Overview

overview

10

Static

static

10

768eaad977...e6.msi

windows7-x64

10

768eaad977...e6.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/02/2025, 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    768eaad977f0e47869a05f653895ef1c14b3c83905a91e2b8dc56b718e056de6.msi

  • Size

    2.9MB

  • MD5

    8b6b0ec93209591b6f987b27b150f803

  • SHA1

    dd64e5c25c9237b6a52f68dcc6a5777c83c5fef3

  • SHA256

    768eaad977f0e47869a05f653895ef1c14b3c83905a91e2b8dc56b718e056de6

  • SHA512

    0e892754f982114ab1d99bef288123563543c1010289f312f9b9e8c3abd8845c907ef665dc60dd744b3c840fe11c4546c1bee5bcbebeb67469cda4e3409e0a39

  • SSDEEP

    49152:++1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:++lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 42 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 16 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 54 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • System Time Discovery 1 TTPs 9 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 11 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\768eaad977f0e47869a05f653895ef1c14b3c83905a91e2b8dc56b718e056de6.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:404
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:224
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2596
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CA3653D55BB4827E9FE371869506B37C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1572
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIE0CB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240640328 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4436
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIE35C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240640859 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4032
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIE87D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240642187 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3656
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIF9D8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240646625 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:5092
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding D5F493BC74091495B9BC7E07A1C17E7A E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3352
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:636
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4280
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QMzFeIAL" /AgentId="7f6f771d-3e40-4000-ade6-197351299c01"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:4060
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 4CB2E08384740954FC7642573A3A2490 E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      PID:4932
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10760964-B94B-4577-8188-D5A2BB4F8984}
        3⤵
        • Executes dropped EXE
        PID:3176
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{23A91C4E-2922-4F70-B090-D60495B1B623}
        3⤵
        • Executes dropped EXE
        PID:4944
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D6DCDFE-22AA-4FC1-A912-7DC39892AAD6}
        3⤵
        • Executes dropped EXE
        PID:4688
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E2E094D3-5197-4D04-9D9B-2568C834536E}
        3⤵
        • Executes dropped EXE
        PID:404
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C1DAFB1A-D90A-4862-B4B1-A5CBF1BC2A6F}
        3⤵
        • Executes dropped EXE
        PID:5052
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D839A30B-08BC-4175-BFB8-77DD11ADA524}
        3⤵
        • Executes dropped EXE
        PID:4852
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{22384364-7485-4D75-96B5-28172A732061}
        3⤵
        • Executes dropped EXE
        PID:3128
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{91C59D85-553B-4FB1-9BD6-E7372EFAB157}
        3⤵
        • Executes dropped EXE
        PID:3336
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8BAE14E1-4D2A-4AC2-A6EF-A76F1B6BE2B7}
        3⤵
        • Executes dropped EXE
        PID:2836
      • C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe
        C:\Windows\TEMP\{6807C799-E84C-4500-A577-FD16D998E4F5}\_is7673.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{22511CCD-5838-41A4-8D7F-4EF15658A85B}
        3⤵
        • Executes dropped EXE
        PID:4016
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4196
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4804
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3700
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:208
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3836
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4712
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:388
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4192
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4884
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4572
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1312
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5028
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3620
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4824
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4712
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4016
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:924
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4824
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1048
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:604
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D4CBBD8-A1BF-43A5-82FB-C73C8D23E216}
        3⤵
        • Executes dropped EXE
        PID:3236
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E81DD3A1-CA49-49E8-B5A9-C7D915B0B92F}
        3⤵
        • Executes dropped EXE
        PID:4572
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FF5B6E72-889C-4060-A735-F7DEF067046A}
