Overview

overview

10

Static

static

10

pdf946946.msi

windows7-x64

10

pdf946946.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250211-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/02/2025, 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pdf946946.msi

  • Size

    2.9MB

  • MD5

    8b6b0ec93209591b6f987b27b150f803

  • SHA1

    dd64e5c25c9237b6a52f68dcc6a5777c83c5fef3

  • SHA256

    768eaad977f0e47869a05f653895ef1c14b3c83905a91e2b8dc56b718e056de6

  • SHA512

    0e892754f982114ab1d99bef288123563543c1010289f312f9b9e8c3abd8845c907ef665dc60dd744b3c840fe11c4546c1bee5bcbebeb67469cda4e3409e0a39

  • SSDEEP

    49152:++1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:++lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Downloads MZ/PE file 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 30 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 6 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 60 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • System Time Discovery 1 TTPs 3 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 9 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\pdf946946.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:972
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4572
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 5C1EB54407923ECFD69C903757C1EDE9
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4256
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF23F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240644890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4080
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIF4F0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240645390 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4060
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSIFD4E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240647515 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
          3⤵
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1376
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe "C:\Windows\Installer\MSI9C6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240650703 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
          3⤵
          • Blocklisted process makes network request
          • Drops file in Windows directory
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4344
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding B76480C264223615DF095351AE777598 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2964
        • C:\Windows\SysWOW64\NET.exe
          "NET" STOP AteraAgent
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4296
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 STOP AteraAgent
            4⤵
            • System Location Discovery: System Language Discovery
            PID:4840
        • C:\Windows\SysWOW64\TaskKill.exe
          "TaskKill.exe" /f /im AteraAgent.exe
          3⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4520
      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QMzFeIAL" /AgentId="2bb8b1b2-1725-43f3-b74b-641e7d12ff53"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        PID:5068
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding F95477907301D33C8D0D9434A5B29263 E Global\MSI0000
        2⤵
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:4564
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D04B1E3-9865-4B54-86A5-DE7C2511CDC2}
          3⤵
          • Executes dropped EXE
          PID:3376
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{554DDEB3-8B03-4801-B0B0-46E902355ADE}
          3⤵
          • Executes dropped EXE
          PID:2788
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{93628E08-36F5-4629-AFAC-4EFFD6A943C9}
          3⤵
          • Executes dropped EXE
          PID:764
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0D71446F-487E-4878-B3A4-D6AC4A9F6318}
          3⤵
          • Executes dropped EXE
          PID:3592
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{91361302-5260-4C00-A0F4-FBD3AC719B3E}
          3⤵
          • Executes dropped EXE
          PID:2856
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D12DE03-913D-461F-BEFD-3611648EC304}
          3⤵
          • Executes dropped EXE
          PID:4208
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B5037F66-5B62-47F9-8AD8-195E615CFEFF}
          3⤵
          • Executes dropped EXE
          PID:3592
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D35F77F-1CBC-4A85-8280-7BBE8C4A8E3D}
          3⤵
          • Executes dropped EXE
          PID:2796
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F8A6F7EA-6734-4BEA-AC91-EAC0A65779CC}
          3⤵
          • Executes dropped EXE
          PID:216
        • C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe
          C:\Windows\TEMP\{800EA637-A068-4781-BE23-24462D8AAEDF}\_is8577.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D163EE4-37A4-4C99-A889-6B9CB520A383}
          3⤵
          • Executes dropped EXE
          PID:5008
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2492
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRServer.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3948
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2244
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRApp.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2392
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2788
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAppPB.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3976
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4616
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeature.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:968
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1016
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRFeatMini.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2540
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4328
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRManager.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3716
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4932
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAgent.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:2768
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:64
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:216
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1072
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRAudioChat.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:3120
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3592
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill.exe /F /IM SRVirtualDisplay.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            PID:216
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5FB3A03E-AFCE-484F-A75F-D7938BF1CBC8}
          3⤵
          • Executes dropped EXE
          PID:4784
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7CAEF982-8C94-4C43-9B73-F006D8826C76}
          3⤵
          • Executes dropped EXE
          PID:3344
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{56CB327A-D3A9-4AE4-B6F2-E12F8BD799D8}
          3⤵
          • Executes dropped EXE
          PID:4356
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{77A48F2C-8346-4638-BF56-91A242757393}
          3⤵
          • Executes dropped EXE
          PID:1572
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ED341020-BB4A-46CE-8614-8EE2202BDBA9}
          3⤵
          • Executes dropped EXE
          PID:2540
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{175DDE42-6E71-48BB-9E34-437A79B71B9D}
          3⤵
          • Executes dropped EXE
          PID:1420
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{102E39AE-C9EE-46F3-887A-5C82FF6E03E1}
          3⤵
          • Executes dropped EXE
          PID:4684
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A99A389-5698-4523-A23F-B340DD76DF02}
          3⤵
          • Executes dropped EXE
          PID:1116
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C9BAC100-5DD0-4C0E-9AE9-2791695877D7}
          3⤵
          • Executes dropped EXE
          PID:3976
        • C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
          C:\Windows\TEMP\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3F25D0ED-8B18-4F86-8AC2-425BEB1BB26B}
          3⤵
          • Executes dropped EXE
          PID:2856
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BEB9706F-AC25-43D5-9070-5C7C6564CF24}
          3⤵
          • Executes dropped EXE
          PID:1724
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8A2E564B-EA8C-4CB5-833F-3AA9A331895C}
          3⤵
          • Executes dropped EXE
          PID:4800
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{70B2FD89-512D-468D-9AFD-EAA5E6536CC9}
          3⤵
          • Executes dropped EXE
          PID:4160
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A3BCF519-3BF1-42E4-B84F-D37D47CCE184}
          3⤵
          • Executes dropped EXE
          PID:4304
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FC4F5E31-1B00-479E-AA06-357C16AD4D2F}
          3⤵
          • Executes dropped EXE
          PID:2856
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D4BDC9C-AD56-4551-898A-6C25C3B4EEA6}
          3⤵
          • Executes dropped EXE
          PID:2876
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{314B8EBB-D0D9-44EB-8DCF-CACC6B1F01DD}
          3⤵
          • Executes dropped EXE
          PID:4028
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{36307913-B6CD-40B5-A5B4-51CB6AA18B04}
          3⤵
          • Executes dropped EXE
          PID:380
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A0987ADB-687B-4AE8-94F1-AA8E6C33EB0E}
          3⤵
          • Executes dropped EXE
          PID:764
        • C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe
          C:\Windows\TEMP\{874A4F1E-4AA8-4913-9F06-2FD4CD266EBD}\_is9C5C.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5BC10FB0-FE9E-406C-BAE6-71109ADFC4BA}
          3⤵
          • Executes dropped EXE
          PID:384
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4356
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:648
        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:4304
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:1116
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
              4⤵
                PID:1724
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:3664
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3228BDB3-D6AD-4106-8894-B471954D303D}
              3⤵
              • Executes dropped EXE
              PID:1420
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C654DF0C-E6DA-4DA2-B7BB-2D252246496B}
              3⤵
              • Executes dropped EXE
              PID:3948
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{36357C97-2D37-4DCD-8237-9F437F17DC5D}
              3⤵
              • Executes dropped EXE
              PID:3028
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{47F1CA06-1AD0-4223-A10C-F10DFCAF99F7}
              3⤵
              • Executes dropped EXE
              PID:3344
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4B2BE554-D8A9-4CA5-B335-1D2D6AA460CB}
              3⤵
              • Executes dropped EXE
              PID:3716
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75AB85D2-236F-417E-B155-F91A833A7A66}
              3⤵
              • Executes dropped EXE
              PID:3092
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BC838713-2E06-4558-A77A-5D475A1F16E6}
              3⤵
              • Executes dropped EXE
              PID:4252
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E30464CF-2E20-41BB-A3C1-B182276F3E7D}
              3⤵
              • Executes dropped EXE
              PID:3948
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5F19034B-AD33-4071-B6E5-74B6B5C22042}
              3⤵
              • Executes dropped EXE
              PID:3028
            • C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe
              C:\Windows\TEMP\{5D2B1D46-9241-4768-AA39-C5A5095CCDEB}\_isAEAE.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BEE28BAA-86CD-41E9-A741-F2B4EE8E12C0}
              3⤵
              • Executes dropped EXE
              PID:2220
            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
              3⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              PID:2816
            • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
              C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2185A625-AD5A-48CB-B4DE-7739B516CC06}
              3⤵
              • Executes dropped EXE
              PID:3948
            • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
              C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{45A803F9-330F-49C6-B813-EA3EFA74250A}
              3⤵
              • Executes dropped EXE
              PID:2868
            • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
              C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8DB352B8-4595-4DFC-B8F3-1FAC9E2D53EB}
              3⤵
              • Executes dropped EXE
              PID:4684
            • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
              C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ECF85D6F-EB8C-4EEA-ABE0-23744B6D9A5C}
              3⤵
              • Executes dropped EXE
              PID:3344
            • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
              C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B3DF0E64-5EEB-4541-A8D8-78B299A4BB44}
              3⤵
                PID:1736
              • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
                C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37C2AB43-4DB2-4585-97D4-776BD3C3F871}
                3⤵
                  PID:2400
                • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
                  C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6AB1F085-258F-4350-BA99-AECF4D47F344}
                  3⤵
                    PID:1252
                  • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
                    C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D065D1E1-5094-453C-B219-A5F8DF568BD5}
                    3⤵
                      PID:1128
                    • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
                      C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E4CD5FAF-1343-4FE5-A947-24DC45ECD0A2}
                      3⤵
                        PID:756
                      • C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe
                        C:\Windows\TEMP\{02E605EF-B807-4586-B232-CE0838EDFC27}\_isB372.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7309CF8E-F83B-4F35-B53E-C312FF9618C8}
                        3⤵
                          PID:3444
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                          3⤵
                          • System Location Discovery: System Language Discovery
                          PID:1732
                      • C:\Windows\syswow64\MsiExec.exe
                        C:\Windows\syswow64\MsiExec.exe -Embedding CB862CE2C66A1FCE29590F5C3657395D E Global\MSI0000
                        2⤵
                        • System Location Discovery: System Language Discovery
                        PID:5248
                        • C:\Windows\SysWOW64\rundll32.exe
                          rundll32.exe "C:\Windows\Installer\MSI3F73.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240730046 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                          3⤵
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • System Location Discovery: System Language Discovery
                          PID:64
                        • C:\Windows\SysWOW64\rundll32.exe
                          rundll32.exe "C:\Windows\Installer\MSI403F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240730156 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                          3⤵
                          • Blocklisted process makes network request
                          • Drops file in Windows directory
                          • System Location Discovery: System Language Discovery
                          PID:4304
                        • C:\Windows\SysWOW64\rundll32.exe
                          rundll32.exe "C:\Windows\Installer\MSI433D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240730937 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                          3⤵
                          • Drops file in Windows directory
                          • System Location Discovery: System Language Discovery
                          PID:1632
                        • C:\Windows\SysWOW64\NET.exe
                          "NET" STOP AteraAgent
                          3⤵
                          • System Location Discovery: System Language Discovery
                          PID:5636
                          • C:\Windows\SysWOW64\net1.exe
                            C:\Windows\system32\net1 STOP AteraAgent
                            4⤵
                            • System Location Discovery: System Language Discovery
                            PID:5940
                        • C:\Windows\SysWOW64\TaskKill.exe
                          "TaskKill.exe" /f /im AteraAgent.exe
                          3⤵
                          • System Location Discovery: System Language Discovery
                          • Kills process with taskkill
                          PID:3476
                        • C:\Windows\syswow64\NET.exe
                          "NET" STOP AteraAgent
                          3⤵
                          • System Location Discovery: System Language Discovery
                          PID:3664
                          • C:\Windows\SysWOW64\net1.exe
                            C:\Windows\system32\net1 STOP AteraAgent
                            4⤵
                            • System Location Discovery: System Language Discovery
                            PID:5952
                        • C:\Windows\syswow64\TaskKill.exe
                          "TaskKill.exe" /f /im AteraAgent.exe
                          3⤵
                          • System Location Discovery: System Language Discovery
                          • Kills process with taskkill
                          PID:4608
                        • C:\Windows\SysWOW64\rundll32.exe
                          rundll32.exe "C:\Windows\Installer\MSI60C1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240738468 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                          3⤵
                          • Blocklisted process makes network request
                          • Drops file in Windows directory
                          • System Location Discovery: System Language Discovery
                          PID:5124
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                        2⤵
                        • Drops file in System32 directory
                        • Drops file in Program Files directory
                        PID:2536
                      • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                        "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="07846871-d631-46ce-8108-b3fe0d0e1e76"
                        2⤵
                        • Drops file in System32 directory
                        • Modifies data under HKEY_USERS
                        PID:3320
                    • C:\Windows\system32\vssvc.exe
                      C:\Windows\system32\vssvc.exe
                      1⤵
                      • Checks SCSI registry key(s)
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4844
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjQ2QkQyOUUtMjYxRi00REVGLTg4RjctQTRCN0ZENUE1Q0E4fSIgdXNlcmlkPSJ7RjI2MDk5NTItNzNFQi00MDYxLThGOUYtMzQzQ0MwMzhCODFDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RjIwNzNBNzktN0YzMC00NkM5LUFCNzgtQTQwN0RGN0I2MDZCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODIxNjkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1MzE4NTEwMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDIxNTczNjIxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                      1⤵
