Overview

overview

10

Static

static

10

NF_e.msi

windows7-x64

10

NF_e.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2025, 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NF_e.msi

  • Size

    2.9MB

  • MD5

    73f95f387f28c4076c731baaf9e0aa2f

  • SHA1

    7ad11a552545d11065bf318a6d631a1c4c441fd4

  • SHA256

    60a7462362c166a19f7b21254568c90c3d4ef5d27b624f68254180c0d4e01e3b

  • SHA512

    f5a1c75f1c6c56319787c458e12b9059252e4ee4c2f9c5e8b6269a03c559cdb85669581443ab434948f5378c8dd7ccd0ae2922cfe1ea6388f13b8fd087c714a9

  • SSDEEP

    49152:m+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:m+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationrat

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 39 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 53 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 9 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 11 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\NF_e.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4072
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:60
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 892545582D33DAF025CE9BD2E2CB7277
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1692
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIBD83.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240631390 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4856
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIC024.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240631859 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:2196
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIC69E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240633593 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2296
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSID6C0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240637687 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4848
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 7C22C05E7F895C81BE7F771D1D341129 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4312
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4772
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:2488
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1468
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Q8oX4IAJ" /AgentId="6da213c6-6a90-4218-af25-2c70214af8ee"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:1100
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding D3CA2C72A082E6433A23889EC002E121 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4144
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 3AFD4983E1AC0E5C1E3BD0B1550A4B39 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1256
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 48E9E4CF7C66F673C71CB09E105B72F1 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:692
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding A55444B7655A3CEAB139B72E6DD8E737 E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:1700
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FB03BB40-9B7E-4621-AF13-D857361F01B8}
          3⤵
          • Executes dropped EXE
          PID:212
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8776E19F-1EE5-4806-A101-A59ABB382D6E}
          3⤵
          • Executes dropped EXE
          PID:4996
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4FA9E5D8-F009-4806-9D0C-E2AEB72FBBD9}
          3⤵
          • Executes dropped EXE
          PID:2908
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{16B82CA1-7A7E-493D-B722-3ABEDD088C4D}
          3⤵
          • Executes dropped EXE
          PID:3888
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E2D70C00-C377-4D31-BC91-1A3AEFEC21EF}
          3⤵
          • Executes dropped EXE
          PID:1116
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0DD333C3-F0C6-4F4A-B660-5E35574BF568}
          3⤵
          • Executes dropped EXE
          PID:3396
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A50539DD-50CB-4C5E-B640-B9E70FE97AE8}
          3⤵
          • Executes dropped EXE
          PID:1600
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{91068D11-5FEE-4C07-AE26-A57C2F6EC8A5}
          3⤵
          • Executes dropped EXE
          PID:4856
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{35979A94-BC49-4339-BF25-40743E3D9AB7}
          3⤵
          • Executes dropped EXE
          PID:2504
        • C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe
          C:\Windows\TEMP\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_is9560.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{94BD8CFF-071B-433E-8DB6-1606AED20A81}
          3⤵
          • Executes dropped EXE
          PID:4360
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4488
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1076
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1744
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:1388
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2296
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4804
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4044
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2020
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:920
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2016
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2252
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2572
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1472
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:4544
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2248
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2040
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2100
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAudioChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:5096
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2364
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRVirtualDisplay.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2168
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2E9176F3-7CBD-4A96-8621-53D3B063B477}
          3⤵
          • Executes dropped EXE
          PID:264
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F39D311D-11B3-46E2-9D29-0E510087AB6E}
          3⤵
          • Executes dropped EXE
          PID:1168
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BC382286-740E-44CE-B613-B5D194773571}
          3⤵
          • Executes dropped EXE
          PID:692
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E043376E-4CF6-446C-A4D0-9D634A1B3EA4}
          3⤵
          • Executes dropped EXE
          PID:3428
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CC20C02D-ED26-4156-B66B-F438BF908578}
          3⤵
          • Executes dropped EXE
          PID:1952
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E0C06E6C-4C4A-40FE-B205-DF79EB0BBCF6}
          3⤵
          • Executes dropped EXE
          PID:3236
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7E382B18-D121-47DA-AA6A-46A4FE6E3819}
          3⤵
          • Executes dropped EXE
          PID:244
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B4CF52D-18F4-48FB-B06D-3844462A5E73}
          3⤵
          • Executes dropped EXE
          PID:2076
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C9F67D95-21A6-4012-9DFC-A20C2E7C9E78}
          3⤵
          • Executes dropped EXE
          PID:2936
        • C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
          C:\Windows\TEMP\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{09DE2C83-83AA-44A6-8EA7-81EB6CFAF7A5}
          3⤵
          • Executes dropped EXE
          PID:3608
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{77C2CDB0-A00F-4DA9-9FFA-8A7AB4944E9D}
          3⤵
          • Executes dropped EXE
          PID:3708
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D44F836-E19C-4AE8-85CF-50F7CBDA4CBC}
          3⤵
          • Executes dropped EXE
          PID:1904
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6CE01115-905B-4445-907B-5CBC61AB4443}
          3⤵
          • Executes dropped EXE
          PID:1740
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44331E71-020A-49A1-A668-A0B57DFCB1FA}
          3⤵
          • Executes dropped EXE
          PID:4432
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C0510C22-95AD-4FFB-83FA-158FA96FD982}
          3⤵
          • Executes dropped EXE
          PID:3928
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{41002552-2652-4FDD-AB74-6B555851A4AF}
          3⤵
          • Executes dropped EXE
          PID:4544
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1731907C-5592-4D4F-9C41-5063C669B80F}
          3⤵
          • Executes dropped EXE
          PID:436
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1FE8C81F-E1CB-420D-B190-656F6DE3FB1C}
          3⤵
          • Executes dropped EXE
          PID:380
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4B59ADAB-C363-488E-8FDB-2275A6A22374}
          3⤵
          • Executes dropped EXE
          PID:2040
        • C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe
          C:\Windows\TEMP\{54057178-FB10-4154-AEBE-6FA99AE2AA56}\_isAC94.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B1EEE5F-2322-4479-8D4C-7BB111EBEFAA}
          3⤵
          • Executes dropped EXE
          PID:3236
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2568
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3648
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:4468
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:2688
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:4328
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
              3⤵
              • System Location Discovery: System Language Discovery
              PID:2912
            • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
              C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BEA4788E-2C0C-4527-BCA4-F63BD02E75D9}
              3⤵
                PID:2616
              • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9C8729ED-DE66-4BFD-9DD0-11D509C2477C}
                3⤵
                  PID:1804
                • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                  C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE45C701-5601-4E92-AEC2-26688454F4BB}
                  3⤵
                    PID:4644
                  • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                    C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F4DAABDF-E8D6-4CE7-85F8-1C8FA65C2975}
                    3⤵
                      PID:4856
                    • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                      C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4A65F288-9C85-4C68-83CB-25C790F8ED3A}
                      3⤵
                        PID:4036
                      • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                        C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D98839C4-192E-4EF5-ADFF-DA019C3309FE}
                        3⤵
                          PID:4800
                        • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                          C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3CBCD88A-C2D7-4AD2-BBA5-9415F201DCE9}
                          3⤵
                            PID:1656
                          • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                            C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F3F9C441-5A5E-4BBD-91D9-264557D42856}
                            3⤵
                              PID:2036
                            • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                              C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3AEB63F4-111D-4C6A-A596-80E5DD5823A2}
                              3⤵
                                PID:3388
                              • C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe
                                C:\Windows\TEMP\{A7BDAEB7-D56D-4A70-A2F8-B9D5679AAF5C}\_isC108.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A2519CED-3DB4-4B2E-AAC2-8BA2139C8AA4}
                                3⤵
                                  PID:1140
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  • Modifies registry class
                                  PID:3708
                                • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                  C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{95045637-EB87-4AD2-B5C8-0C53C1171E84}
                                  3⤵
                                    PID:380
                                  • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                    C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{641D163C-BDD7-4B0A-BB1C-B5039758FAF7}
                                    3⤵
                                      PID:3692
                                    • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                      C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ECD94AE8-2668-462F-83D2-C370BE4412C5}
                                      3⤵
                                        PID:3888
                                      • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                        C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B3E14EF3-59B0-40E8-8771-22DD42510D40}
                                        3⤵
                                          PID:1236
                                        • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                          C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{898DFE50-168B-42A7-AEAA-0D5365B39774}
                                          3⤵
                                            PID:2908
                                          • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                            C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A0A6BCD4-A1BC-4B7E-A3E6-9F42323B03DF}
                                            3⤵
                                              PID:2132
                                            • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                              C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F033E009-C16F-45F1-9EBD-DAED9A9C0702}
                                              3⤵
                                                PID:4512
                                              • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                                C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CC5D8CC3-6EFB-467F-99F0-9BCFCBC3EFE1}
                                                3⤵
                                                  PID:3772
                                                • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                                  C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B58AA6AE-D237-4611-8CDD-7F661892BD8A}
