb97ef96a53a654228f

                                                              SHA256

                                                              5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                              SHA512

                                                              93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                              Download Submit

                                                            • C:\ProgramData\chocolatey\logs\chocolatey.log
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              e2548637e6d197c788d72260b38deb96

                                                              SHA1

                                                              986d09b97582942d0f995e14b5ef64c3396d1892

                                                              SHA256

                                                              38351862a8142a938e39de9d977ced1594561e4b44bea2ce12dd3c029008f9f9

                                                              SHA512

                                                              3f38223f53e1766b757cbdb0726ece88a0831a087e331f64a7c634fc4935ec49ac3c917ee0944c8d2bb7e49919d85f0cdf7799c49fe8abb641773a006dcf92b4

                                                              Download Submit

                                                            • C:\ProgramData\chocolatey\tools\7z.exe.manifest
                                                              Filesize

                                                              513B

                                                              MD5

                                                              8f89387331c12b55eaa26e5188d9e2ff

                                                              SHA1

                                                              537fdd4f1018ce8d08a3d151ad07b55d96e94dd2

                                                              SHA256

                                                              6b7368ce5e38f6e0ee03ca0a9d1a2322cc0afc07e8de9dcc94e156853eae5033

                                                              SHA512

                                                              04c10ae52f85d3a27d4b05b3d1427ddc2afaccfe94ed228f8f6ae4447fd2465d102f2dd95caf1b617f8c76cb4243716469d1da3dac3292854acd4a63ce0fd239

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                              Filesize

                                                              471B

                                                              MD5

                                                              a92359bcd40ab68df3b2a726b293703e

                                                              SHA1

                                                              03af49fbe93ce7312ceb352c712941d1ac5fd2f0

                                                              SHA256

                                                              e61fca89129e6e9eecaafaa8612f1d82efb267b900a8ca27427fa0b32e065c63

                                                              SHA512

                                                              f2f2ff4c354ce68642ec37357e40c28cfc2449bfa9971ffe59c800a50287f8a39b5729a6fb2aaf8f23b9f45ea3e478a9f12dbba0479d93e4c2c598263aa7ce92

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              727B

                                                              MD5

                                                              12d865d718c648c03e5657a02fbd7128

                                                              SHA1

                                                              67992668978bbcf0dc94166c3d68fe91adf5a4f7

                                                              SHA256

                                                              605bc5c5942c346edd5a9639cd65d9829c8aa80d06b01dfd1b7c8dfa5fc5f671

                                                              SHA512

                                                              02628a076f36de16e92be4b799074dcc843df16a065313662b163a368b46e9a458388e9e4a5c7deedeb9ea3db9da47ba886fa9be7fb8724c5f6af46a372c4c41

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              727B

                                                              MD5

                                                              7ede1c2319349ee09eef9b918f848ee1

                                                              SHA1

                                                              907bc671d8865713c6c6758ab35d880bc195cd26

                                                              SHA256

                                                              0091300b2b650fad4fdf32c8681ca431aa280403bb7afec50e1e3b2232537c9e

                                                              SHA512

                                                              673710e89af144f22a6a69011341e48681cf2b46ec58fa7ceed13688f3dfa17e5c8ea9f8054cb99c054864ec980fa0acebdb480ce9abf4d1d7a8ec46dcfb5866

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                              Filesize

                                                              400B

                                                              MD5

                                                              04578729df8748b66c4818937234de1c

                                                              SHA1

                                                              0f0ca213387bfaadd081ea1f1834ed2d93c17195

                                                              SHA256

                                                              5304669a8e29c4193aa9327d19ca2e20ba02c8847ba98e1fbfb635691e4c2151

                                                              SHA512

                                                              505e343f28a5f297683caaebe21231a937162f4929db83b28adf0ec2229f362822ac9d496d8de92b2e587c12fd03779b12483d4d51596ff6cd4b462f8c2ffe3b

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              404B

                                                              MD5

                                                              6b0ace28719b433e34d96cea5358440e

                                                              SHA1

                                                              b056936d4b99825dfdf522c2d06254d50e329755

                                                              SHA256

                                                              76985fffef495edff5d43a9c8f4628d20c365de5f9e66a286962031e606586aa

                                                              SHA512

                                                              1c58bfd9996828c68685e585014969400396846a3292bb33f70b475cb212280a8eb3dc41b5156ef8be707c839f115de195f58bbf9778be1a47f49a9f28fb127f