                      • System Location Discovery: System Language Discovery
                      • System Network Configuration Discovery: Internet Connection Discovery
                      PID:2660
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                      1⤵
                      • Drops file in System32 directory
                      • Drops file in Program Files directory
                      • Executes dropped EXE
                      • Modifies data under HKEY_USERS
                      • Modifies system certificate store
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:1232
                      • C:\Windows\System32\sc.exe
                        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                        2⤵
                        • Launches sc.exe
                        PID:216
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "ca36c6a0-fa78-45e3-9f4d-54e7d5fc14d7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QMzFeIAL
                        2⤵
                        • Drops file in System32 directory
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1860
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "2c29405e-7119-4335-aec6-446a1942ecda" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QMzFeIAL
                        2⤵
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4404
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "3f37bade-ea4b-4198-b8d9-5b5e95bcb971" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000QMzFeIAL
                        2⤵
                        • Executes dropped EXE
                        PID:3716
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "086d67e5-8aef-4988-a779-4fae57858855" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000QMzFeIAL
                        2⤵
                        • Drops file in Program Files directory
                        • Executes dropped EXE
                        • Modifies data under HKEY_USERS
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of WriteProcessMemory
                        PID:3476
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                          3⤵
                          • Drops file in System32 directory
                          • Command and Scripting Interpreter: PowerShell
                          • Modifies data under HKEY_USERS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3508
                        • C:\Windows\System32\cmd.exe
                          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          3⤵
                          • Suspicious use of WriteProcessMemory
                          PID:4000
                          • C:\Windows\system32\cscript.exe
                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                            4⤵
                            • Modifies data under HKEY_USERS
                            PID:1072
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "567d4bf7-eb63-455d-adca-da742e8dbc7a" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000QMzFeIAL
                        2⤵
                        • Downloads MZ/PE file
                        • Drops file in System32 directory
                        • Drops file in Program Files directory
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4376
                        • C:\Windows\TEMP\SplashtopStreamer.exe
                          "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                          3⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of SetWindowsHookEx
                          PID:3484
                          • C:\Windows\Temp\unpack\PreVerCheck.exe
                            "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                            4⤵
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            PID:2076
                            • C:\Windows\SysWOW64\msiexec.exe
                              msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                              5⤵
                              • System Location Discovery: System Language Discovery
                              PID:4044
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "0fbe0067-993c-4ac7-9d6c-d7f09a6e2a45" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000QMzFeIAL
                        2⤵
                        • Executes dropped EXE
                        PID:1352
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                      1⤵
                      • Drops file in Program Files directory
                      • Executes dropped EXE
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of WriteProcessMemory
                      PID:4804
                      • C:\Windows\System32\sc.exe
                        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                        2⤵
                        • Launches sc.exe
                        PID:1932
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "086d67e5-8aef-4988-a779-4fae57858855" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000QMzFeIAL
                        2⤵
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of WriteProcessMemory
                        PID:4564
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                          3⤵
                          • Command and Scripting Interpreter: PowerShell
                          • Modifies data under HKEY_USERS
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2964
                        • C:\Windows\System32\cmd.exe
                          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          3⤵
                          • Suspicious use of WriteProcessMemory
                          PID:968
                          • C:\Windows\system32\cscript.exe
                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                            4⤵
                            • Modifies data under HKEY_USERS
                            PID:216
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "3f37bade-ea4b-4198-b8d9-5b5e95bcb971" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000QMzFeIAL
                        2⤵
                        • Executes dropped EXE
                        PID:4572
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "0fbe0067-993c-4ac7-9d6c-d7f09a6e2a45" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000QMzFeIAL
                        2⤵
                        • Drops file in System32 directory
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:2536
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                      1⤵
                      • Drops file in Program Files directory
                      • Executes dropped EXE
                      • Modifies data under HKEY_USERS
                      • Modifies system certificate store
                      • Suspicious use of WriteProcessMemory
                      PID:4440
                      • C:\Windows\System32\sc.exe
                        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                        2⤵
                        • Launches sc.exe
                        PID:1072
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "09bded65-6373-46a8-947c-5469c3d05138" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000QMzFeIAL
                        2⤵
                        • Writes to the Master Boot Record (MBR)
                        • Drops file in Program Files directory
                        PID:2348
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "80d661e8-74a0-4dbc-8c2c-7dcbf10057cc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000QMzFeIAL
                        2⤵
                        • Drops file in Program Files directory
                        PID:4008
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                          3⤵
                          • Command and Scripting Interpreter: PowerShell
                          • Modifies data under HKEY_USERS
                          PID:5008
                        • C:\Windows\System32\cmd.exe
                          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          3⤵
                            PID:2300
                            • C:\Windows\system32\cscript.exe
                              cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                              4⤵
                              • Modifies data under HKEY_USERS
                              PID:3288
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "a19c1c0b-6c85-47fb-a2aa-fee46b9b4a5d" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000QMzFeIAL
                          2⤵
                            PID:2368
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=653b725dd8272d5c20c0a351ea93b2aa&rmm_session_pwd_ttl=86400"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:3900
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "dd07c8e3-9dc6-4305-aba5-bcff29e0d251" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMn0ifQ==" 001Q300000QMzFeIAL
                            2⤵
                              PID:2828
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "304f2f43-c2e7-4153-8982-3a4fe039b9d7" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000QMzFeIAL
                              2⤵
                                PID:5160
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "6722d9e6-c4dd-46f3-b54e-fc03534a019b" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000QMzFeIAL
                                2⤵
                                • Drops file in System32 directory
                                • Drops file in Program Files directory
                                PID:5332
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "82ea2ec3-7edf-43a2-bbb7-6747960037f9" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000QMzFeIAL
                                2⤵
                                • Drops file in System32 directory
                                PID:6060
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "61da6ee5-4448-450f-908f-348312bbbdc4" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000QMzFeIAL
                                2⤵
                                • Drops file in System32 directory
                                PID:5136
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "c7c94b19-ae2c-4661-830e-b07de5f77e4c" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000QMzFeIAL
                                2⤵
                                • Modifies data under HKEY_USERS
                                PID:4308
                                • C:\Windows\SYSTEM32\msiexec.exe
                                  "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                                  3⤵
                                    PID:6012
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "8c1587c3-acd4-4755-a066-1db8592c0f85" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000QMzFeIAL
                                  2⤵
                                    PID:5792
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "716f46aa-d791-43b9-8917-801a59628449" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QMzFeIAL
                                    2⤵
                                    • Drops file in System32 directory
                                    PID:6096
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "c674316b-a5be-4711-a1ec-82ccbf472cd9" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000QMzFeIAL
                                    2⤵
                                    • Drops file in System32 directory
                                    PID:5316
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "6e529454-81e8-4bbb-92f5-083a44fc6063" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000QMzFeIAL
                                    2⤵
                                      PID:5264
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "5805af83-8c34-4dd7-9d6c-0d48057074f4" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000QMzFeIAL
                                      2⤵
                                      • Downloads MZ/PE file
                                      PID:1472
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                        3⤵
                                        • System Time Discovery
                                        PID:4860
                                        • C:\Program Files\dotnet\dotnet.exe
                                          dotnet --list-runtimes
                                          4⤵
                                          • System Time Discovery
                                          PID:5460
                                      • C:\Program Files\dotnet\dotnet.exe
                                        "C:\Program Files\dotnet\dotnet" --list-runtimes
                                        3⤵
                                        • System Time Discovery
                                        PID:2816
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "8c31f52f-dfca-4174-b7de-37c7bef46dc8" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000QMzFeIAL
                                      2⤵
                                      • Modifies registry class
                                      PID:6032
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                    1⤵
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1572
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                      2⤵
                                      • Drops file in System32 directory
                                      • Drops file in Program Files directory
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies data under HKEY_USERS
                                      PID:2108
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                        -h -t
                                        3⤵
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:4868
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                        3⤵
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        PID:412
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                          4⤵
                                            PID:4848
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                          3⤵
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of SetWindowsHookEx
                                          PID:2268
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                          3⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:384
                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                            SRUtility.exe -r
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:3900
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                          3⤵
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of SetWindowsHookEx
                                          PID:6072
                                          • C:\Windows\System32\cmd.exe
                                            "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                            4⤵
                                              PID:5136
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /c ver
                                                5⤵
                                                  PID:5528
                                                • C:\Windows\system32\sc.exe
                                                  sc query ddmgr
                                                  5⤵
                                                  • Launches sc.exe
                                                  PID:5480
                                                • C:\Windows\system32\sc.exe
                                                  sc query lci_proxykmd
                                                  5⤵
                                                  • Launches sc.exe
                                                  PID:5704
                                                • C:\Windows\system32\rundll32.exe
                                                  rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                                  5⤵
                                                  • Checks SCSI registry key(s)
                                                  • Modifies data under HKEY_USERS
                                                  PID:3156
                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                          1⤵
                                          • Drops file in Program Files directory
                                          • Modifies data under HKEY_USERS
                                          PID:5964
                                          • C:\Windows\System32\sc.exe
                                            "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                            2⤵
                                            • Launches sc.exe
                                            PID:2980
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "dd7ca8d4-57dd-41b8-96cd-dd115e33230f" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000QMzFeIAL
                                            2⤵
                                              PID:1848
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "0d5ef0d4-1c5c-4314-9c45-03534740d23b" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000QMzFeIAL
                                              2⤵
                                                PID:2948
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                  3⤵
                                                  • Command and Scripting Interpreter: PowerShell
                                                  PID:5360
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "f7032e32-1a02-4cfb-ae62-15f498b77e43" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000QMzFeIAL
                                                2⤵
                                                  PID:2652
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 2bb8b1b2-1725-43f3-b74b-641e7d12ff53 "5a5b079d-867d-4886-aa1c-a1f11c8a229f" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QMzFeIAL
                                                  2⤵
                                                    PID:5344
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                  1⤵
                                                  • Drops file in Windows directory
                                                  • Checks SCSI registry key(s)
                                                  PID:5228
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000138" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Checks SCSI registry key(s)
                                                    • Modifies data under HKEY_USERS
                                                    PID:5636
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "000000000000014C" "WinSta0\Default" "0000000000000154" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Checks SCSI registry key(s)
                                                    • Modifies data under HKEY_USERS
                                                    PID:1228
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "000000000000014C"
                                                    2⤵
                                                    • Drops file in Drivers directory
                                                    • Drops file in System32 directory
                                                    • Checks SCSI registry key(s)
                                                    PID:3104
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                    2⤵
                                                    • Drops file in Drivers directory
                                                    • Drops file in Windows directory
                                                    • Checks SCSI registry key(s)
                                                    PID:2300