                                                  3⤵
                                                    PID:3192
                                                  • C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe
                                                    C:\Windows\TEMP\{0299DFD0-04C9-4D7F-A493-5AC31D249806}\_isC4A3.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{62B22351-7981-4E7D-9F70-B195C5A18C03}
                                                    3⤵
                                                      PID:4360
                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                                                      3⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:3700
                                                • C:\Windows\system32\vssvc.exe
                                                  C:\Windows\system32\vssvc.exe
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1524
                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                  1⤵
                                                  • Drops file in System32 directory
                                                  • Drops file in Program Files directory
                                                  • Executes dropped EXE
                                                  • Modifies data under HKEY_USERS
                                                  • Modifies system certificate store
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:116
                                                  • C:\Windows\System32\sc.exe
                                                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                    2⤵
                                                    • Launches sc.exe
                                                    PID:3632
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "561f03d1-20cf-420b-abd7-475f024fcff2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:436
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "4ef58f76-d21f-42aa-906d-baabb181a768" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:380
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "b9bb831b-08f3-4816-8f90-636cc41ae787" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:2168
                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                      3⤵
                                                      • Drops file in System32 directory
                                                      • Command and Scripting Interpreter: PowerShell
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:2336
                                                    • C:\Windows\System32\cmd.exe
                                                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                      3⤵
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:3692
                                                      • C:\Windows\system32\cscript.exe
                                                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                        4⤵
                                                        • Modifies data under HKEY_USERS
                                                        PID:4032
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "6f0210f8-22e6-482f-804b-e22c4728bada" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:4820
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "3f4c4577-7238-43c2-a14a-52278ea05125" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:212
                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                  1⤵
                                                  • Drops file in System32 directory
                                                  • Drops file in Program Files directory
                                                  • Executes dropped EXE
                                                  • Modifies data under HKEY_USERS
                                                  • Modifies system certificate store
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:392
                                                  • C:\Windows\System32\sc.exe
                                                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                    2⤵
                                                    • Launches sc.exe
                                                    PID:436
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "cc6f539f-ba0c-482a-bb2a-977eb88e2dbf" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of WriteProcessMemory
                                                    PID:1756
                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                      3⤵
                                                      • Drops file in System32 directory
                                                      • Command and Scripting Interpreter: PowerShell
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3608
                                                    • C:\Windows\System32\cmd.exe
                                                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                      3⤵
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:2324
                                                      • C:\Windows\system32\cscript.exe
                                                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                        4⤵
                                                        • Modifies data under HKEY_USERS
                                                        PID:2200
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "8ce85da2-0a03-4b9c-9f99-eb2b87412610" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4676
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "153b2ae4-2163-41ed-8227-5cce205a4ff4" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Drops file in Program Files directory
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1256
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "ec35251e-4b1a-4892-8a70-8dde7b5ff2a4" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    PID:3632
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "87e1f509-7e9f-4e21-b295-0a7c62b09d15" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    PID:1000
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "38970edc-a01e-41f9-9af6-f2dccb8667d4" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    PID:4840
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "a8cee3d7-399e-4af7-aaf6-2d08c9081074" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:1048
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "fb893ce8-082e-47d8-8fa6-621ae0b6c872" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:2296
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "cf90c55d-9dc0-4ec8-9b8d-6e271d8aacd4" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Writes to the Master Boot Record (MBR)
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Modifies data under HKEY_USERS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:2348
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "3e5c36cd-a283-4b78-8cec-5e1a51b64a1e" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    PID:368
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "b07f4181-9737-471c-b4f3-92db3c94c05c" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Downloads MZ/PE file
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4648
                                                    • C:\Windows\TEMP\SplashtopStreamer.exe
                                                      "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:1728
                                                      • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                        "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:2564
                                                        • C:\Windows\SysWOW64\msiexec.exe
                                                          msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                                                          5⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:1280
                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=d4e325be084120e4f479c3d104036e01&rmm_session_pwd_ttl=86400"
                                                      3⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1448
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "0bbfaad0-c065-44bd-9223-0a10b653e093" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Drops file in Program Files directory
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3284
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "ec2fd597-b93a-4701-b42e-f3aa569951aa" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    PID:1832
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "ac3590bd-8a7a-40f4-99cb-2de4c8e9e64c" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Downloads MZ/PE file
                                                    • Drops file in System32 directory
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3396
                                                    • C:\Windows\SYSTEM32\cmd.exe
                                                      "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                      3⤵
                                                      • System Time Discovery
                                                      PID:3184
                                                      • C:\Program Files\dotnet\dotnet.exe
                                                        dotnet --list-runtimes
                                                        4⤵
                                                        • System Time Discovery
                                                        PID:4856
                                                    • C:\Program Files\dotnet\dotnet.exe
                                                      "C:\Program Files\dotnet\dotnet" --list-runtimes
                                                      3⤵
                                                      • System Time Discovery
                                                      PID:4040
                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1184
                                                      • C:\Windows\Temp\{4A669766-70F7-4809-8A97-4001FDA48063}\.cr\8-0-11.exe
                                                        "C:\Windows\Temp\{4A669766-70F7-4809-8A97-4001FDA48063}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=720 -burn.filehandle.self=724 /repair /quiet /norestart
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • System Location Discovery: System Language Discovery
                                                        • System Time Discovery
                                                        PID:2076
                                                        • C:\Windows\Temp\{78650227-2C66-4C27-9805-364E53717D89}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                          "C:\Windows\Temp\{78650227-2C66-4C27-9805-364E53717D89}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{C7DA041A-6338-46BB-B8B9-2A44CFC36CB5} {F732B10D-E403-4C32-AB5F-757D5261A843} 2076
                                                          5⤵
                                                          • Adds Run key to start application
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          • System Time Discovery
                                                          • Modifies registry class
                                                          PID:1780
                                                    • C:\Windows\SYSTEM32\cmd.exe
                                                      "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                      3⤵
                                                      • System Time Discovery
                                                      PID:3848
                                                      • C:\Program Files\dotnet\dotnet.exe
                                                        dotnet --list-runtimes
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • System Time Discovery
                                                        PID:1980
                                                    • C:\Windows\SYSTEM32\cmd.exe
                                                      "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                      3⤵
                                                      • System Time Discovery
                                                      PID:2392
                                                      • C:\Program Files\dotnet\dotnet.exe
                                                        dotnet --list-runtimes
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • System Time Discovery
                                                        PID:2572
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "363632a9-4f27-444c-894b-59d27448fd76" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:5072
                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 6da213c6-6a90-4218-af25-2c70214af8ee "ec35251e-4b1a-4892-8a70-8dde7b5ff2a4" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Q8oX4IAJ
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:620
                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                                  1⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2256
                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                                    2⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies data under HKEY_USERS
                                                    PID:736
                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                                      -h
                                                      3⤵
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:4224
                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                                      3⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:3888
                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                                        4⤵
                                                          PID:2612
                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                                        3⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:3024
                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                                        3⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:2532
                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                          SRUtility.exe -r
                                                          4⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:1968