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              412B

                                                              MD5

                                                              3ac1829b44b7bd327e252c0d7f6e1c17

                                                              SHA1

                                                              26506d9801dd20c97c6558aeb86b25f6f534098b

                                                              SHA256

                                                              c5024f0bdc0f9c0e8727a0fd10bb9eb99a8fd9998116248f59c4ea259dedf913

                                                              SHA512

                                                              febc8dab439996c1cefd7aaf8cb1520e29989ec8bb2640eb470e8d96db5730d4ca90a019f14dbcc166d7d1686dc9bfe1cd1ab57485b6cd9464b1527c0854ee67

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                              Filesize

                                                              651B

                                                              MD5

                                                              9bbfe11735bac43a2ed1be18d0655fe2

                                                              SHA1

                                                              61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                              SHA256

                                                              549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                              SHA512

                                                              a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                              Download Submit

                                                            • C:\Windows\Installer\MSI4204.tmp
                                                              Filesize

                                                              4.5MB

                                                              MD5

                                                              08211c29e0d617a579ffa2c41bde1317

                                                              SHA1

                                                              4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                              SHA256

                                                              3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                              SHA512

                                                              d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                              Download Submit

                                                            • C:\Windows\Installer\MSI9C4D.tmp-\System.Management.dll
                                                              Filesize

                                                              60KB

                                                              MD5

                                                              878e361c41c05c0519bfc72c7d6e141c

                                                              SHA1

                                                              432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                              SHA256

                                                              24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                              SHA512

                                                              59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIDF83.tmp
                                                              Filesize

                                                              509KB

                                                              MD5

                                                              88d29734f37bdcffd202eafcdd082f9d

                                                              SHA1

                                                              823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                              SHA256

                                                              87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                              SHA512

                                                              1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIDF83.tmp-\AlphaControlAgentInstallation.dll
                                                              Filesize

                                                              25KB

                                                              MD5

                                                              aa1b9c5c685173fad2dabebeb3171f01

                                                              SHA1

                                                              ed756b1760e563ce888276ff248c734b7dd851fb

                                                              SHA256

                                                              e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                              SHA512

                                                              d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIDF83.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              1a5caea6734fdd07caa514c3f3fb75da

                                                              SHA1

                                                              f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                              SHA256

                                                              cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                              SHA512

                                                              a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIE291.tmp-\CustomAction.config
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              bc17e956cde8dd5425f2b2a68ed919f8

                                                              SHA1

                                                              5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                              SHA256

                                                              e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                              SHA512

                                                              02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIE291.tmp-\Newtonsoft.Json.dll
                                                              Filesize

                                                              695KB

                                                              MD5

                                                              715a1fbee4665e99e859eda667fe8034

                                                              SHA1

                                                              e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                              SHA256

                                                              c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                              SHA512

                                                              bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIE7C4.tmp
                                                              Filesize

                                                              211KB

                                                              MD5

                                                              a3ae5d86ecf38db9427359ea37a5f646

                                                              SHA1

                                                              eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                              SHA256

                                                              c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                              SHA512

                                                              96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                              Download Submit

                                                            • C:\Windows\Installer\MSIF2D9.tmp
                                                              Filesize

                                                              219KB

                                                              MD5

                                                              928f4b0fc68501395f93ad524a36148c

                                                              SHA1

                                                              084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                              SHA256

                                                              2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                              SHA512

                                                              7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                              Download Submit

                                                            • C:\Windows\Installer\e57def6.msi
                                                              Filesize

                                                              2.9MB

                                                              MD5

                                                              eaf2eab89c1b5f8eccf2e62a5a4fb002

                                                              SHA1

                                                              24e2a1958e34f8db3378c8210ef5f0e5166a1537

                                                              SHA256

                                                              819ad25e1dfd53f40ca7d7d176c2a1abf14b16fd5325936c1390ab3001e26af9

                                                              SHA512

                                                              25e7a8b39e585867d71b8edc472b4240e051a5ef5e2c23ddcddc20dc556a8381adc783884c7e2183c778ca445379654bc59a0cf16e4029c2b4b479243d34494a