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Reconnaissance

                                                Resource Development

                                                Initial Access

                                                Execution

                                                Command and Scripting Interpreter

                                                1
                                                T1059

                                                PowerShell

                                                1
                                                T1059.001

                                                Persistence

                                                Event Triggered Execution

                                                2
                                                T1546

                                                Component Object Model Hijacking

                                                1
                                                T1546.015

                                                Installer Packages

                                                1
                                                T1546.016

                                                Pre-OS Boot

                                                1
                                                T1542

                                                Bootkit

                                                1
                                                T1542.003

                                                Privilege Escalation

                                                Event Triggered Execution

                                                2
                                                T1546

                                                Component Object Model Hijacking

                                                1
                                                T1546.015

                                                Installer Packages

                                                1
                                                T1546.016

                                                Defense Evasion

                                                Modify Registry

                                                1
                                                T1112

                                                Pre-OS Boot

                                                1
                                                T1542

                                                Bootkit

                                                1
                                                T1542.003

                                                Subvert Trust Controls

                                                1
                                                T1553

                                                Install Root Certificate

                                                1
                                                T1553.004

                                                System Binary Proxy Execution

                                                1
                                                T1218

                                                Msiexec

                                                1
                                                T1218.007

                                                Credential Access

                                                Discovery

                                                Peripheral Device Discovery

                                                2
                                                T1120

                                                Query Registry

                                                4
                                                T1012

                                                System Information Discovery

                                                3
                                                T1082

                                                System Location Discovery

                                                1
                                                T1614

                                                System Language Discovery

                                                1
                                                T1614.001

                                                System Network Configuration Discovery

                                                1
                                                T1016

                                                Internet Connection Discovery

                                                1
                                                T1016.001

                                                System Time Discovery

                                                1
                                                T1124

                                                Lateral Movement

                                                Collection

                                                Command and Control

                                                Exfiltration

                                                Impact

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Config.Msi\e57f1c3.rbs
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  30a223d2c0d5b97b2179d7cf416f0b88

                                                  SHA1

                                                  d18ace2772c6ede4639cdc1d8df9fae1f5448d55

                                                  SHA256

                                                  51487815d1d36118214164ba48ec0c1dd9c24461c58b0fa4868fcdd3de68b610

                                                  SHA512

                                                  c1ff85401514246cfc7a744d5ca1c865d1398e61a66fba648d0fdb99a7cfda6be99cd37fb6463bc04880dd370f13fb0c54d28180c7afbe6ef21cb01992131df7

                                                  Download Submit

                                                • C:\Config.Msi\e57f1c8.rbs
                                                  Filesize

                                                  74KB

                                                  MD5

                                                  9bedfc5e7ae90c8beef6d7a68da1b58b

                                                  SHA1

                                                  f3b9f4dadc0748e553c2230cf21e382842714b04

                                                  SHA256

                                                  e4f35253841898dc45ba29fc4aa853dc7ca432c0571189eebf30244beca0d61b

                                                  SHA512

                                                  f73b4c243636f26a455dd43a217e8f1e8b6d92b7793eb1faf5356aa9f16050cc5d1a83f0c52af5f1aa7faabc909c4a09e3060778f584a8484743453bb7838807

                                                  Download Submit

                                                • C:\Config.Msi\e57f1ca.rbs
                                                  Filesize