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Reconnaissance

                                                  Resource Development

                                                  Initial Access

                                                  Execution

                                                  Command and Scripting Interpreter

                                                  1
                                                  T1059

                                                  PowerShell

                                                  1
                                                  T1059.001

                                                  Persistence

                                                  Boot or Logon Autostart Execution

                                                  1
                                                  T1547

                                                  Registry Run Keys / Startup Folder

                                                  1
                                                  T1547.001

                                                  Event Triggered Execution

                                                  2
                                                  T1546

                                                  Component Object Model Hijacking

                                                  1
                                                  T1546.015

                                                  Installer Packages

                                                  1
                                                  T1546.016

                                                  Pre-OS Boot

                                                  1
                                                  T1542

                                                  Bootkit

                                                  1
                                                  T1542.003

                                                  Privilege Escalation

                                                  Boot or Logon Autostart Execution

                                                  1
                                                  T1547

                                                  Registry Run Keys / Startup Folder

                                                  1
                                                  T1547.001

                                                  Event Triggered Execution

                                                  2
                                                  T1546

                                                  Component Object Model Hijacking

                                                  1
                                                  T1546.015

                                                  Installer Packages

                                                  1
                                                  T1546.016

                                                  Defense Evasion

                                                  Modify Registry

                                                  2
                                                  T1112

                                                  Pre-OS Boot

                                                  1
                                                  T1542

                                                  Bootkit

                                                  1
                                                  T1542.003

                                                  Subvert Trust Controls

                                                  1
                                                  T1553

                                                  Install Root Certificate

                                                  1
                                                  T1553.004

                                                  System Binary Proxy Execution

                                                  1
                                                  T1218

                                                  Msiexec

                                                  1
                                                  T1218.007

                                                  Credential Access

                                                  Discovery

                                                  Peripheral Device Discovery

                                                  2
                                                  T1120

                                                  Query Registry

                                                  4
                                                  T1012

                                                  System Information Discovery

                                                  3
                                                  T1082

                                                  System Location Discovery

                                                  1
                                                  T1614

                                                  System Language Discovery

                                                  1
                                                  T1614.001

                                                  System Time Discovery

                                                  1
                                                  T1124

                                                  Lateral Movement

                                                  Collection

                                                  Command and Control

                                                  Exfiltration

                                                  Impact

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Config.Msi\e57bcc9.rbs
                                                    Filesize

                                                    8KB

                                                    MD5

                                                    23f958f10b6e4ee18e378fed172dce07

                                                    SHA1

                                                    b356cade0218b0720aee8e67314589568c46b698

                                                    SHA256

                                                    2a658f7de3453998f84cc5b3201c512267407bcfbe90ba718085c9f67e7f41b8

                                                    SHA512

                                                    d909f5f2cbd14693f0ce3664bf594f831b6dbb228f9d6d4fa15725a1bddfab36848eba97be26be1bda53d0b8905be6e369cb53e3dd8cf27e87ba90994716d7d1

                                                    Download Submit

                                                  • C:\Config.Msi\e57bcce.rbs
                                                    Filesize

                                                    48KB

                                                    MD5

                                                    3ffd31636f177217ee21d0fdece19b78

                                                    SHA1

                                                    54900111cef9ec05fd0a73bdf8ad6159decea3fb

                                                    SHA256

                                                    f31b2ad81da9fa41e08ef4a41a0b83aaba02552aeda42604fd4ecd989809e3dc

                                                    SHA512

                                                    312718c75add6a9c8073569eef727be1fbe16fce0737d68aa762d38b8bf8e574de8a764981f8c70cfed2c395009ce9d6ec33d57dacd191f0609ed6512b666f44

                                                    Download Submit

                                                  • C:\Config.Msi\e57bcd3.rbs
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    c3a7df45b5e6c9b0171c9bd5bc6a9577

                                                    SHA1

                                                    cf406f2b1d0850323c4afed9956795bdf75655eb

                                                    SHA256

                                                    5aa915f35501912e06f7d3e2236282a7375c3ef9095b9ddab8a97c3daf17784e

                                                    SHA512

                                                    4a7b45a099f6084a24e5fd69fdc9564a6ba8ecb1d6f814110d77cfd11ed446af6d2908446980671ad8d904722cd74048972e8836dfd8421ce8436edb0f4025f1

                                                    Download Submit

                                                  • C:\Config.Msi\e57bcd8.rbs
                                                    Filesize

                                                    11KB

                                                    MD5

                                                    f557ae4a2961bff9e9e100f7893a96d5

                                                    SHA1

                                                    34604212e61d864a87c12fd65195f4e658d028fa

                                                    SHA256

                                                    8e5553f087670f7e0d3c6d9f9c23b4424c68dc7a0d62f9b4f6fcc4a6762060b3

                                                    SHA512

                                                    02ce6290e9c097edb06c3db3dbe47e3a655c9820495ae3e5e1d0cd5357c21efad094b30645a7d85168726cc2a92ecc0e62aa8995b4d1b147e0efc5d5a94a2c94

                                                    Download Submit

                                                  • C:\Config.Msi\e57bcdd.rbs
                                                    Filesize

                                                    8KB

                                                    MD5

                                                    2c59ba1f6eee60607fa46866244de747

                                                    SHA1

                                                    453bde51575adb72b917b5e5ba75a020dfa1ded6

                                                    SHA256

                                                    2d986d579384068ce8a897379522d1c4462bc4fbffff03cfa8db75e47a47d90a

                                                    SHA512

                                                    bab60db750c683e8cc5140a9512395c161ecb0369a95736d6ab22a0909ecd858bfdd7ee187d8abce1017e2a5064b29d66a2c55e9ff8d61a8a4543ecd6da5d2f1

                                                    Download Submit

                                                  • C:\Config.Msi\e57bcde.rbf
                                                    Filesize

                                                    143KB

                                                    MD5

                                                    33b4c87f18b4c49114d7a8980241657a

                                                    SHA1

                                                    254c67b915e45ad8584434a4af5e06ca730baa3b

                                                    SHA256

                                                    587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                    SHA512

                                                    42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                    Download Submit

                                                  • C:\Config.Msi\e57bcdf.rbf
                                                    Filesize

                                                    3B

                                                    MD5

                                                    21438ef4b9ad4fc266b6129a2f60de29

                                                    SHA1

                                                    5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                    SHA256

                                                    13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                    SHA512

                                                    37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                    Download Submit

                                                  • C:\Config.Msi\e57bce3.rbs
                                                    Filesize

                                                    74KB

                                                    MD5

                                                    cc8790f567d3c3dce71efacebbfd2b51

                                                    SHA1

                                                    575de15d017b4128081df6af78b339f313b0f90c

                                                    SHA256

                                                    193c6aad232ac5b3927574fee0efd2f0b31440fafa14dc6a850b99d2655b5e46

                                                    SHA512

                                                    3eecc76ddfd0af1d844217153019a755eb2ed76bb19e91f7f56ddf9a9481958f8171122149823298806cfd7bc198e8d204c33066d424339550ab5de1618fcbb7

                                                    Download Submit

                                                  • C:\Config.Msi\e57bce5.rbs
                                                    Filesize

                                                    464B

                                                    MD5

                                                    59427e3b746cd6572b26f130782060ea

                                                    SHA1

                                                    2a4f4cb36adb4fbc603e7b44e672d43814f2b89d

                                                    SHA256

                                                    266db213745b365e645cbb27cc98283bb9fe30996211e850b100026d3239a512

                                                    SHA512

                                                    69c97ec39d7cdc2cd5ba3d3c9d5858e0159eb4e2b5fe4e7bc69a8d144c4f401d23ba4ce4f28b0fcb9f43da9cb4b8d4ae98ee0049e06c54a50f7b9f8afe85dd32

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                    Filesize

                                                    142KB

                                                    MD5

                                                    477293f80461713d51a98a24023d45e8

                                                    SHA1

                                                    e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                    SHA256

                                                    a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                    SHA512

                                                    23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    b3bb71f9bb4de4236c26578a8fae2dcd

                                                    SHA1

                                                    1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                    SHA256

                                                    e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                    SHA512

                                                    fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                    Filesize

                                                    210KB

                                                    MD5

                                                    c106df1b5b43af3b937ace19d92b42f3

                                                    SHA1

                                                    7670fc4b6369e3fb705200050618acaa5213637f

                                                    SHA256

                                                    2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                    SHA512

                                                    616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                    Filesize

                                                    693KB

                                                    MD5

                                                    2c4d25b7fbd1adfd4471052fa482af72

                                                    SHA1

                                                    fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                    SHA256

                                                    2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                    SHA512

                                                    f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                    Filesize

                                                    146KB

                                                    MD5

                                                    8d477b63bc5a56ae15314bda8dea7a3a

                                                    SHA1

                                                    3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                    SHA256

                                                    9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                    SHA512

                                                    44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                    Filesize

                                                    145KB

                                                    MD5

                                                    2b9beb2fdbc41afc48d68d32ef41dd08

                                                    SHA1

                                                    4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                    SHA256

                                                    977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                    SHA512

                                                    3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                    Filesize

                                                    51KB

                                                    MD5

                                                    3180c705182447f4bcc7ce8e2820b25d

                                                    SHA1

                                                    ad6486557819a33d3f29b18d92b43b11707aae6e

                                                    SHA256

                                                    5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                    SHA512

                                                    228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                    Filesize