                                                              Download Submit

                                                            • C:\Windows\Installer\e57df12.msi
                                                              Filesize

                                                              26.3MB

                                                              MD5

                                                              b9c6d23462adef092b8a5b7880531b03

                                                              SHA1

                                                              9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                              SHA256

                                                              2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                              SHA512

                                                              18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                              Download Submit

                                                            • C:\Windows\Installer\e57df13.msi
                                                              Filesize

                                                              772KB

                                                              MD5

                                                              d73de5788ab129f16afdd990d8e6bfa9

                                                              SHA1

                                                              88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                              SHA256

                                                              4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                              SHA512

                                                              bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{18f44494-3e56-de43-9435-516338c64a6b}\lci_iddcx.cat
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              62458e58313475c9a3642a392363e359

                                                              SHA1

                                                              e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                              SHA256

                                                              85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                              SHA512

                                                              49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{18f44494-3e56-de43-9435-516338c64a6b}\lci_iddcx.inf
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              1cec22ca85e1b5a8615774fca59a420b

                                                              SHA1

                                                              049a651751ef38321a1088af6a47c4380f9293fc

                                                              SHA256

                                                              60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                              SHA512

                                                              0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{18f44494-3e56-de43-9435-516338c64a6b}\x64\lci_iddcx.dll
                                                              Filesize

                                                              52KB

                                                              MD5

                                                              01e8bc64139d6b74467330b11331858d

                                                              SHA1

                                                              b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                              SHA256

                                                              148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                              SHA512

                                                              4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{38b307de-d0fd-3f4a-a2fb-668b3cdc0083}\lci_proxywddm.cat
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              8e16d54f986dbe98812fd5ec04d434e8

                                                              SHA1

                                                              8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                              SHA256

                                                              7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                              SHA512

                                                              e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{38b307de-d0fd-3f4a-a2fb-668b3cdc0083}\lci_proxywddm.inf
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              0315a579f5afe989154cb7c6a6376b05

                                                              SHA1

                                                              e352ff670358cf71e0194918dfe47981e9ccbb88

                                                              SHA256

                                                              d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                              SHA512

                                                              c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{38b307de-d0fd-3f4a-a2fb-668b3cdc0083}\x64\lci_proxyumd.dll
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              4dc11547a5fc28ca8f6965fa21573481

                                                              SHA1

                                                              d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                              SHA256

                                                              e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                              SHA512

                                                              bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{38b307de-d0fd-3f4a-a2fb-668b3cdc0083}\x64\lci_proxyumd32.dll
                                                              Filesize

                                                              135KB

                                                              MD5

                                                              67ae7b2c36c9c70086b9d41b4515b0a8

                                                              SHA1

                                                              ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                              SHA256

                                                              79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                              SHA512

                                                              4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                              Download Submit

                                                            • C:\Windows\System32\DriverStore\Temp\{38b307de-d0fd-3f4a-a2fb-668b3cdc0083}\x64\lci_proxywddm.sys
                                                              Filesize

                                                              119KB

                                                              MD5

                                                              b9b0e9b4d93b18b99ece31a819d71d00

                                                              SHA1

                                                              2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                              SHA256

                                                              0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                              SHA512

                                                              465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                              Download Submit

                                                            • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-03-57-49.dat
                                                              Filesize

                                                              602B

                                                              MD5

                                                              ecc87e9b6dec21dde28e2748e94d9339

                                                              SHA1

                                                              ccf244e7da71770c821d272de8126218bb6276ef

                                                              SHA256

                                                              3141bf45a2318fd82adaeb1a7aced55b23869a637043a7858e4e8d787205e1b3

                                                              SHA512

                                                              8b8f2e9f3df2a8a4ac07e66385576c477879578c9c2bf3258fe27c1ac290184079efb2f26b276fe0caefd4ab8c2ea458e11298e5791169879a57d08a0205898e