                                                  464B

                                                  MD5

                                                  182a91633b7429f93902a40c1e8b7819

                                                  SHA1

                                                  0e9c7106ba220fddfae17dd32b18c89f3d1298fe

                                                  SHA256

                                                  6a9c6adde958e80c26a12c5a75dab2cad32665900bdcb1b1503ff5b6a064275c

                                                  SHA512

                                                  ad09a90cc9334fe6f4826325500b850da23d4d3d7219f0e8ab805e75a82cee462515b2f0a45378be153b81212501f2aa32df98e7b921b8d1dd6dbc99a8a83f46

                                                  Download Submit

                                                • C:\Config.Msi\e57f1d0.rbs
                                                  Filesize

                                                  9KB

                                                  MD5

                                                  b38974408152b315b9bf8f7e8b8c09d5

                                                  SHA1

                                                  42639da59093da8afc72642d6be2dbd2758641b3

                                                  SHA256

                                                  c07d9b273a485714aeb16e9e47c289e636141900084c6debc7f4250b6650325e

                                                  SHA512

                                                  0ec4887e6532eabb12f6ef7b6c2f4f3443ad97bd37174ca7deb93c82c6d5e0a6b547876a40b15eefbd0142863b8d34ef60e23ad0ae5f1694ab34a4c4f0908356

                                                  Download Submit

                                                • C:\Config.Msi\e57f1d8.rbs
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  c51e57eebc69bc8019e667de24447eac

                                                  SHA1

                                                  62508f062fa60ac92923ac0fdccaef1f025b5f56

                                                  SHA256

                                                  a4bf3b7df402071d0629a51479b838482fd13438bdda6b86b37bfb3acea307a1

                                                  SHA512

                                                  0376fdbc0715d3e16e334a017825d38b0fcb7702d2715a0e0cf8c33addc8dbf392d934213106cde8ba0e37b885e4d2fdba91dbb651fc71ceed8af2094166c7b2

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  337079222a6f6c6edf58f3f981ff20ae

                                                  SHA1

                                                  1f705fc0faa84c69e1fe936b34783b301323e255

                                                  SHA256

                                                  ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                  SHA512

                                                  ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                  Filesize

                                                  142KB

                                                  MD5

                                                  477293f80461713d51a98a24023d45e8

                                                  SHA1

                                                  e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                  SHA256

                                                  a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                  SHA512

                                                  23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  b3bb71f9bb4de4236c26578a8fae2dcd

                                                  SHA1

                                                  1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                  SHA256

                                                  e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                  SHA512

                                                  fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                  Filesize

                                                  210KB

                                                  MD5

                                                  c106df1b5b43af3b937ace19d92b42f3

                                                  SHA1

                                                  7670fc4b6369e3fb705200050618acaa5213637f

                                                  SHA256

                                                  2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                  SHA512

                                                  616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                  Filesize

                                                  693KB

                                                  MD5

                                                  2c4d25b7fbd1adfd4471052fa482af72

                                                  SHA1

                                                  fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                  SHA256

                                                  2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                  SHA512

                                                  f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                  Filesize

                                                  146KB

                                                  MD5

                                                  8d477b63bc5a56ae15314bda8dea7a3a

                                                  SHA1

                                                  3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                  SHA256

                                                  9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                  SHA512

                                                  44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                  Filesize

                                                  145KB

                                                  MD5

                                                  84a9f9fe8ceceea17c1e22c5afcdf65a

                                                  SHA1

                                                  4f2c2bfeb2273eae55f7ba738962de1c6f5717f0

                                                  SHA256

                                                  0e4d4c1ce8faad3c60b5fbe10f31ab2288305eefd47531f5dd785a4a294bf099

                                                  SHA512

                                                  a9a9f6b4c66864eca64eb92e961ce8d87e2bd68eb257d885f7d6b37980c8512e348e8c7741b792971dce5743a2fe4cf020378b7a4aff2df1ba441c82cf3d6947

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                  Filesize

                                                  145KB

                                                  MD5

                                                  2b9beb2fdbc41afc48d68d32ef41dd08

                                                  SHA1

                                                  4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                  SHA256

                                                  977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                  SHA512

                                                  3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                  Filesize

                                                  51KB

                                                  MD5

                                                  3180c705182447f4bcc7ce8e2820b25d

                                                  SHA1

                                                  ad6486557819a33d3f29b18d92b43b11707aae6e

                                                  SHA256

                                                  5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                  SHA512

                                                  228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                  Filesize

                                                  12B

                                                  MD5

                                                  1e065e191e89cc811ff49c96fa8fa5e6

                                                  SHA1

                                                  bc50ff2a20a8b83683583684fcac640a91689ed4

                                                  SHA256

                                                  d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                                  SHA512

                                                  5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                  Filesize

                                                  247KB

                                                  MD5

                                                  aa5cf64d575b7544eefd77f256c4dc57

                                                  SHA1

                                                  bd23989db4f9af0aae34d032e817d802c06ca5a9

                                                  SHA256

                                                  79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                                  SHA512

                                                  774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                  Filesize

                                                  546B

                                                  MD5

                                                  158fb7d9323c6ce69d4fce11486a40a1

                                                  SHA1

                                                  29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                                  SHA256

                                                  5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                                  SHA512

                                                  7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                  Filesize

                                                  94KB

                                                  MD5

                                                  c69c7690482c75a8fc70df2990d7afc6

                                                  SHA1

                                                  79d72d32a03151823bbf0953d5c2ce6bc2bde4b1

                                                  SHA256

                                                  580415595e5936d5f3945e9eeee63f6f4dbacd327aa46e2b7625b638715c27f5

                                                  SHA512

                                                  ed80ade3519345552ca74958efc9c122de840d2844baa08c94400f15168b6fc25377628a55ed12488ea790aaa40bc5bb77b6586de4f1ecd296902bbe36fba4f4

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                  Filesize

                                                  688KB

                                                  MD5

                                                  111e2e63bccead95bb5ffc53c9282070

                                                  SHA1

                                                  eaae7df21e291aa089bc101b1e265ca202be1225

                                                  SHA256

                                                  9615fe5fe63c48b13ffd8c9bc76170a9ed1cfea6a3d0901e857a1c6c6edaea76

                                                  SHA512

                                                  ffc818615fb30e24633c90b8f5a55c100b5f307414ec54e5a2914bb4ea36d3fb3aa6ed0e5815976a2f6d1b7f056e7da1f108a8eed81b458decebe721ad30b920

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                  Filesize

                                                  27KB

                                                  MD5

                                                  797c9554ec56fd72ebb3f6f6bef67fb5

                                                  SHA1

                                                  40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                  SHA256

                                                  7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                  SHA512

                                                  4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                  Filesize

                                                  214KB

                                                  MD5

                                                  01807774f043028ec29982a62fa75941

                                                  SHA1

                                                  afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                  SHA256

                                                  9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                  SHA512

                                                  33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                  Filesize

                                                  37KB

                                                  MD5

                                                  efb4712c8713cb05eb7fe7d87a83a55a

                                                  SHA1

                                                  c94d106bba77aecf88540807da89349b50ea5ae7

                                                  SHA256

                                                  30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                  SHA512

                                                  3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                  Filesize

                                                  3.5MB

                                                  MD5

                                                  c841eadd1786b7a780b96c2a44351cc9

                                                  SHA1

                                                  bde0a8f67bd2b54678fc9a9135ed49821f75f212

                                                  SHA256

                                                  3749a43d5297ec2328ddd6af6708de29a5b66efde7423ff72706ab4ca92f56f0

                                                  SHA512

                                                  edbc3d526e32de1bf8b7ac6e35fb558b250c7026ec38d5af214dfd47f934375e99da775d3147ce641acd8e51e240df32177b825aa403a40af3291cbb56f3a6b1

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                  Filesize

                                                  397KB

                                                  MD5

                                                  99f67d47a8dbdee98407885a1ac58e7c

                                                  SHA1

                                                  3cb9d10a8e6ed1acfa802045aca6e931ba7a8759

                                                  SHA256

                                                  0aa983060464d62b3da159e533769e8440612e3ec23fb8eff4fc52a0d79cc00e

                                                  SHA512

                                                  1a0779480bc3e268882d99206f621ea0feb9548df362f1920b793804fbbbf3fc530e263f0307f3cacbc8af54fd503f3f15b967a1464facd273c16bbbb56a27ab

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                  Filesize

                                                  48KB

                                                  MD5

                                                  8fa844e2ba75a4aa6174fdc8ea83e787

                                                  SHA1

                                                  8618ad1faee02129907c9f6d279198cadfe70f92

                                                  SHA256

                                                  382c1513f3e1edf4b59e2ad0a74641d924628dee5f3acb66673f376a30bb7cf7

                                                  SHA512

                                                  7d4ca76c944a1bb167ed5fb456f9d8ee16c312318e9cd459b5b2f889b20edb1c17e30fb4bc8c18736294fee35efa159946701f951f83c820bcd5802bcdd46a05

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                  Filesize

                                                  197KB

                                                  MD5

                                                  d0d21e16e57a1a73056eae228da1e287

                                                  SHA1

                                                  ab5a27b1d3d977a7f657d0acdf047067c625869f

                                                  SHA256

                                                  3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                                  SHA512