                                                    12B

                                                    MD5

                                                    1e065e191e89cc811ff49c96fa8fa5e6

                                                    SHA1

                                                    bc50ff2a20a8b83683583684fcac640a91689ed4

                                                    SHA256

                                                    d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                                    SHA512

                                                    5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                    Filesize

                                                    247KB

                                                    MD5

                                                    aa5cf64d575b7544eefd77f256c4dc57

                                                    SHA1

                                                    bd23989db4f9af0aae34d032e817d802c06ca5a9

                                                    SHA256

                                                    79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                                    SHA512

                                                    774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                    Filesize

                                                    546B

                                                    MD5

                                                    158fb7d9323c6ce69d4fce11486a40a1

                                                    SHA1

                                                    29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                    SHA256

                                                    5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                    SHA512

                                                    7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                    Filesize

                                                    94KB

                                                    MD5

                                                    c69c7690482c75a8fc70df2990d7afc6

                                                    SHA1

                                                    79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

                                                    SHA256

                                                    580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

                                                    SHA512

                                                    ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                    Filesize

                                                    688KB

                                                    MD5

                                                    111e2e63bccead95bb5ffc53c9282070

                                                    SHA1

                                                    eaae7df21e291aa089bc101b1e265ca202be1225

                                                    SHA256

                                                    9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

                                                    SHA512

                                                    ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                    Filesize

                                                    27KB

                                                    MD5

                                                    797c9554ec56fd72ebb3f6f6bef67fb5

                                                    SHA1

                                                    40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                    SHA256

                                                    7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                    SHA512

                                                    4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                    Filesize

                                                    214KB

                                                    MD5

                                                    01807774f043028ec29982a62fa75941

                                                    SHA1

                                                    afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                    SHA256

                                                    9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                    SHA512

                                                    33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                    Filesize

                                                    37KB

                                                    MD5

                                                    efb4712c8713cb05eb7fe7d87a83a55a

                                                    SHA1

                                                    c94d106bba77aecf88540807da89349b50ea5ae7

                                                    SHA256

                                                    30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                    SHA512

                                                    3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                    Filesize

                                                    3.4MB

                                                    MD5

                                                    93e4c198656fc267f392de11dee01cd0

                                                    SHA1

                                                    e92cb59486745ee7564f5b374e790a065e1f4678

                                                    SHA256

                                                    88b220f9f9bf25f856dda714aa1a1ae998720780cd3ec5b968154e03834fa965

                                                    SHA512

                                                    3a04a02982dbbbb9d54b6c5674f2f2c10e0cbce580e3974cd924cc9131cd94aece71c7b975c9abaae82f057c70243fb016d31339e8700c96bd55c434bb98105f

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                    Filesize

                                                    397KB

                                                    MD5

                                                    810f893e58861909b134fa72e3bc90cd

                                                    SHA1

                                                    524977f32836634132d23997b23304574d8d156a

                                                    SHA256

                                                    b83b6c1f64b6700d7444586a6214858a1479c58571f5e7bf4f023166c9016733

                                                    SHA512

                                                    db463d34a37403a9248d463ae63989b40a0172d9543bda922dacb10a624eb603700628a67d9c86df2605c36d789902ec79228aa29f26c49be0195c54a9e4a191

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                    Filesize

                                                    48KB

                                                    MD5

                                                    0e216aee2b1776545e46d6e578c9b269

                                                    SHA1

                                                    f472317e0b903680c87f6117f77d61bbe9fa6711

                                                    SHA256

                                                    3fba387345e215835d1dd36dadadedfc48fe45c0b9a64c05c4d6bc1bcc729b70

                                                    SHA512

                                                    44213f0e4f1380b119e3860db3a53cadf5f150f06dd5d93aa0c0bf41d7ba053d63dca6d8921aa060f7a4282f74db3bfeb651dda7c206135a6fa17a2d0bb4718b

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                    Filesize

                                                    197KB

                                                    MD5

                                                    d0d21e16e57a1a73056eae228da1e287

                                                    SHA1

                                                    ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                    SHA256

                                                    3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                    SHA512

                                                    470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
                                                    Filesize

                                                    56KB

                                                    MD5

                                                    d0aa95693d78fd438552bd9df01fec78

                                                    SHA1

                                                    0e7173c1af5d5543d5a41aed690e59f3ae4bb0b9

                                                    SHA256

                                                    11201ece7c3ee4bbcde0b84a2bc7c251ef57fce5200b2a1ae437fc959c7ad8a7

                                                    SHA512

                                                    7b48864e72627bb51063ea49f6459eb6c05baa64066d8e6c85f2ff7b7de26b633ff973e2a830da63b6824eaea65690e3f6b29af8adbc0c24724016a8764f3b15

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    9d1528a2ce17522f6de064ae2c2b608e

                                                    SHA1

                                                    2f1ce8b589e57ab300bb93dde176689689f75114

                                                    SHA256

                                                    11c9ad150a0d6c391c96e2b7f8ad20e774bdd4e622fcdfbf4f36b6593a736311

                                                    SHA512

                                                    a19b54ed24a2605691997d5293901b52b42f6af7d6f6fda20b9434c9243cc47870ec3ae2b72bdea0e615f4e98c09532cb3b87f20c4257163e782c7ab76245e94

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\config\chocolatey.config.3284.update
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    14ffcf07375b3952bd3f2fe52bb63c14

                                                    SHA1

                                                    ab2eadde4c614eb8f1f2cae09d989c5746796166

                                                    SHA256

                                                    6ccfdb5979e715d12e597b47e1d56db94cf6d3a105b94c6e5f4dd8bab28ef5ed

                                                    SHA512

                                                    14a32151f7f7c45971b4c1adfb61f6af5136b1db93b50d00c6e1e3171e25b19749817b4e916d023ee1822caee64961911103087ca516cf6a0eafce1d17641fc4

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log
                                                    Filesize

                                                    8KB

                                                    MD5

                                                    87e7fbc5812ed7f0f49c221e8a66b751

                                                    SHA1

                                                    dd83e0841cfa4b7f4a4e8da0a5c7f4568e6549d9

                                                    SHA256

                                                    52944a7df5dd08ded308b47c6b4def4ef43d39bd2c8fe0fd6a03c5116cce6e7c

                                                    SHA512

                                                    ad4b864e68080e55db39bd7d45a9a88813bc7c903c2a08ccf113881b46903eb4a4c61d8999db8b35f1c6b6ee7eebda53bbf12a367e82832ee757d157ea2caa7a

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\redirects\cpush.exe.ignore
                                                    Filesize

                                                    2B

                                                    MD5

                                                    81051bcc2cf1bedf378224b0a93e2877

                                                    SHA1

                                                    ba8ab5a0280b953aa97435ff8946cbcbb2755a27

                                                    SHA256

                                                    7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

                                                    SHA512

                                                    1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                    Filesize

                                                    54KB

                                                    MD5

                                                    77c613ffadf1f4b2f50d31eeec83af30

                                                    SHA1

                                                    76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                    SHA256

                                                    2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                    SHA512

                                                    29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                    Filesize

                                                    70KB

                                                    MD5

                                                    e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                    SHA1

                                                    22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                    SHA256

                                                    bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                    SHA512

                                                    00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                    Filesize

                                                    50KB

                                                    MD5

                                                    5bb0687e2384644ea48f688d7e75377b

                                                    SHA1

                                                    44e4651a52517570894cfec764ec790263b88c4a

                                                    SHA256

                                                    963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                    SHA512

                                                    260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                    Filesize

                                                    32KB

                                                    MD5

                                                    2ec1d28706b9713026e8c6814e231d7c

                                                    SHA1

                                                    7ef12a01182d28a5ebf049cc1cb80619cd1e391a

                                                    SHA256

                                                    c9514bf67df87ac6cc1002f3585d5b6f7d4093a7a794d524fa8c635f052733de

                                                    SHA512

                                                    9e23588dc6d721f42e309974c3f3089f845f10d1dee87fb26213ba3810ee3c272d758632cf1c9157f6862ba0e582afc49c1ee51540461f41840650f216f35aeb

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                    Filesize

                                                    59KB

                                                    MD5

                                                    26c25e48b69eb8df7d6cea01fd66f3df

                                                    SHA1

                                                    d70e92a8b8d358c7a2e200b11e23703cf43d93e9

                                                    SHA256

                                                    f6da2cc4a4ca0a4cff92a2c9f61e546255bfe9d02eb1087a033b1a45e06fec87

                                                    SHA512

                                                    6414db6ba626fe4b39155052638a15707cf60836056560fceeb5a1ea8faee1bee830840900f1635ff5a0ce1d271f73062660bd0ec582815e0bc56f4997a45feb