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              850B

                                                              MD5

                                                              069754d867db055569014d068f47c5c8

                                                              SHA1

                                                              c30c4011ed3420dca623eedf0c4a0d1ffdd3a24a

                                                              SHA256

                                                              450f858580a969195a5764b9624eb49ff4a3f47d8209546ef665e7b6d41cc571

                                                              SHA512

                                                              b1af75bc2c93f9b3f5a0edf1d048a6f9cdd0fa32c6f5724189c10229ca35ed2ef5697c95240a95936ffdd222cd8f31745b20da18fdbcb625be7e1ef948c53ccb

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              15fd0ac2f497d2b0d3878c360a147d06

                                                              SHA1

                                                              c0ca40a327b5c024bf351bd791ced75f2a13648f

                                                              SHA256

                                                              81f9b2ba18eea858cf00e812a409408022766b7af9a2e793c05f48e8854e96ae

                                                              SHA512

                                                              9712d2310d9ffa9161004369ddc5d44b50db9d459e7f45b96ebf4f101f69a2651d17171b93fe5e0d2db918667ebc29eca54077e1cb6b18eb7e548a153168d83e

                                                              Download Submit

                                                            • C:\Windows\Temp\InstallUtil.log
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              d1ac19f8abd2b6dbe2f5eb25fead6228

                                                              SHA1

                                                              621b71f748bc82ab03450b11c803a5e93a272c6c

                                                              SHA256

                                                              60049097130ccb59d191ebbcc94a1a3eb3a944188f4fcb87c255158ba23129e2

                                                              SHA512

                                                              e207fcc3bd8da7fd5459f02a16ccf0ff663dcd582d9528e07fe9d06bba66e61fb21223adb8da16eaa2d25d00a8b5acc310c6fba7cf76c5fb8a7d7610548686b9

                                                              Download Submit

                                                            • C:\Windows\Temp\PreVer.log
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              a643d7b949176ab7ad8bcf40bf9793ac

                                                              SHA1

                                                              7bffc3497d5250794249b2a6676866b3d2bf1532

                                                              SHA256

                                                              9930239b1e312e4561e753a4d199ca8d16193a1461c85c5465af2e694c8769f1

                                                              SHA512

                                                              1feca065a93db4030e35288dbb9bbb86e1601c4eaba358748602823dedf16aca07d071af113dd019b714611c5017dd98565762541138a26e2d7041834953c272

                                                              Download Submit

                                                            • C:\Windows\Temp\__PSScriptPolicyTest_tbfdmp1w.ws3.ps1
                                                              Filesize

                                                              60B

                                                              MD5

                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                              SHA1

                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                              SHA256

                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                              SHA512

                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              Download Submit

                                                            • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                              Filesize

                                                              3.2MB

                                                              MD5

                                                              2c18826adf72365827f780b2a1d5ea75

                                                              SHA1

                                                              a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                              SHA256

                                                              ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                              SHA512

                                                              474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                              Download Submit

                                                            • C:\Windows\Temp\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\IsConfig.ini
                                                              Filesize

                                                              571B

                                                              MD5

                                                              d239b8964e37974225ad69d78a0a8275

                                                              SHA1

                                                              cf208e98a6f11d1807cd84ca61504ad783471679

                                                              SHA256

                                                              0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                              SHA512

                                                              88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                              Download Submit

                                                            • C:\Windows\Temp\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\String1033.txt
                                                              Filesize

                                                              182KB

                                                              MD5

                                                              99bbffd900115fe8672c73fb1a48a604

                                                              SHA1

                                                              8f587395fa6b954affef337c70781ce00913950e

                                                              SHA256

                                                              57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                              SHA512

                                                              d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                              Download Submit

                                                            • C:\Windows\Temp\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\_is369C.exe
                                                              Filesize

                                                              179KB

                                                              MD5

                                                              7a1c100df8065815dc34c05abc0c13de

                                                              SHA1

                                                              3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                              SHA256

                                                              e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                              SHA512

                                                              bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                              Download Submit

                                                            • C:\Windows\Temp\{1FC23CE4-BFC6-4BA3-AD9F-68E33D4C9377}\setup.inx
                                                              Filesize

                                                              345KB

                                                              MD5

                                                              0376dd5b7e37985ea50e693dc212094c

                                                              SHA1

                                                              02859394164c33924907b85ab0aaddc628c31bf1

                                                              SHA256

                                                              c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                              SHA512

                                                              69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                              Download Submit