                                                  470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                  Filesize

                                                  54KB

                                                  MD5

                                                  77c613ffadf1f4b2f50d31eeec83af30

                                                  SHA1

                                                  76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                  SHA256

                                                  2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                  SHA512

                                                  29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                  Filesize

                                                  70KB

                                                  MD5

                                                  e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                  SHA1

                                                  22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                  SHA256

                                                  bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                  SHA512

                                                  00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                  Filesize

                                                  50KB

                                                  MD5

                                                  5bb0687e2384644ea48f688d7e75377b

                                                  SHA1

                                                  44e4651a52517570894cfec764ec790263b88c4a

                                                  SHA256

                                                  963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                  SHA512

                                                  260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                  Filesize

                                                  32KB

                                                  MD5

                                                  80eb4e033338fa114a4d010e9ce0b195

                                                  SHA1

                                                  f907ba4231bd21ac056375f23a36be648f5b2ba7

                                                  SHA256

                                                  b82e5dfecd3118dca11c86bf7829205fe3e5fcf0eeb57e1999e2fd2f9bd63d52

                                                  SHA512

                                                  26d4096f8c9652ea4e3920dc67144a082e069e22b85504f64f15b47f5106ef1df0601bdd7e0c34f4f534d920a520872847e6d57bc985f6e20636a26e0f7acb20

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                  Filesize

                                                  60KB

                                                  MD5

                                                  5c5c5f5be28276fb9a808d93eef71267

                                                  SHA1

                                                  e89938944bdf0cf7d91bc37ff1f129749f2989f9

                                                  SHA256

                                                  6ee89d62bde6c8656a70dfeb3665e96288dc3c77ea67e955ff041c6bef8065dc

                                                  SHA512

                                                  ee568509ba54c90c82423f36d7bf34407a34fd748df38871f53d4e35b28502d50fb2f6dddaf1e55c427c4ad99142a9e1e9b9763abbc2a8cee457af349df23f7b

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                  Filesize

                                                  588KB

                                                  MD5

                                                  17d74c03b6bcbcd88b46fcc58fc79a0d

                                                  SHA1

                                                  bc0316e11c119806907c058d62513eb8ce32288c

                                                  SHA256

                                                  13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                  SHA512

                                                  f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                  Download Submit

                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                  Filesize

                                                  215B

                                                  MD5

                                                  149f330d3aac231b885d246095a1fba6

                                                  SHA1

                                                  072e007590e1c5952272e80628f082589fb6cfe8

                                                  SHA256

                                                  afed3b7c195cbc0df5b5c460a9c21065c002c220c8523a777b186029c981d7d7

                                                  SHA512

                                                  b11d79687042008f2648a735658b8085e1db4e555c74b1f0ba40f58f278c81958f2e04b6325b2cb9b17a5b0b09c5020a1b417914877ced8bd0f24e6cc750b219

                                                  Download Submit

                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                  Filesize

                                                  9KB

                                                  MD5

                                                  1ef7574bc4d8b6034935d99ad884f15b

                                                  SHA1

                                                  110709ab33f893737f4b0567f9495ac60c37667c

                                                  SHA256

                                                  0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                  SHA512

                                                  947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                  Download Submit

                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  f512536173e386121b3ebd22aac41a4e

                                                  SHA1

                                                  74ae133215345beaebb7a95f969f34a40dda922a

                                                  SHA256

                                                  a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                  SHA512

                                                  1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                  Download Submit

                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                  Filesize

                                                  76KB

                                                  MD5

                                                  b40fe65431b18a52e6452279b88954af

                                                  SHA1

                                                  c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                  SHA256

                                                  800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                  SHA512

                                                  e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                  Download Submit

                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                  Filesize

                                                  80KB

                                                  MD5

                                                  3904d0698962e09da946046020cbcb17

                                                  SHA1

                                                  edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                  SHA256

                                                  a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                  SHA512

                                                  c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                  Download Submit

                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                  Filesize

                                                  96KB

                                                  MD5

                                                  886ff5df68dae84d8a590874b335fc59

                                                  SHA1

                                                  146f02ed86558efeb178fe0bde39cbd2878f66a1

                                                  SHA256

                                                  225e5a0dfcdd52d4d88c6f00ed6e494771e39b82449849b5175c6dc09923f066

                                                  SHA512

                                                  d0ef6633376a96692efe9f7f258e59541920e11554d9e2e6a3652c76f216e710b26c1fa8bf2854e02ec4d8390a6aee3e1c3cd9087193c67832bc9813fa68d798

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                  Filesize

                                                  287B

                                                  MD5

                                                  fcad4da5d24f95ebf38031673ddbcdb8

                                                  SHA1

                                                  3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                  SHA256

                                                  7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                  SHA512

                                                  1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                  Filesize

                                                  7KB

                                                  MD5

                                                  362ce475f5d1e84641bad999c16727a0

                                                  SHA1

                                                  6b613c73acb58d259c6379bd820cca6f785cc812

                                                  SHA256

                                                  1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                  SHA512

                                                  7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                  Filesize

                                                  1.3MB

                                                  MD5

                                                  40df7f2a02cdfa70ae76d70d21473428

                                                  SHA1

                                                  4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                  SHA256

                                                  f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                  SHA512

                                                  2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                  Filesize

                                                  1.8MB

                                                  MD5

                                                  5ed9543e9f5826ead203316ef0a8863d

                                                  SHA1

                                                  8235c0e7568ec42d6851c198adc76f006883eb4b

                                                  SHA256

                                                  33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                  SHA512

                                                  5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.ini
                                                  Filesize

                                                  13B

                                                  MD5

                                                  f9769bb20bc8a0f137207ac2fa70e73a

                                                  SHA1

                                                  13a5ade4adc04d610cefd3bace0b749e33f6faee

                                                  SHA256

                                                  f117e5835146fcdf2013c5554138c304b5376a1f3e3f1b6c6d1db0dcd6c998c4

                                                  SHA512

                                                  be47552f6b063fff51102ec421b3860773fa9f51800f6c2988c5c67ba56db8e374c2fb048ef6bb0d988620fdc04a2a6adfbf2a06465e4d4f34ba623b92e5f01b

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.runtimeconfig.json
                                                  Filesize

                                                  375B

                                                  MD5

                                                  e8d9109bd15637b1fbf349f9c7ff776f

                                                  SHA1

                                                  19762daa20afc8085ba6417a7215f1fe2d619f60

                                                  SHA256

                                                  c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                  SHA512

                                                  5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                  Filesize

                                                  383KB

                                                  MD5

                                                  f6f297c704f4f4c13d50f971daea3b56

                                                  SHA1

                                                  118581c847ea863ff8bca0a38b5469577ac6b227

                                                  SHA256

                                                  a92e1c423c30b6bb4c73f8807890b6020e12cad4143ebf6548d6562cd04f0b4b

                                                  SHA512

                                                  b312447f381d48b68308b68cd841a4274897fe4e4bd5ea3fcdfd598a6926db1ad43443bf7c0b103fdf06e1b511f5ea1b2e8018abc62a39b9b7f2d4be17a7c848

                                                  Download Submit

                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                  Filesize

                                                  321KB

                                                  MD5

                                                  d3901e62166e9c42864fe3062cb4d8d5

                                                  SHA1

                                                  c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                  SHA256

                                                  dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                  SHA512

                                                  ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                  Download Submit

                                                • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\254d8feb787ea7e0a70ef277d93a6236
                                                  Filesize

                                                  16KB

                                                  MD5

                                                  b2e89027a140a89b6e3eb4e504e93d96

                                                  SHA1

                                                  f3b1b34874b73ae3032decb97ef96a53a654228f

                                                  SHA256

                                                  5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                  SHA512

                                                  93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                  Filesize

                                                  727B

                                                  MD5

                                                  6498b81e536259e376affad98816dc4e

                                                  SHA1

                                                  4ce492a3d6b47b663ec9a111e6c9c600fe78d742

                                                  SHA256

                                                  4d59e8fd0e13f77745e95f28527c1fde5e9dc217c4eba4bc3d708d9311386b9c

                                                  SHA512

                                                  fdb75f84b07bd773895081d2e98bbd14efbcd052ec8746b297056ad728e4bbf01693499a19999c0a89b6b6abf63aa8a8c38637dc48c23665dcc4e391fe818903

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                  Filesize

                                                  412B

                                                  MD5

                                                  6a839a893d1f06f96e151d3aa9f595b3

                                                  SHA1

                                                  c3b0be06fd179b86255b126c0432102eecd7277b

                                                  SHA256

                                                  4ea477ed2c98d0f3c7f2bd2f6142ef8fd92141708d4808af5487be9fb6aa3865

                                                  SHA512

                                                  79a689b497b410bd94313bd0a60d42a2ec17d5a0c4577bf987bf995001f8f0e41a074e36aa3c3abc19a95d8c436677abdc47209a53b292ee1cccf5f7eae4ea71

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                  Filesize

                                                  651B

                                                  MD5

                                                  9bbfe11735bac43a2ed1be18d0655fe2

                                                  SHA1

                                                  61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                  SHA256

                                                  549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                  SHA512

                                                  a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                  Download Submit