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                    Filesize

                                                    588KB

                                                    MD5

                                                    17d74c03b6bcbcd88b46fcc58fc79a0d

                                                    SHA1

                                                    bc0316e11c119806907c058d62513eb8ce32288c

                                                    SHA256

                                                    13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                    SHA512

                                                    f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                    Download Submit

                                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                    Filesize

                                                    213B

                                                    MD5

                                                    67d00764bb0f9c4092b32fd1046cd6dc

                                                    SHA1

                                                    e48db5df40a666caa51f6466deaf81a4f8f4f761

                                                    SHA256

                                                    0d8a2f223dff9a7fed38279c4201bc811c0759f06434cd8722e194c267647949

                                                    SHA512

                                                    d449f51636299cccc6a36a5befb3d56964d5df42351fca82ac453923df64538520f52ff18abaa7e264d8c2a8e96870f7b27fe0903a170f53cf3e770f6e0d70b5

                                                    Download Submit

                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    1ef7574bc4d8b6034935d99ad884f15b

                                                    SHA1

                                                    110709ab33f893737f4b0567f9495ac60c37667c

                                                    SHA256

                                                    0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                    SHA512

                                                    947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                    Download Submit

                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                    Filesize

                                                    10KB

                                                    MD5

                                                    f512536173e386121b3ebd22aac41a4e

                                                    SHA1

                                                    74ae133215345beaebb7a95f969f34a40dda922a

                                                    SHA256

                                                    a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                    SHA512

                                                    1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                    Download Submit

                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                    Filesize

                                                    76KB

                                                    MD5

                                                    b40fe65431b18a52e6452279b88954af

                                                    SHA1

                                                    c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                    SHA256

                                                    800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                    SHA512

                                                    e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                    Download Submit

                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                    Filesize

                                                    80KB

                                                    MD5

                                                    3904d0698962e09da946046020cbcb17

                                                    SHA1

                                                    edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                    SHA256

                                                    a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                    SHA512

                                                    c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                    Download Submit

                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                    Filesize

                                                    92KB

                                                    MD5

                                                    c92c9f5a664bb56b9f6e1b8a8132cbd5

                                                    SHA1

                                                    c6e076542fb007e04111c113e4707fdb48b49650

                                                    SHA256

                                                    50af2f1131f102bee2143691ae08931779c593b93b86630ab4ded6d98b75c2f5

                                                    SHA512

                                                    696264a32e0ddc071be8764593cf0c42e39faaa309fb0b8246d32ac5170296352f1cef7a529e846029eb876ee8c4789fca6f82872479729eede2eca614fa5510

                                                    Download Submit

                                                  • C:\Program Files\dotnet\dotnet.exe
                                                    Filesize

                                                    143KB

                                                    MD5

                                                    71026b098f8fb39c88b003df746d9fa0

                                                    SHA1

                                                    013ca259f551ad6f33db53fff0e121e74408e20e

                                                    SHA256

                                                    11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                    SHA512

                                                    9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                    Filesize

                                                    471B

                                                    MD5

                                                    42cff42b997443cb256b1289a350b1b6

                                                    SHA1

                                                    651afb301d9acc6d9c7306060597e6a5c30625fc

                                                    SHA256

                                                    5a0156e23df8fc05add3ecbdc44fb33b70d86fd08dcafad7fbb37b2107bb629a

                                                    SHA512

                                                    6e50f0b49cabdc45f4b1609a0d388d0c5c544bd3e957951f23637a3059da8500d7e1afe8e8b76d9bacdc2cbb6f7516d2bdbffc09a7e6fbe3a16c4d8100214cdd

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                    Filesize

                                                    727B

                                                    MD5

                                                    12d865d718c648c03e5657a02fbd7128

                                                    SHA1

                                                    67992668978bbcf0dc94166c3d68fe91adf5a4f7

                                                    SHA256

                                                    605bc5c5942c346edd5a9639cd65d9829c8aa80d06b01dfd1b7c8dfa5fc5f671

                                                    SHA512

                                                    02628a076f36de16e92be4b799074dcc843df16a065313662b163a368b46e9a458388e9e4a5c7deedeb9ea3db9da47ba886fa9be7fb8724c5f6af46a372c4c41

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                    Filesize

                                                    727B

                                                    MD5

                                                    7ede1c2319349ee09eef9b918f848ee1

                                                    SHA1

                                                    907bc671d8865713c6c6758ab35d880bc195cd26

                                                    SHA256

                                                    0091300b2b650fad4fdf32c8681ca431aa280403bb7afec50e1e3b2232537c9e

                                                    SHA512

                                                    673710e89af144f22a6a69011341e48681cf2b46ec58fa7ceed13688f3dfa17e5c8ea9f8054cb99c054864ec980fa0acebdb480ce9abf4d1d7a8ec46dcfb5866

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                    Filesize

                                                    400B

                                                    MD5

                                                    b0f0d356373f26eb2561c95df01bd987

                                                    SHA1

                                                    462a4537ca8a904582008872fd9f26cedda08893

                                                    SHA256

                                                    8ef117bca9fce257d8ceb81db09d9360fcaa32475d65cda6309bd7a6691009f5

                                                    SHA512

                                                    6a140109ba9582ece13033d772df6ba31d4e70f594dc0a824f713e7a490a884d9b36d88a3039d17cf5852cb2ecd6bc9ffceca297545e42d2735a347b2d76dc48

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                    Filesize

                                                    404B

                                                    MD5

                                                    b4e6986befa2bcd14fc0a4e0d992f8b6

                                                    SHA1

                                                    426672845ad4183dd1bea7a0664359ffe96268a7

                                                    SHA256

                                                    eb1f6e6ca103ab00329b7819241df5bc90e8c22b9d69a898763c58f43b04ae7b

                                                    SHA512

                                                    86af38e5a4d279f295ebd9ce511e054ba0021df9fee2b421288de5ed2d15eeed46819a347d55e96189860e6fef1ef58e85c0f82cb11d4c1b3495b2c2eeed12c6

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                    Filesize

                                                    412B

                                                    MD5

                                                    d960ab9c30acbc39fb17c384075c920b

                                                    SHA1

                                                    c9c550a4ebc75632c3e11c7d57970ed3e0828548

                                                    SHA256

                                                    5e0f51990dedf21a6f0cd04e8c868eeafe80e8c33b9999b9bc08341b983c5359

                                                    SHA512

                                                    a6a4de9e8e9e595e419897fcb21fe91375d8367053cea0ab54fc6647d949c23bee9663921c1172de5a4dcb83f5556713cff7cf67e1f55618a4ab276601bec602

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                    Filesize

                                                    651B

                                                    MD5

                                                    9bbfe11735bac43a2ed1be18d0655fe2

                                                    SHA1

                                                    61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                    SHA256

                                                    549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                    SHA512

                                                    a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                    Download Submit

                                                  • C:\Windows\Installer\MSI4E12.tmp
                                                    Filesize

                                                    219KB

                                                    MD5

                                                    928f4b0fc68501395f93ad524a36148c

                                                    SHA1

                                                    084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                    SHA256

                                                    2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                    SHA512

                                                    7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                    Download Submit

                                                  • C:\Windows\Installer\MSIAB54.tmp
                                                    Filesize

                                                    4.5MB

                                                    MD5

                                                    08211c29e0d617a579ffa2c41bde1317

                                                    SHA1

                                                    4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                    SHA256

                                                    3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                    SHA512

                                                    d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                    Download Submit

                                                  • C:\Windows\Installer\MSIBD83.tmp
                                                    Filesize

                                                    509KB

                                                    MD5

                                                    88d29734f37bdcffd202eafcdd082f9d

                                                    SHA1

                                                    823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                    SHA256

                                                    87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                    SHA512

                                                    1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                    Download Submit

                                                  • C:\Windows\Installer\MSIBD83.tmp-\AlphaControlAgentInstallation.dll
                                                    Filesize

                                                    25KB

                                                    MD5

                                                    aa1b9c5c685173fad2dabebeb3171f01

                                                    SHA1

                                                    ed756b1760e563ce888276ff248c734b7dd851fb

                                                    SHA256

                                                    e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                    SHA512

                                                    d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                    Download Submit

                                                  • C:\Windows\Installer\MSIBD83.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                    Filesize

                                                    179KB

                                                    MD5

                                                    1a5caea6734fdd07caa514c3f3fb75da

                                                    SHA1

                                                    f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                    SHA256

                                                    cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                    SHA512

                                                    a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                    Download Submit