                                                            • C:\Windows\Temp\{2298F4CC-C6BA-400A-BFDB-76FDE04E7473}\.ba\bg.png
                                                              Filesize

                                                              4KB

                                                              MD5

                                                              9eb0320dfbf2bd541e6a55c01ddc9f20

                                                              SHA1

                                                              eb282a66d29594346531b1ff886d455e1dcd6d99

                                                              SHA256

                                                              9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                              SHA512

                                                              9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                              Download Submit

                                                            • C:\Windows\Temp\{2298F4CC-C6BA-400A-BFDB-76FDE04E7473}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                              Filesize

                                                              607KB

                                                              MD5

                                                              669de3ab32955e69decfe13a3c89891e

                                                              SHA1

                                                              ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                              SHA256

                                                              2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                              SHA512

                                                              be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                              Download Submit

                                                            • C:\Windows\Temp\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\ISRT.dll
                                                              Filesize

                                                              427KB

                                                              MD5

                                                              85315ad538fa5af8162f1cd2fce1c99d

                                                              SHA1

                                                              31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                              SHA256

                                                              70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                              SHA512

                                                              877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                              Download Submit

                                                            • C:\Windows\Temp\{6E8D9089-2A46-43CB-8EAC-CC4E209DB6CD}\_isres_0x0409.dll
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              befe2ef369d12f83c72c5f2f7069dd87

                                                              SHA1

                                                              b89c7f6da1241ed98015dc347e70322832bcbe50

                                                              SHA256

                                                              9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                              SHA512

                                                              760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                              Download Submit

                                                            • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                              Filesize

                                                              404B

                                                              MD5

                                                              b5209fd1fee5255eb7f2ddbac27fdbb2

                                                              SHA1

                                                              db6bcd8ed59ed0139cb308f73e231f4230443e4a

                                                              SHA256

                                                              859fe5e375d7d1596b222f6fa111548d549df583272815a71839e747aeef104b

                                                              SHA512

                                                              ef57236c5d72c65ecb612bf393aa7e874ec95d6ca8b4d3d25552c4949e6c07107c148d2984389f0a1fdf38285e8e988d1fa1345ffd791b5c232f6c5284089e0f

                                                              Download Submit

                                                            • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                              Filesize

                                                              412B

                                                              MD5

                                                              368e2f15c24b1db4024cead409e8570b

                                                              SHA1

                                                              34572122e2555a707c3abb840ead89413533eaf3

                                                              SHA256

                                                              6e82d212942c8bef56394a862a16cf79d21ccf128200d86cd7fc7294e86963b4

                                                              SHA512

                                                              efbc24ddc6aef66dce2dca1169814996b72d530cc6372a18fa2cc364aae65c0b0d75de0431ceb704e34d003d2a2f4b80f5a628b07a415ebbe60200d5d5cc5f66

                                                              Download Submit

                                                            • memory/220-1082-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/220-1081-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/220-1266-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/220-1269-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/1148-272-0x00000227FA950000-0x00000227FA992000-memory.dmp

                                                              Filesize

                                                              264KB

                                                              Download

                                                            • memory/1148-275-0x00000227FBA90000-0x00000227FBB40000-memory.dmp

                                                              Filesize

                                                              704KB

                                                              Download

                                                            • memory/1148-277-0x00000227FB300000-0x00000227FB31C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/1356-4370-0x000001F1F32C0000-0x000001F1F342A000-memory.dmp

                                                              Filesize

                                                              1.4MB

                                                              Download

                                                            • memory/1356-4328-0x000001F1F32C0000-0x000001F1F342A000-memory.dmp

                                                              Filesize

                                                              1.4MB

                                                              Download

                                                            • memory/1652-110-0x0000000005290000-0x00000000052F6000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/2024-1859-0x000001E3B11D0000-0x000001E3B11EC000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/2024-1882-0x000001E3C9EF0000-0x000001E3C9FCC000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/2024-1881-0x000001E3C9D50000-0x000001E3C9E02000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/2024-1872-0x000001E3C9C40000-0x000001E3C9C8A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/2024-1867-0x000001E3B1290000-0x000001E3B12A8000-memory.dmp