                                                • C:\Windows\Installer\MSI3F73.tmp-\System.Management.dll
                                                  Filesize

                                                  60KB

                                                  MD5

                                                  878e361c41c05c0519bfc72c7d6e141c

                                                  SHA1

                                                  432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                  SHA256

                                                  24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                  SHA512

                                                  59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                  Download Submit

                                                • C:\Windows\Installer\MSI9B8E.tmp
                                                  Filesize

                                                  4.5MB

                                                  MD5

                                                  08211c29e0d617a579ffa2c41bde1317

                                                  SHA1

                                                  4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                  SHA256

                                                  3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                  SHA512

                                                  d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                  Download Submit

                                                • C:\Windows\Installer\MSIF23F.tmp
                                                  Filesize

                                                  509KB

                                                  MD5

                                                  88d29734f37bdcffd202eafcdd082f9d

                                                  SHA1

                                                  823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                  SHA256

                                                  87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                  SHA512

                                                  1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                  Download Submit

                                                • C:\Windows\Installer\MSIF23F.tmp-\AlphaControlAgentInstallation.dll
                                                  Filesize

                                                  25KB

                                                  MD5

                                                  aa1b9c5c685173fad2dabebeb3171f01

                                                  SHA1

                                                  ed756b1760e563ce888276ff248c734b7dd851fb

                                                  SHA256

                                                  e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                  SHA512

                                                  d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                  Download Submit

                                                • C:\Windows\Installer\MSIF23F.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                  Filesize

                                                  179KB

                                                  MD5

                                                  1a5caea6734fdd07caa514c3f3fb75da

                                                  SHA1

                                                  f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                  SHA256

                                                  cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                  SHA512

                                                  a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                  Download Submit

                                                • C:\Windows\Installer\MSIF4F0.tmp-\CustomAction.config
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  bc17e956cde8dd5425f2b2a68ed919f8

                                                  SHA1

                                                  5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                  SHA256

                                                  e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                  SHA512

                                                  02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                  Download Submit

                                                • C:\Windows\Installer\MSIF4F0.tmp-\Newtonsoft.Json.dll
                                                  Filesize

                                                  695KB

                                                  MD5

                                                  715a1fbee4665e99e859eda667fe8034

                                                  SHA1

                                                  e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                  SHA256

                                                  c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                  SHA512

                                                  bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                  Download Submit

                                                • C:\Windows\Installer\MSIFED6.tmp
                                                  Filesize

                                                  211KB

                                                  MD5

                                                  a3ae5d86ecf38db9427359ea37a5f646

                                                  SHA1

                                                  eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                  SHA256

                                                  c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                  SHA512

                                                  96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                  Download Submit

                                                • C:\Windows\Installer\e57f1c2.msi
                                                  Filesize

                                                  2.9MB

                                                  MD5

                                                  8b6b0ec93209591b6f987b27b150f803

                                                  SHA1

                                                  dd64e5c25c9237b6a52f68dcc6a5777c83c5fef3

                                                  SHA256

                                                  768eaad977f0e47869a05f653895ef1c14b3c83905a91e2b8dc56b718e056de6

                                                  SHA512

                                                  0e892754f982114ab1d99bef288123563543c1010289f312f9b9e8c3abd8845c907ef665dc60dd744b3c840fe11c4546c1bee5bcbebeb67469cda4e3409e0a39

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{19b913d8-be0f-b646-858e-293a74364430}\lci_iddcx.cat
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  62458e58313475c9a3642a392363e359

                                                  SHA1

                                                  e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                  SHA256

                                                  85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                  SHA512

                                                  49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{19b913d8-be0f-b646-858e-293a74364430}\lci_iddcx.inf
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  1cec22ca85e1b5a8615774fca59a420b

                                                  SHA1

                                                  049a651751ef38321a1088af6a47c4380f9293fc

                                                  SHA256

                                                  60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                  SHA512

                                                  0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{19b913d8-be0f-b646-858e-293a74364430}\x64\lci_iddcx.dll
                                                  Filesize

                                                  52KB

                                                  MD5

                                                  01e8bc64139d6b74467330b11331858d

                                                  SHA1

                                                  b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                  SHA256

                                                  148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                  SHA512

                                                  4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{2be15a43-1794-954f-9686-4affe3b04bf6}\lci_proxywddm.cat
                                                  Filesize

                                                  12KB

                                                  MD5

                                                  8e16d54f986dbe98812fd5ec04d434e8

                                                  SHA1

                                                  8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                  SHA256

                                                  7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                  SHA512

                                                  e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{2be15a43-1794-954f-9686-4affe3b04bf6}\lci_proxywddm.inf
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  0315a579f5afe989154cb7c6a6376b05

                                                  SHA1

                                                  e352ff670358cf71e0194918dfe47981e9ccbb88

                                                  SHA256

                                                  d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                  SHA512

                                                  c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{2be15a43-1794-954f-9686-4affe3b04bf6}\x64\lci_proxyumd.dll
                                                  Filesize

                                                  179KB

                                                  MD5

                                                  4dc11547a5fc28ca8f6965fa21573481

                                                  SHA1

                                                  d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                  SHA256

                                                  e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                  SHA512

                                                  bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{2be15a43-1794-954f-9686-4affe3b04bf6}\x64\lci_proxyumd32.dll
                                                  Filesize

                                                  135KB

                                                  MD5

                                                  67ae7b2c36c9c70086b9d41b4515b0a8

                                                  SHA1

                                                  ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                  SHA256

                                                  79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                  SHA512

                                                  4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                  Download Submit

                                                • C:\Windows\System32\DriverStore\Temp\{2be15a43-1794-954f-9686-4affe3b04bf6}\x64\lci_proxywddm.sys
                                                  Filesize

                                                  119KB

                                                  MD5

                                                  b9b0e9b4d93b18b99ece31a819d71d00

                                                  SHA1

                                                  2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                  SHA256

                                                  0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                  SHA512

                                                  465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                  Download Submit

                                                • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-10-58-09.dat
                                                  Filesize

                                                  602B

                                                  MD5

                                                  fa62e7a44378ee42c47a8f8a0caccbe6

                                                  SHA1

                                                  cc2b46ba4a7cc669a88349d15a766a02e597ea56

                                                  SHA256

                                                  f793c8772e5a61d5a08a2d80b03f3138023f82b950163121934b3ea84cc3cb4d

                                                  SHA512

                                                  51aab1b8e317a5581c191f4ca208276a7b57eea6dc0a129f90dc23a8c3015c1f5aaa3472683c852887c7bf369422dae2ee9e0b77fd82893e17997a9633d137bc

                                                  Download Submit

                                                • C:\Windows\Temp\InstallUtil.log
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  eeecccb9f709f38fc67faa5c28b79a54

                                                  SHA1

                                                  a751acb7f391b785e4472da20798dd1096a55df0

                                                  SHA256

                                                  e9b343136beaaf59f548bd005caddac7238592f0cef168b491a02101d674b004

                                                  SHA512

                                                  1282f4e84a6eb2e0a362ed1bf6c03dde6f69dbd0ff617686d927db7680dd098835016a7ac76c263e47fab65ea1919e5d370dd10901b1f8d470123fb2f59bfefd

                                                  Download Submit

                                                • C:\Windows\Temp\PreVer.log
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  f1d0ba1e06fc93ef7fbec7869b67e155

                                                  SHA1

                                                  3589893063eefe1d2b2da8dd47cf663cde197bfc

                                                  SHA256

                                                  a91e746a3d2479d30cc0b3b00f46be3b4f71f2da88029b44d6edec927819f267

                                                  SHA512

                                                  cb98ae1d898dfe4aa5186d3f99d06cbd16c54ddfb0c71624843768e19f57fff5462f71af7cad0b0f9a17608bb7be32d38626f0333add38993d7dfcab0ac556ba

                                                  Download Submit

                                                • C:\Windows\Temp\__PSScriptPolicyTest_o2fgfi1o.ayt.ps1
                                                  Filesize

                                                  60B

                                                  MD5

                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                  SHA1

                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                  SHA256

                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                  SHA512

                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                  Download Submit

                                                • C:\Windows\Temp\unpack.log
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  0b0c5cbecddacd6a4e46633b060d82b2

                                                  SHA1

                                                  d0a9553bba40edf4294ccddf49deae2c73948aba

                                                  SHA256

                                                  06d6024a1ee5e74002a79306a77866da9e0b275d1bc42e378ccc7bfce654be51

                                                  SHA512

                                                  45ba13d27556b316009460109de3a9f0f87aa33347e9ba3ab47f7caaa5871cf5176325c24855d09686e10d81e8906ebf35cea95fba3f0df21240aa5c0028f02f

                                                  Download Submit

                                                • C:\Windows\Temp\unpack.log
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  b57e518db25bb7b2261c6f952d917261

                                                  SHA1

                                                  47545dadfaff543811e7bd66d0caacc71bcd3ff2

                                                  SHA256

                                                  0ca8c92e63584c7456637fc04ffb94e5c407fc94b96671087398a3a88c470bc4

                                                  SHA512

                                                  260255c12170606344acf37cf0012a0a9474e255e94fce5d2034eb6f83ae09e77473601ad1631c3e332da3a5d8f1c2a443a8323d65c4efdb92ca7548923417f7