                                                  • C:\Windows\Installer\MSIC024.tmp-\CustomAction.config
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    bc17e956cde8dd5425f2b2a68ed919f8

                                                    SHA1

                                                    5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                    SHA256

                                                    e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                    SHA512

                                                    02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                    Download Submit

                                                  • C:\Windows\Installer\MSIC024.tmp-\Newtonsoft.Json.dll
                                                    Filesize

                                                    695KB

                                                    MD5

                                                    715a1fbee4665e99e859eda667fe8034

                                                    SHA1

                                                    e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                    SHA256

                                                    c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                    SHA512

                                                    bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                    Download Submit

                                                  • C:\Windows\Installer\MSIC8B3.tmp
                                                    Filesize

                                                    211KB

                                                    MD5

                                                    a3ae5d86ecf38db9427359ea37a5f646

                                                    SHA1

                                                    eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                    SHA256

                                                    c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                    SHA512

                                                    96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                    Download Submit

                                                  • C:\Windows\Installer\e57bcc8.msi
                                                    Filesize

                                                    2.9MB

                                                    MD5

                                                    73f95f387f28c4076c731baaf9e0aa2f

                                                    SHA1

                                                    7ad11a552545d11065bf318a6d631a1c4c441fd4

                                                    SHA256

                                                    60a7462362c166a19f7b21254568c90c3d4ef5d27b624f68254180c0d4e01e3b

                                                    SHA512

                                                    f5a1c75f1c6c56319787c458e12b9059252e4ee4c2f9c5e8b6269a03c559cdb85669581443ab434948f5378c8dd7ccd0ae2922cfe1ea6388f13b8fd087c714a9

                                                    Download Submit

                                                  • C:\Windows\Installer\e57bccf.msi
                                                    Filesize

                                                    26.3MB

                                                    MD5

                                                    b9c6d23462adef092b8a5b7880531b03

                                                    SHA1

                                                    9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                    SHA256

                                                    2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                    SHA512

                                                    18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                    Download Submit

                                                  • C:\Windows\Installer\e57bcd0.msi
                                                    Filesize

                                                    772KB

                                                    MD5

                                                    d73de5788ab129f16afdd990d8e6bfa9

                                                    SHA1

                                                    88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                    SHA256

                                                    4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                    SHA512

                                                    bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                    Download Submit

                                                  • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-11-56-34.dat
                                                    Filesize

                                                    602B

                                                    MD5

                                                    0697b5610e87cc688a95221545b1298a

                                                    SHA1

                                                    0c4e19ac37b9ccb2a16166d7950aa6c124ce3f1d

                                                    SHA256

                                                    6c5aba17ff7c16695019b6794c0e4980f7a3699e4d84a249e79a470f70825141

                                                    SHA512

                                                    acea92a83acd47a99933d13b3443604b0985cf9985d4f4ef22bcfb5b3679f4bd103a7273d59a87a846d92c5a19c0cb9658a879bcc2ad1ef25aac2c5cf178b5b7

                                                    Download Submit

                                                  • C:\Windows\Temp\InstallUtil.log
                                                    Filesize

                                                    708B

                                                    MD5

                                                    987b00df834dec6c8bb8fc7162aa4224

                                                    SHA1

                                                    dbe7a9617b44a93cef118dfebb00363bdd3e320c

                                                    SHA256

                                                    639d51eeb24ee76b6d3b8f0970e0b6dbede7daf27c86e9354976da06c5b68a88

                                                    SHA512

                                                    bddc707d8d2cfa67860c790d7fff8e84411665a37790dc81ca1ce262076423cf8fec3c636f772350471c009d89697e692087c736988aa8da7c7f2299078b0a47

                                                    Download Submit

                                                  • C:\Windows\Temp\InstallUtil.log
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    56adc22979e49f29a22787b3e6fdfbfa

                                                    SHA1

                                                    7951c7c4fdd1fdfa727749ac31a423d0e984f3d2

                                                    SHA256

                                                    dbeea43b44063276b77830cfe21de4d24f46711a9cd068f5cd9d8a89b4eaa3a6

                                                    SHA512

                                                    3703493d9de85e6babda1f7aea7501b3b7a9b997a779c5b13e202c8d87fe6ed0ecc6b82d5616e35821ce90fee00a957adf2ddc52cb933b35992d6788e2b49bbc

                                                    Download Submit

                                                  • C:\Windows\Temp\InstallUtil.log
                                                    Filesize

                                                    4KB

                                                    MD5

                                                    dd2ade0b54770b7d8005a92a05409c1d

                                                    SHA1

                                                    31c203746b021356e075c31292151c7dc33cde86

                                                    SHA256

                                                    5562b29b93b7d84b6b95fd868aa12a41e8ea915846fe9c19499cd7e70af6d67d

                                                    SHA512

                                                    1b7db9871aec6194e16d15c24a31aadffbcdd88a1d833a946070cc14a08c05e1c37bf747506b649dd68bea1e851ef10999cda3b34e096d7f1575cd737bd31ac6

                                                    Download Submit

                                                  • C:\Windows\Temp\PreVer.log
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    f26996f02e9d7831a8ea210fa63afd11

                                                    SHA1

                                                    c82d2c15b43344b9289047cf6617a3d06de75506

                                                    SHA256

                                                    5c447c69c914a7133f66ae4a10b5fff1ac185999bfd669309ef8e957772c825e

                                                    SHA512

                                                    cbfc320b844f5e20e61c982050277a6749d7ed59b8f733754b958eb3e86ee18a9ddb99e5872760f758020e1a05abc887a6d5cb1dd4064a557e0fa385539b1c80

                                                    Download Submit

                                                  • C:\Windows\Temp\__PSScriptPolicyTest_h2g2erss.bis.ps1
                                                    Filesize

                                                    60B

                                                    MD5

                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                    SHA1

                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                    SHA256

                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                    SHA512

                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                    Download Submit

                                                  • C:\Windows\Temp\unpack.log
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    2c2e105982ac3be519142db68e3b32ac

                                                    SHA1

                                                    11589409538dd3b4885cbffd9cedb866c5128b03

                                                    SHA256

                                                    041f320c30f222695b8704efb982c122ba931c267e4d0ef1b3605de16182150c

                                                    SHA512

                                                    f5008ac0a8d200b1deb020e174bceeceaccdc5548c205e217d866e93a115648ff966aea5f0c7c86f1ff5b321604b35b8a06157c3559b23cad9b184ba4049efc3

                                                    Download Submit

                                                  • C:\Windows\Temp\unpack.log
                                                    Filesize

                                                    4KB

                                                    MD5

                                                    a8fe18ec349f34494001236630f13d97

                                                    SHA1

                                                    c2f3bf6edf1463a2855e5d00b2b693f8285fd8f9

                                                    SHA256

                                                    6f7eb09955f0964f18cef63a7e3b48fc2cf24e8727de31a3977805b96506fc66

                                                    SHA512

                                                    9be5b0d82342743ebc6f3f839cd3a37a081e0636e6b188461679798ad9b2dfc7c662339cd1711ae74a7593b9c3db635bfbba187c1c09acffc11e5e07aecf9a06

                                                    Download Submit

                                                  • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                    Filesize

                                                    3.2MB

                                                    MD5

                                                    2c18826adf72365827f780b2a1d5ea75

                                                    SHA1

                                                    a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                    SHA256

                                                    ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                    SHA512

                                                    474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                    Download Submit

                                                  • C:\Windows\Temp\{78650227-2C66-4C27-9805-364E53717D89}\.ba\bg.png
                                                    Filesize

                                                    4KB

                                                    MD5

                                                    9eb0320dfbf2bd541e6a55c01ddc9f20

                                                    SHA1

                                                    eb282a66d29594346531b1ff886d455e1dcd6d99

                                                    SHA256

                                                    9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                    SHA512

                                                    9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                    Download Submit

                                                  • C:\Windows\Temp\{78650227-2C66-4C27-9805-364E53717D89}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                    Filesize

                                                    607KB

                                                    MD5

                                                    669de3ab32955e69decfe13a3c89891e

                                                    SHA1

                                                    ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                    SHA256

                                                    2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                    SHA512

                                                    be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                    Download Submit

                                                  • C:\Windows\Temp\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\IsConfig.ini
                                                    Filesize

                                                    571B

                                                    MD5

                                                    d239b8964e37974225ad69d78a0a8275

                                                    SHA1

                                                    cf208e98a6f11d1807cd84ca61504ad783471679

                                                    SHA256

                                                    0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                    SHA512

                                                    88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                    Download Submit