                                                              Filesize

                                                              96KB

                                                              Download

                                                            • memory/2024-1857-0x000001E3B0960000-0x000001E3B0994000-memory.dmp

                                                              Filesize

                                                              208KB

                                                              Download

                                                            • memory/2024-1858-0x000001E3B1200000-0x000001E3B124A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/2024-1868-0x000001E3B11F0000-0x000001E3B11FA000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/2036-1080-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/2036-1079-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/2036-1155-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/2036-2980-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/2036-2981-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/2036-1156-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/2224-39-0x0000000002CC0000-0x0000000002CEE000-memory.dmp

                                                              Filesize

                                                              184KB

                                                              Download

                                                            • memory/2224-43-0x0000000002CB0000-0x0000000002CBC000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/3636-410-0x0000000002E20000-0x0000000002FE7000-memory.dmp

                                                              Filesize

                                                              1.8MB

                                                              Download

                                                            • memory/3636-1009-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3636-829-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3636-832-0x0000000002E60000-0x0000000003027000-memory.dmp

                                                              Filesize

                                                              1.8MB

                                                              Download

                                                            • memory/3636-936-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3636-972-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3636-441-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3636-407-0x0000000010000000-0x0000000010114000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/3712-1835-0x0000021E6DAC0000-0x0000021E6DB72000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/3712-1840-0x0000021E55150000-0x0000021E5516C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/3712-1851-0x0000021E54C80000-0x0000021E54C88000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/3712-1853-0x0000021E55180000-0x0000021E55188000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/3712-1555-0x0000021E54850000-0x0000021E5488A000-memory.dmp

                                                              Filesize

                                                              232KB

                                                              Download

                                                            • memory/3712-1852-0x0000021E55170000-0x0000021E55178000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/3712-1849-0x0000021E55380000-0x0000021E553C8000-memory.dmp

                                                              Filesize

                                                              288KB

                                                              Download

                                                            • memory/3712-1850-0x0000021E54C60000-0x0000021E54C6A000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/3988-241-0x0000016852CC0000-0x0000016852CF8000-memory.dmp

                                                              Filesize

                                                              224KB

                                                              Download

                                                            • memory/3988-197-0x0000016852D10000-0x0000016852DC2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/3988-1883-0x000001A8756A0000-0x000001A87577C000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/3988-205-0x0000016852C50000-0x0000016852C72000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/3988-1856-0x000001A85CA90000-0x000001A85CADA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/3988-1864-0x000001A85CA10000-0x000001A85CA2C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/3988-1855-0x000001A85C1C0000-0x000001A85C1D2000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/3988-1878-0x000001A875500000-0x000001A8755B2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4440-1062-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/4440-1262-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/4440-1141-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/4440-1140-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/4440-1061-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/4440-1263-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/4488-148-0x0000022375260000-0x0000022375288000-memory.dmp

                                                              Filesize

                                                              160KB

                                                              Download

                                                            • memory/4488-160-0x00000223776D0000-0x0000022377768000-memory.dmp

                                                              Filesize

                                                              608KB

                                                              Download

                                                            • memory/4488-164-0x0000022376E10000-0x0000022376E22000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/4488-165-0x0000022376E70000-0x0000022376EAC000-memory.dmp

                                                              Filesize

                                                              240KB

                                                              Download

                                                            • memory/4812-304-0x0000021B210E0000-0x0000021B21192000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/4812-303-0x0000021B07FC0000-0x0000021B07FD6000-memory.dmp

                                                              Filesize

                                                              88KB

                                                              Download

                                                            • memory/4812-305-0x0000021B08820000-0x0000021B0883C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5076-80-0x0000000005550000-0x00000000058A4000-memory.dmp

                                                              Filesize

                                                              3.3MB

                                                              Download

                                                            • memory/5076-76-0x0000000005490000-0x0000000005542000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5076-79-0x0000000005420000-0x0000000005442000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/5276-1760-0x000002174B5A0000-0x000002174B5C0000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/5276-1707-0x0000021763EE0000-0x0000021763F92000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5276-1700-0x000002174B580000-0x000002174B598000-memory.dmp

                                                              Filesize

                                                              96KB

                                                              Download

                                                            • memory/5276-1681-0x000002174AD30000-0x000002174AD3C000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/5292-1766-0x000001A8683F0000-0x000001A8684A2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5292-1869-0x000001A868B40000-0x000001A869068000-memory.dmp