                                                  Download Submit

                                                • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                  Filesize

                                                  3.2MB

                                                  MD5

                                                  2c18826adf72365827f780b2a1d5ea75

                                                  SHA1

                                                  a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                  SHA256

                                                  ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                  SHA512

                                                  474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                  Download Submit

                                                • C:\Windows\Temp\{800EA637-A068-4781-BE23-24462D8AAEDF}\ISRT.dll
                                                  Filesize

                                                  427KB

                                                  MD5

                                                  85315ad538fa5af8162f1cd2fce1c99d

                                                  SHA1

                                                  31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                  SHA256

                                                  70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                  SHA512

                                                  877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                  Download Submit

                                                • C:\Windows\Temp\{800EA637-A068-4781-BE23-24462D8AAEDF}\_isres_0x0409.dll
                                                  Filesize

                                                  1.8MB

                                                  MD5

                                                  befe2ef369d12f83c72c5f2f7069dd87

                                                  SHA1

                                                  b89c7f6da1241ed98015dc347e70322832bcbe50

                                                  SHA256

                                                  9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                  SHA512

                                                  760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                  Download Submit

                                                • C:\Windows\Temp\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\IsConfig.ini
                                                  Filesize

                                                  571B

                                                  MD5

                                                  d239b8964e37974225ad69d78a0a8275

                                                  SHA1

                                                  cf208e98a6f11d1807cd84ca61504ad783471679

                                                  SHA256

                                                  0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                  SHA512

                                                  88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                  Download Submit

                                                • C:\Windows\Temp\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\String1033.txt
                                                  Filesize

                                                  182KB

                                                  MD5

                                                  99bbffd900115fe8672c73fb1a48a604

                                                  SHA1

                                                  8f587395fa6b954affef337c70781ce00913950e

                                                  SHA256

                                                  57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                  SHA512

                                                  d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                  Download Submit

                                                • C:\Windows\Temp\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\_is9111.exe
                                                  Filesize

                                                  179KB

                                                  MD5

                                                  7a1c100df8065815dc34c05abc0c13de

                                                  SHA1

                                                  3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                  SHA256

                                                  e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                  SHA512

                                                  bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                  Download Submit

                                                • C:\Windows\Temp\{E78EB0B5-9792-4D07-83C2-BFB0BAB08358}\setup.inx
                                                  Filesize

                                                  345KB

                                                  MD5

                                                  0376dd5b7e37985ea50e693dc212094c

                                                  SHA1

                                                  02859394164c33924907b85ab0aaddc628c31bf1

                                                  SHA256

                                                  c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                  SHA512

                                                  69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                  Download Submit

                                                • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                  Filesize

                                                  727B

                                                  MD5

                                                  1167bcb840f031161de408717b54bdce

                                                  SHA1

                                                  cc7efcf77db65f5192777492adf5b1b8968a1728

                                                  SHA256

                                                  9da91d23cdc033b7044075e32ae09312dfc7207fe3dbf537fd19703471d2f62b

                                                  SHA512

                                                  53e384e03b465b3f3aa8df7408fac93385434844cd57c34e89ffd4aff918fdb969a229a5d08f03805133c31fe209aae89b0e1c547157ff5550e1680e5716d1c7

                                                  Download Submit

                                                • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                  Filesize

                                                  727B

                                                  MD5

                                                  d39eae67869deeb84112085d89c9ed81

                                                  SHA1

                                                  2e96a6861bf3f56538522bb855f0cdc614e6bfb8

                                                  SHA256

                                                  34b726e85a86b363eab542888911a131e5bade3b5fab69ae747d4395f76c2462

                                                  SHA512

                                                  9d2348d0fdc1d50ee85be71f231c742ac0063145d0d57c88e0b5a62c13fd2c950be16b308a15f1fe7b699a2a54acff2cbe9a01562331656c0593b3caa2023490

                                                  Download Submit

                                                • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                                  Filesize

                                                  404B

                                                  MD5

                                                  b432b0e9affc260c6f7b4ca4f16f6388

                                                  SHA1

                                                  d43f841d4b621124262a2c847073386b80500d96

                                                  SHA256

                                                  83010d0822f4ca1179184b252e0d5b46c9b67e44bc79724f62499d2238bc0583

                                                  SHA512

                                                  e265bca756c1dc8580d49dc79c14c7e6a99a7f763e4a37792bfe8981baab16f068f41fd17e033ab2fc0b9f14546054b22cabceebebb4883d47deb65d25ba37b4

                                                  Download Submit

                                                • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                  Filesize

                                                  412B

                                                  MD5

                                                  df7956717f5871940ade6fcb77ffe76a

                                                  SHA1

                                                  b7fd956270fc37fcb38ea4ad2b33a2b23ff2571a

                                                  SHA256

                                                  25a665da2fdb1339290fb7cea9dadf5e33d7ee675bd738690034c4200802fb21

                                                  SHA512

                                                  e88c6a3855c2d3d95702a6351e2841c090ac4189cd90847744d8b78d254979d4d60a1ff8bf193e59a54b32d1bdea6d76772a137b2eeb12d7b0434537e0ddf654

                                                  Download Submit

                                                • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  9cad061ddf5ad182cfe7879190aeed71

                                                  SHA1

                                                  cfd292d16d937f95b642527464403b7e5ef6af96

                                                  SHA256

                                                  b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                  SHA512

                                                  df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                  Download Submit

                                                • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                  Filesize

                                                  24.1MB

                                                  MD5

                                                  abb8e546bab3374ec4b264b362bdb5b2

                                                  SHA1

                                                  28c1e811c067d38349229b5807e33b6e68d617cb

                                                  SHA256

                                                  98069fa6f3408388d1fb4baf06127728982007c939fcee16d865406f5748d35d

                                                  SHA512

                                                  73ac348a85bfdbe95a0d964314689fcb384a86763795e7b2ae2aa0b02441bda5ccd9a4ce300458d8b6d38c7d86a246c28b5255d3f1b8d5342fb9a5aff20c3058

                                                  Download Submit

                                                • \??\Volume{894f153a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a333bc52-3eb8-4f6e-b7c3-f3698722ae8d}_OnDiskSnapshotProp
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  c8659e904d284697df63e3589ca895bf

                                                  SHA1

                                                  bd7e22819928934ca8832be9a1b79a01c0a24546

                                                  SHA256

                                                  8722c1e12c12ab5df0f2613217a7c58ecc7318ba6d8bb17f2b90f033daf85cab

                                                  SHA512

                                                  f563b7a3fe8f82160f0e4c1518743680b69364da690df98f2399b43d8d6ad1405553f872ad71a4e8aee0e651dc4dc6c55c6332fde636e77a3bda2c2bf1cc7328

                                                  Download Submit

                                                • memory/412-1690-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/412-2424-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/412-2423-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/412-1218-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/412-1217-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/412-1693-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/1232-235-0x000002C1A67B0000-0x000002C1A67E8000-memory.dmp

                                                  Filesize

                                                  224KB

                                                  Download

                                                • memory/1232-192-0x000002C1A61B0000-0x000002C1A61D2000-memory.dmp

                                                  Filesize

                                                  136KB

                                                  Download

                                                • memory/1232-186-0x000002C1A6220000-0x000002C1A62D2000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/1352-357-0x000001B0320A0000-0x000001B0320EC000-memory.dmp

                                                  Filesize

                                                  304KB

                                                  Download

                                                • memory/1352-358-0x000001B04AA30000-0x000001B04AA78000-memory.dmp

                                                  Filesize

                                                  288KB

                                                  Download

                                                • memory/1352-360-0x000001B031B60000-0x000001B031B6A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/1352-356-0x000001B031B30000-0x000001B031B4C000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/1352-355-0x000001B032050000-0x000001B03209A000-memory.dmp

                                                  Filesize

                                                  296KB

                                                  Download

                                                • memory/1352-354-0x000001B031710000-0x000001B031778000-memory.dmp

                                                  Filesize

                                                  416KB

                                                  Download

                                                • memory/1352-359-0x000001B031B50000-0x000001B031B58000-memory.dmp

                                                  Filesize

                                                  32KB

                                                  Download

                                                • memory/1376-100-0x0000000004820000-0x0000000004886000-memory.dmp

                                                  Filesize

                                                  408KB

                                                  Download

                                                • memory/1472-1904-0x0000020E36F70000-0x0000020E36F82000-memory.dmp

                                                  Filesize

                                                  72KB

                                                  Download

                                                • memory/1860-264-0x000001F93BB10000-0x000001F93BB52000-memory.dmp

                                                  Filesize

                                                  264KB

                                                  Download

                                                • memory/1860-267-0x000001F954C60000-0x000001F954D10000-memory.dmp

                                                  Filesize

                                                  704KB

                                                  Download

                                                • memory/1860-269-0x000001F93C4C0000-0x000001F93C4DC000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/2108-1689-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/2108-1287-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/2108-1286-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/2108-1205-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/2108-1206-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/2108-1688-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/2108-2049-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/2108-2050-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/2108-2063-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/2108-2064-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/2108-2175-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/2108-2176-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/2536-480-0x00000187E2E20000-0x00000187E2E28000-memory.dmp