                                                  • C:\Windows\Temp\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\String1033.txt
                                                    Filesize

                                                    182KB

                                                    MD5

                                                    99bbffd900115fe8672c73fb1a48a604

                                                    SHA1

                                                    8f587395fa6b954affef337c70781ce00913950e

                                                    SHA256

                                                    57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                    SHA512

                                                    d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                    Download Submit

                                                  • C:\Windows\Temp\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\_isA119.exe
                                                    Filesize

                                                    179KB

                                                    MD5

                                                    7a1c100df8065815dc34c05abc0c13de

                                                    SHA1

                                                    3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                    SHA256

                                                    e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                    SHA512

                                                    bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                    Download Submit

                                                  • C:\Windows\Temp\{98FAF8A3-5ED7-444A-98F9-D83CEEEF98FA}\setup.inx
                                                    Filesize

                                                    345KB

                                                    MD5

                                                    0376dd5b7e37985ea50e693dc212094c

                                                    SHA1

                                                    02859394164c33924907b85ab0aaddc628c31bf1

                                                    SHA256

                                                    c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                    SHA512

                                                    69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                    Download Submit

                                                  • C:\Windows\Temp\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\ISRT.dll
                                                    Filesize

                                                    427KB

                                                    MD5

                                                    85315ad538fa5af8162f1cd2fce1c99d

                                                    SHA1

                                                    31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                    SHA256

                                                    70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                    SHA512

                                                    877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                    Download Submit

                                                  • C:\Windows\Temp\{AE3EEC02-5991-4F76-8CC4-E6E208BAFEFD}\_isres_0x0409.dll
                                                    Filesize

                                                    1.8MB

                                                    MD5

                                                    befe2ef369d12f83c72c5f2f7069dd87

                                                    SHA1

                                                    b89c7f6da1241ed98015dc347e70322832bcbe50

                                                    SHA256

                                                    9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                    SHA512

                                                    760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                    Download Submit

                                                  • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    9cad061ddf5ad182cfe7879190aeed71

                                                    SHA1

                                                    cfd292d16d937f95b642527464403b7e5ef6af96

                                                    SHA256

                                                    b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                    SHA512

                                                    df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                    Download Submit

                                                  • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                    Filesize

                                                    24.1MB

                                                    MD5

                                                    42430c9b885cab3e14dfae70c70d36ff

                                                    SHA1

                                                    cf3c3333bd1cfa28d178713afd8362b9095ea7c8

                                                    SHA256

                                                    4864212a7f617cc743a0f8292c35810b05a9fb61b14a21838817a12484de34af

                                                    SHA512

                                                    ed1c9849846119f97cab72f8b60632376ac76bb397be635e2adde311798ce3304d525d0ec3f09e78d42948380d2d46fe9d76232c9fd6378076b476852026ffa0

                                                    Download Submit

                                                  • \??\Volume{33d51020-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{23d2b3a0-6008-4d3b-be03-5e4db0475a49}_OnDiskSnapshotProp
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    2e329f886644f5620d550aa83b0a80a6

                                                    SHA1

                                                    befd8942c86d2075080b37603e56d80a363b1594

                                                    SHA256

                                                    b7f8c67730dc08511a701774237f35e1d297c29d9cadce6ab6235036e8c4684e

                                                    SHA512

                                                    5590beb8b3b0b815123862701f77615a9cab6e4c01e6e5a1587dc1f114190d82bd1006940486907b22271823ef6f46727b4e70c2b60ad09f0bf1ba1b8a7be179

                                                    Download Submit

                                                  • memory/116-243-0x000001621FD50000-0x000001621FD88000-memory.dmp

                                                    Filesize

                                                    224KB

                                                    Download

                                                  • memory/116-205-0x000001621F430000-0x000001621F452000-memory.dmp

                                                    Filesize

                                                    136KB

                                                    Download

                                                  • memory/116-202-0x000001621F4B0000-0x000001621F562000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/212-355-0x000002494C990000-0x000002494CA6C000-memory.dmp

                                                    Filesize

                                                    880KB

                                                    Download

                                                  • memory/212-358-0x000002494C8D0000-0x000002494C8D8000-memory.dmp

                                                    Filesize

                                                    32KB

                                                    Download

                                                  • memory/212-349-0x0000024933F50000-0x0000024933F9A000-memory.dmp

                                                    Filesize

                                                    296KB

                                                    Download

                                                  • memory/212-350-0x0000024933F20000-0x0000024933F3C000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/212-351-0x000002494C710000-0x000002494C75C000-memory.dmp

                                                    Filesize

                                                    304KB

                                                    Download

                                                  • memory/212-352-0x000002494C760000-0x000002494C7A8000-memory.dmp

                                                    Filesize

                                                    288KB

                                                    Download

                                                  • memory/212-353-0x0000024933F40000-0x0000024933F48000-memory.dmp

                                                    Filesize

                                                    32KB

                                                    Download

                                                  • memory/212-354-0x0000024933FA0000-0x0000024933FAA000-memory.dmp

                                                    Filesize

                                                    40KB

                                                    Download

                                                  • memory/212-361-0x000002494C920000-0x000002494C94A000-memory.dmp

                                                    Filesize

                                                    168KB

                                                    Download

                                                  • memory/212-356-0x000002494CDC0000-0x000002494CE72000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/212-357-0x000002494C8C0000-0x000002494C8C8000-memory.dmp

                                                    Filesize

                                                    32KB

                                                    Download

                                                  • memory/212-348-0x0000024933560000-0x00000249335C8000-memory.dmp

                                                    Filesize

                                                    416KB

                                                    Download

                                                  • memory/212-359-0x000002494C8E0000-0x000002494C8E8000-memory.dmp

                                                    Filesize

                                                    32KB

                                                    Download

                                                  • memory/212-360-0x000002494CE80000-0x000002494CEE8000-memory.dmp

                                                    Filesize

                                                    416KB

                                                    Download

                                                  • memory/212-363-0x000002494C8F0000-0x000002494C916000-memory.dmp

                                                    Filesize

                                                    152KB

                                                    Download

                                                  • memory/212-362-0x000002494DB10000-0x000002494DB4A000-memory.dmp

                                                    Filesize

                                                    232KB

                                                    Download

                                                  • memory/368-943-0x00000262D8CE0000-0x00000262D8D00000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/368-944-0x00000262F1800000-0x00000262F18B2000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/368-947-0x00000262F18C0000-0x00000262F1926000-memory.dmp

                                                    Filesize

                                                    408KB

                                                    Download

                                                  • memory/368-949-0x00000262D8D20000-0x00000262D8D34000-memory.dmp

                                                    Filesize

                                                    80KB

                                                    Download

                                                  • memory/368-942-0x00000262D86A0000-0x00000262D86B0000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/436-278-0x0000026364C10000-0x0000026364C52000-memory.dmp

                                                    Filesize

                                                    264KB

                                                    Download

                                                  • memory/436-281-0x000002637DDD0000-0x000002637DE80000-memory.dmp

                                                    Filesize

                                                    704KB

                                                    Download

                                                  • memory/436-283-0x00000263655C0000-0x00000263655DC000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/1000-700-0x000001BABD4B0000-0x000001BABD4FA000-memory.dmp

                                                    Filesize

                                                    296KB

                                                    Download

                                                  • memory/1000-711-0x000001BABD980000-0x000001BABDA5C000-memory.dmp

                                                    Filesize

                                                    880KB

                                                    Download

                                                  • memory/1000-703-0x000001BAA4D50000-0x000001BAA4D5A000-memory.dmp

                                                    Filesize

                                                    40KB

                                                    Download

                                                  • memory/1000-702-0x000001BAA4DB0000-0x000001BAA4DC8000-memory.dmp

                                                    Filesize

                                                    96KB

                                                    Download

                                                  • memory/1000-701-0x000001BAA4D70000-0x000001BAA4D8C000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/1000-786-0x000001BABD8A0000-0x000001BABD902000-memory.dmp

                                                    Filesize

                                                    392KB

                                                    Download

                                                  • memory/1000-809-0x000001BABD5E0000-0x000001BABD5FC000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/1000-705-0x000001BABD550000-0x000001BABD59A000-memory.dmp

                                                    Filesize

                                                    296KB

                                                    Download

                                                  • memory/1000-699-0x000001BAA43D0000-0x000001BAA4404000-memory.dmp

                                                    Filesize

                                                    208KB

                                                    Download

                                                  • memory/1000-709-0x000001BABD7E0000-0x000001BABD892000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/1100-164-0x0000024FCB3E0000-0x0000024FCB3F2000-memory.dmp