                                                              Filesize

                                                              5.2MB

                                                              Download

                                                            • memory/5292-1701-0x000001A84FBD0000-0x000001A84FBEA000-memory.dmp

                                                              Filesize

                                                              104KB

                                                              Download

                                                            • memory/5292-1682-0x000001A84F250000-0x000001A84F25A000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/5384-1830-0x0000022E2CFC0000-0x0000022E2CFD0000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/5384-1839-0x0000022E459C0000-0x0000022E45A72000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5384-1848-0x0000022E2CFF0000-0x0000022E2D010000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/5384-1829-0x0000022E2C780000-0x0000022E2C792000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/5600-1874-0x0000000072750000-0x0000000072B1D000-memory.dmp

                                                              Filesize

                                                              3.8MB

                                                              Download

                                                            • memory/5600-1873-0x0000000072B20000-0x0000000072C3C000-memory.dmp

                                                              Filesize

                                                              1.1MB

                                                              Download

                                                            • memory/5688-1879-0x000001F89D9A0000-0x000001F89D9A8000-memory.dmp

                                                              Filesize

                                                              32KB

                                                              Download

                                                            • memory/5688-1875-0x000001F8B63B0000-0x000001F8B6462000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5688-1834-0x000001F89D950000-0x000001F89D99A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5688-1854-0x000001F89D900000-0x000001F89D91C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5688-1832-0x000001F89D0C0000-0x000001F89D0D0000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/5688-1871-0x000001F8B6490000-0x000001F8B656C000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/5704-3387-0x0000020B7C400000-0x0000020B7C56A000-memory.dmp

                                                              Filesize

                                                              1.4MB

                                                              Download

                                                            • memory/5704-1880-0x0000020B635F0000-0x0000020B63644000-memory.dmp

                                                              Filesize

                                                              336KB

                                                              Download

                                                            • memory/5704-1837-0x0000020B7BE40000-0x0000020B7BEF2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/5704-1826-0x0000020B63560000-0x0000020B6357C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5704-1825-0x0000020B62D00000-0x0000020B62D12000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/5972-1877-0x000001F2487F0000-0x000001F2488CC000-memory.dmp

                                                              Filesize

                                                              880KB

                                                              Download

                                                            • memory/5972-1824-0x000001F22F380000-0x000001F22F3E8000-memory.dmp

                                                              Filesize

                                                              416KB

                                                              Download

                                                            • memory/5972-1866-0x000001F248540000-0x000001F248588000-memory.dmp

                                                              Filesize

                                                              288KB

                                                              Download

                                                            • memory/5972-1862-0x000001F22FD00000-0x000001F22FD4C000-memory.dmp

                                                              Filesize

                                                              304KB

                                                              Download

                                                            • memory/5972-1838-0x000001F22FC20000-0x000001F22FC3C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/5972-1827-0x000001F22FC50000-0x000001F22FC9A000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/5996-1836-0x0000021E48AE0000-0x0000021E48B00000-memory.dmp

                                                              Filesize

                                                              128KB

                                                              Download

                                                            • memory/5996-1865-0x0000021E48FA0000-0x0000021E48FB4000-memory.dmp

                                                              Filesize

                                                              80KB

                                                              Download

                                                            • memory/5996-1861-0x0000021E49110000-0x0000021E49176000-memory.dmp

                                                              Filesize

                                                              408KB

                                                              Download

                                                            • memory/5996-1831-0x0000021E48710000-0x0000021E48720000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/5996-1843-0x0000021E61930000-0x0000021E619E2000-memory.dmp

                                                              Filesize

                                                              712KB

                                                              Download

                                                            • memory/6056-1860-0x00000262F6FC0000-0x00000262F6FCC000-memory.dmp

                                                              Filesize

                                                              48KB

                                                              Download

                                                            • memory/6056-1870-0x00000262F7800000-0x00000262F781C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/6056-1863-0x00000262F8060000-0x00000262F80AA000-memory.dmp

                                                              Filesize

                                                              296KB

                                                              Download

                                                            • memory/6056-1885-0x00000262F82D0000-0x00000262F8380000-memory.dmp

                                                              Filesize

                                                              704KB

                                                              Download