                                                  Filesize

                                                  32KB

                                                  Download

                                                • memory/2536-482-0x00000187FB680000-0x00000187FB6AA000-memory.dmp

                                                  Filesize

                                                  168KB

                                                  Download

                                                • memory/2536-451-0x00000187FB760000-0x00000187FB83C000-memory.dmp

                                                  Filesize

                                                  880KB

                                                  Download

                                                • memory/2536-483-0x00000187FB900000-0x00000187FB93A000-memory.dmp

                                                  Filesize

                                                  232KB

                                                  Download

                                                • memory/2536-471-0x00000187FB840000-0x00000187FB8F2000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/2536-474-0x00000187E2CB0000-0x00000187E2CB8000-memory.dmp

                                                  Filesize

                                                  32KB

                                                  Download

                                                • memory/2536-475-0x00000187E2CC0000-0x00000187E2CC8000-memory.dmp

                                                  Filesize

                                                  32KB

                                                  Download

                                                • memory/2536-484-0x00000187FB6B0000-0x00000187FB6D6000-memory.dmp

                                                  Filesize

                                                  152KB

                                                  Download

                                                • memory/2536-481-0x00000187FB6F0000-0x00000187FB758000-memory.dmp

                                                  Filesize

                                                  416KB

                                                  Download

                                                • memory/3900-1295-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/3900-1289-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/3900-1294-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/3900-1288-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4060-70-0x0000000004E40000-0x0000000005194000-memory.dmp

                                                  Filesize

                                                  3.3MB

                                                  Download

                                                • memory/4060-69-0x0000000004D00000-0x0000000004D22000-memory.dmp

                                                  Filesize

                                                  136KB

                                                  Download

                                                • memory/4060-66-0x0000000004D80000-0x0000000004E32000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/4080-29-0x00000000028C0000-0x00000000028EE000-memory.dmp

                                                  Filesize

                                                  184KB

                                                  Download

                                                • memory/4080-33-0x0000000004C50000-0x0000000004C5C000-memory.dmp

                                                  Filesize

                                                  48KB

                                                  Download

                                                • memory/4308-1859-0x00000271F2D00000-0x00000271F2D54000-memory.dmp

                                                  Filesize

                                                  336KB

                                                  Download

                                                • memory/4308-1711-0x00000271F2D60000-0x00000271F2E12000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/4308-1674-0x00000271D9BD0000-0x00000271D9BE2000-memory.dmp

                                                  Filesize

                                                  72KB

                                                  Download

                                                • memory/4308-1686-0x00000271DA530000-0x00000271DA54C000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/4344-216-0x0000000005550000-0x00000000058A4000-memory.dmp

                                                  Filesize

                                                  3.3MB

                                                  Download

                                                • memory/4376-309-0x0000025AA9880000-0x0000025AA9896000-memory.dmp

                                                  Filesize

                                                  88KB

                                                  Download

                                                • memory/4376-310-0x0000025AAA360000-0x0000025AAA412000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/4376-311-0x0000025AA9D30000-0x0000025AA9D4C000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/4564-1107-0x0000000010000000-0x0000000010114000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4564-1070-0x0000000010000000-0x0000000010114000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4564-541-0x0000000010000000-0x0000000010114000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4564-544-0x0000000003690000-0x0000000003857000-memory.dmp

                                                  Filesize

                                                  1.8MB

                                                  Download

                                                • memory/4564-575-0x0000000010000000-0x0000000010114000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4564-963-0x0000000010000000-0x0000000010114000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4564-1145-0x0000000010000000-0x0000000010114000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4564-966-0x00000000036D0000-0x0000000003897000-memory.dmp

                                                  Filesize

                                                  1.8MB

                                                  Download

                                                • memory/4868-2421-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4868-2072-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/4868-1608-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4868-1609-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/4868-2071-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4868-1216-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/4868-1215-0x00000000730A0000-0x00000000731BC000-memory.dmp

                                                  Filesize

                                                  1.1MB

                                                  Download

                                                • memory/4868-2422-0x0000000072CD0000-0x000000007309D000-memory.dmp

                                                  Filesize

                                                  3.8MB

                                                  Download

                                                • memory/5068-150-0x0000021D1BBC0000-0x0000021D1BC58000-memory.dmp

                                                  Filesize

                                                  608KB

                                                  Download

                                                • memory/5068-138-0x0000021D19F70000-0x0000021D19F98000-memory.dmp

                                                  Filesize

                                                  160KB

                                                  Download

                                                • memory/5068-154-0x0000021D1BB30000-0x0000021D1BB42000-memory.dmp

                                                  Filesize

                                                  72KB

                                                  Download

                                                • memory/5068-155-0x0000021D1BC60000-0x0000021D1BC9C000-memory.dmp

                                                  Filesize

                                                  240KB

                                                  Download

                                                • memory/5136-1617-0x000002AFCDA00000-0x000002AFCDA62000-memory.dmp

                                                  Filesize

                                                  392KB

                                                  Download

                                                • memory/5136-1607-0x000002AFB4990000-0x000002AFB499A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/5136-1615-0x000002AFCD940000-0x000002AFCD9F2000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/5136-1605-0x000002AFB4E90000-0x000002AFB4EA8000-memory.dmp

                                                  Filesize

                                                  96KB

                                                  Download

                                                • memory/5136-1611-0x000002AFB4F40000-0x000002AFB4F8A000-memory.dmp

                                                  Filesize

                                                  296KB

                                                  Download

                                                • memory/5136-1600-0x000002AFB4590000-0x000002AFB45C4000-memory.dmp

                                                  Filesize

                                                  208KB

                                                  Download

                                                • memory/5136-1602-0x000002AFB4E40000-0x000002AFB4E8A000-memory.dmp

                                                  Filesize

                                                  296KB

                                                  Download

                                                • memory/5136-1616-0x000002AFCDAE0000-0x000002AFCDBBC000-memory.dmp

                                                  Filesize

                                                  880KB

                                                  Download

                                                • memory/5136-1604-0x000002AFB4970000-0x000002AFB498C000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/5136-1618-0x000002AFCD890000-0x000002AFCD8AC000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/5160-1395-0x000001F073130000-0x000001F07314C000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/5160-1419-0x000001F073CA0000-0x000001F073D7C000-memory.dmp

                                                  Filesize

                                                  880KB

                                                  Download

                                                • memory/5160-1392-0x000001F073990000-0x000001F0739DA000-memory.dmp

                                                  Filesize

                                                  296KB

                                                  Download

                                                • memory/5160-1390-0x000001F0728F0000-0x000001F072900000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/5160-1423-0x000001F073BC0000-0x000001F073C72000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/5160-1428-0x000001F073150000-0x000001F073158000-memory.dmp

                                                  Filesize

                                                  32KB

                                                  Download

                                                • memory/5316-1858-0x000001FAF9D00000-0x000001FAF9D4A000-memory.dmp

                                                  Filesize

                                                  296KB

                                                  Download

                                                • memory/5316-1857-0x000001FAF8C50000-0x000001FAF8C5C000-memory.dmp

                                                  Filesize

                                                  48KB

                                                  Download

                                                • memory/5316-1873-0x000001FAF9100000-0x000001FAF911C000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/5332-1420-0x0000017C03D70000-0x0000017C03DAA000-memory.dmp

                                                  Filesize

                                                  232KB

                                                  Download

                                                • memory/5332-1424-0x0000017C1CF90000-0x0000017C1D042000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/5332-1425-0x0000017C04790000-0x0000017C047AC000-memory.dmp

                                                  Filesize

                                                  112KB

                                                  Download

                                                • memory/5332-1622-0x0000017C1D290000-0x0000017C1D2B8000-memory.dmp

                                                  Filesize

                                                  160KB

                                                  Download

                                                • memory/5332-1619-0x0000017C1D090000-0x0000017C1D0A0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/5332-1429-0x0000017C1D0A0000-0x0000017C1D0E8000-memory.dmp

                                                  Filesize

                                                  288KB

                                                  Download

                                                • memory/6060-1601-0x00000133CCB60000-0x00000133CCB80000-memory.dmp

                                                  Filesize

                                                  128KB

                                                  Download

                                                • memory/6060-1612-0x00000133CCBA0000-0x00000133CCBB4000-memory.dmp

                                                  Filesize

                                                  80KB

                                                  Download

                                                • memory/6060-1599-0x00000133CC330000-0x00000133CC340000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/6060-1610-0x00000133CCD50000-0x00000133CCDB6000-memory.dmp

                                                  Filesize

                                                  408KB

                                                  Download

                                                • memory/6060-1603-0x00000133E5560000-0x00000133E5612000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/6096-1905-0x0000020E71FA0000-0x0000020E724C8000-memory.dmp

                                                  Filesize

                                                  5.2MB

                                                  Download

                                                • memory/6096-1856-0x0000020E71820000-0x0000020E718D2000-memory.dmp

                                                  Filesize

                                                  712KB

                                                  Download

                                                • memory/6096-1849-0x0000020E706D0000-0x0000020E706DA000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/6096-1850-0x0000020E70F00000-0x0000020E70F1A000-memory.dmp

                                                  Filesize

                                                  104KB

                                                  Download