                                                    Filesize

                                                    72KB

                                                    Download

                                                  • memory/1100-160-0x0000024FE59B0000-0x0000024FE5A48000-memory.dmp

                                                    Filesize

                                                    608KB

                                                    Download

                                                  • memory/1100-165-0x0000024FCCE70000-0x0000024FCCEAC000-memory.dmp

                                                    Filesize

                                                    240KB

                                                    Download

                                                  • memory/1100-148-0x0000024FCAFD0000-0x0000024FCAFF8000-memory.dmp

                                                    Filesize

                                                    160KB

                                                    Download

                                                  • memory/1256-561-0x00000194FA670000-0x00000194FA6AA000-memory.dmp

                                                    Filesize

                                                    232KB

                                                    Download

                                                  • memory/1256-648-0x00000194FB830000-0x00000194FB878000-memory.dmp

                                                    Filesize

                                                    288KB

                                                    Download

                                                  • memory/1256-612-0x00000194FABF0000-0x00000194FAC0C000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/1256-1142-0x00000194FBF20000-0x00000194FBF48000-memory.dmp

                                                    Filesize

                                                    160KB

                                                    Download

                                                  • memory/1256-592-0x00000194FB8A0000-0x00000194FB952000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/1256-1136-0x00000194FB7E0000-0x00000194FB7F0000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/1700-2607-0x0000000003480000-0x0000000003647000-memory.dmp

                                                    Filesize

                                                    1.8MB

                                                    Download

                                                  • memory/1700-2185-0x0000000003440000-0x0000000003607000-memory.dmp

                                                    Filesize

                                                    1.8MB

                                                    Download

                                                  • memory/1700-2711-0x0000000010000000-0x0000000010114000-memory.dmp

                                                    Filesize

                                                    1.1MB

                                                    Download

                                                  • memory/1832-1134-0x0000021B13B30000-0x0000021B13B38000-memory.dmp

                                                    Filesize

                                                    32KB

                                                    Download

                                                  • memory/1832-1001-0x0000021B132D0000-0x0000021B132E0000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/1832-1055-0x0000021B2C610000-0x0000021B2C6EC000-memory.dmp

                                                    Filesize

                                                    880KB

                                                    Download

                                                  • memory/1832-1058-0x0000021B2CA40000-0x0000021B2CAF2000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/1832-1047-0x0000021B13B10000-0x0000021B13B2C000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/1832-1020-0x0000021B13B40000-0x0000021B13B8A000-memory.dmp

                                                    Filesize

                                                    296KB

                                                    Download

                                                  • memory/2196-80-0x0000000005340000-0x0000000005694000-memory.dmp

                                                    Filesize

                                                    3.3MB

                                                    Download

                                                  • memory/2196-79-0x0000000005200000-0x0000000005222000-memory.dmp

                                                    Filesize

                                                    136KB

                                                    Download

                                                  • memory/2196-76-0x0000000005280000-0x0000000005332000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/2296-110-0x00000000054F0000-0x0000000005556000-memory.dmp

                                                    Filesize

                                                    408KB

                                                    Download

                                                  • memory/3284-1147-0x000001CFDE650000-0x000001CFDE6C6000-memory.dmp

                                                    Filesize

                                                    472KB

                                                    Download

                                                  • memory/3284-1050-0x000001CFDE4E0000-0x000001CFDE526000-memory.dmp

                                                    Filesize

                                                    280KB

                                                    Download

                                                  • memory/3284-1239-0x000001CFDEA10000-0x000001CFDEA7E000-memory.dmp

                                                    Filesize

                                                    440KB

                                                    Download

                                                  • memory/3284-1006-0x000001CFC5680000-0x000001CFC5690000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/3284-1024-0x000001CFC56B0000-0x000001CFC56D0000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/3284-1149-0x000001CFDE530000-0x000001CFDE54E000-memory.dmp

                                                    Filesize

                                                    120KB

                                                    Download

                                                  • memory/3284-1023-0x000001CFDDFD0000-0x000001CFDE082000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/3284-1146-0x000001CFDE580000-0x000001CFDE5D0000-memory.dmp

                                                    Filesize

                                                    320KB

                                                    Download

                                                  • memory/3284-1049-0x000001CFDEB40000-0x000001CFDF19C000-memory.dmp

                                                    Filesize

                                                    6.4MB

                                                    Download

                                                  • memory/3284-985-0x000001CFC4E40000-0x000001CFC4E52000-memory.dmp

                                                    Filesize

                                                    72KB

                                                    Download

                                                  • memory/3396-1053-0x000001FD30120000-0x000001FD30132000-memory.dmp

                                                    Filesize

                                                    72KB

                                                    Download

                                                  • memory/3396-1056-0x000001FD30AF0000-0x000001FD30B3A000-memory.dmp

                                                    Filesize

                                                    296KB

                                                    Download

                                                  • memory/3396-1057-0x000001FD30AA0000-0x000001FD30ABC000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/3396-1148-0x000001FD494D0000-0x000001FD49582000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/3396-1150-0x000001FD49590000-0x000001FD4966C000-memory.dmp

                                                    Filesize

                                                    880KB

                                                    Download

                                                  • memory/3396-1168-0x000001FD30BB0000-0x000001FD30BCA000-memory.dmp

                                                    Filesize

                                                    104KB

                                                    Download

                                                  • memory/3632-665-0x0000013AE58C0000-0x0000013AE58DA000-memory.dmp

                                                    Filesize

                                                    104KB

                                                    Download

                                                  • memory/3632-667-0x0000013AE5FD0000-0x0000013AE6082000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/3632-708-0x0000013AFF1B0000-0x0000013AFF6D8000-memory.dmp

                                                    Filesize

                                                    5.2MB

                                                    Download

                                                  • memory/3632-655-0x0000013AE5500000-0x0000013AE550A000-memory.dmp

                                                    Filesize

                                                    40KB

                                                    Download

                                                  • memory/4648-990-0x000002E008720000-0x000002E00873C000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/4648-982-0x000002E007DA0000-0x000002E007DB6000-memory.dmp

                                                    Filesize

                                                    88KB

                                                    Download

                                                  • memory/4648-984-0x000002E020EE0000-0x000002E020F92000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/4676-482-0x0000022564910000-0x0000022564930000-memory.dmp

                                                    Filesize

                                                    128KB

                                                    Download

                                                  • memory/4676-473-0x0000022564290000-0x000002256429C000-memory.dmp

                                                    Filesize

                                                    48KB

                                                    Download

                                                  • memory/4676-475-0x00000225648F0000-0x0000022564908000-memory.dmp

                                                    Filesize

                                                    96KB

                                                    Download

                                                  • memory/4676-478-0x000002257D470000-0x000002257D522000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/4840-710-0x00000136A04B0000-0x00000136A0560000-memory.dmp

                                                    Filesize

                                                    704KB

                                                    Download

                                                  • memory/4840-706-0x00000136879A0000-0x00000136879EA000-memory.dmp

                                                    Filesize

                                                    296KB

                                                    Download

                                                  • memory/4840-704-0x0000013687120000-0x000001368712C000-memory.dmp

                                                    Filesize

                                                    48KB

                                                    Download

                                                  • memory/4840-707-0x0000013687970000-0x000001368798C000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/4840-796-0x00000136A0640000-0x00000136A071C000-memory.dmp

                                                    Filesize

                                                    880KB

                                                    Download

                                                  • memory/4840-842-0x0000013687AA0000-0x0000013687ABC000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/4856-43-0x0000000003110000-0x000000000311C000-memory.dmp

                                                    Filesize

                                                    48KB

                                                    Download

                                                  • memory/4856-39-0x00000000030D0000-0x00000000030FE000-memory.dmp

                                                    Filesize

                                                    184KB

                                                    Download

                                                  • memory/5072-1054-0x000002056F440000-0x000002056F4F2000-memory.dmp

                                                    Filesize

                                                    712KB

                                                    Download

                                                  • memory/5072-1052-0x000002056EC70000-0x000002056EC8C000-memory.dmp

                                                    Filesize

                                                    112KB

                                                    Download

                                                  • memory/5072-1165-0x000002056F3E0000-0x000002056F434000-memory.dmp

                                                    Filesize

                                                    336KB

                                                    Download

                                                  • memory/5072-1051-0x000002056E300000-0x000002056E312000-memory.dmp

                                                    Filesize

                                                    72KB

                                                    Download