        3⤵
        • Executes dropped EXE
        PID:3888
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C2C04E63-1D48-4992-9ECB-07B2F08FC9AE}
        3⤵
        • Executes dropped EXE
        PID:3336
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5448F551-BD73-4C5A-9057-A7F4E2639CC6}
        3⤵
        • Executes dropped EXE
        PID:1772
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9ECF325E-A1AC-4791-B00B-CE5218354321}
        3⤵
        • Executes dropped EXE
        PID:4016
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54F32C2A-7598-4591-8D94-1215DEAE4A00}
        3⤵
        • Executes dropped EXE
        PID:2724
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D98B182-FD72-4135-AB24-B8A83C3041DB}
        3⤵
        • Executes dropped EXE
        PID:3224
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8D1A004A-5BC9-47BE-B00F-6FF255DC8806}
        3⤵
        • Executes dropped EXE
        PID:528
      • C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
        C:\Windows\TEMP\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4ACC348F-DA1D-49FA-BBE3-0DF58C504B1E}
        3⤵
        • Executes dropped EXE
        PID:4072
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1DE0495E-E617-4E4B-97C7-AF0DFA265097}
        3⤵
        • Executes dropped EXE
        PID:4928
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D621FB25-629E-4ADE-B9BD-A10CF1AFCE68}
        3⤵
        • Executes dropped EXE
        PID:4916
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AF5A23C8-42FC-416C-989B-E708278121D5}
        3⤵
        • Executes dropped EXE
        PID:2724
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{95A504AB-74B7-42E3-B854-49E5B9E95D40}
        3⤵
        • Executes dropped EXE
        PID:5116
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EA131376-D2E7-478A-B262-D941A2D75711}
        3⤵
        • Executes dropped EXE
        PID:3236
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{96E59024-0D49-4AF4-B139-6179AE09D966}
        3⤵
        • Executes dropped EXE
        PID:744
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A5F5A68-51D7-4F74-9894-C459A884D658}
        3⤵
        • Executes dropped EXE
        PID:3896
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B05A9785-4B20-4B42-A61F-32DFA781EED1}
        3⤵
        • Executes dropped EXE
        PID:4912
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C4889CFD-AA72-4E7C-9BF4-8F17B45B5B1F}
        3⤵
        • Executes dropped EXE
        PID:528
      • C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe
        C:\Windows\TEMP\{B18F124C-7169-4E63-8201-FC5E8D31DC8E}\_is9BA1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0002B189-3D6F-4F29-8767-BFB38F1F3F26}
        3⤵
        • Executes dropped EXE
        PID:2724
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1680
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4524
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:1060
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:1912
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:5028
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:2468
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5DF9BAC1-3E11-4BEE-A78A-95E540A9169D}
            3⤵
            • Executes dropped EXE
            PID:4928
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{16A7DED2-4B56-4098-AB77-8F9CF70B94F6}
            3⤵
            • Executes dropped EXE
            PID:4824
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A84C1401-72B4-4951-9C4D-D15F1055C685}
            3⤵
            • Executes dropped EXE
            PID:3932
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{972C884C-42F5-41D1-A273-7FF417A8E694}
            3⤵
            • Executes dropped EXE
            PID:4696
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{62F37031-67C3-449D-9E36-5782C269C77C}
            3⤵
            • Executes dropped EXE
            PID:528
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{967B627F-7FB6-40B2-9CED-059DE6F80289}
            3⤵
            • Executes dropped EXE
            PID:4912
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9AC49601-6661-499B-B5D9-0393C4916F30}
            3⤵
            • Executes dropped EXE
            PID:4896
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{51BD4C34-A78C-4B53-8E9F-9A1C6612FFF9}
            3⤵
            • Executes dropped EXE
            PID:1772
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2A84CE87-F2F4-49EF-9CC2-0BAE6A1725B2}
            3⤵
            • Executes dropped EXE
            PID:2416
          • C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe
            C:\Windows\TEMP\{AD7B0797-4BAF-4AF2-A7A9-AD7905F49F69}\_isAD46.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{332DD3B6-7A27-46E9-8CDB-2A342DC6A8FA}
            3⤵
            • Executes dropped EXE
            PID:1400
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:2216
            • C:\Windows\System32\Conhost.exe
              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              4⤵
                PID:5028
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0C040F16-B2BC-4B9B-AAF4-C02DB9DF448F}
              3⤵
              • Executes dropped EXE
              PID:676
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3BD38E8D-5B8D-41E8-A739-0978EDD5E65F}
              3⤵
              • Executes dropped EXE
              PID:2932
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A078A314-39C9-4FED-9E3F-20961BC570C3}
              3⤵
              • Executes dropped EXE
              PID:4116
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3A8437AA-04D7-464A-A75E-BF63141CA112}
              3⤵
              • Executes dropped EXE
              PID:4568
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B392E0B8-2596-46D2-8485-1741F05A1098}
              3⤵
              • Executes dropped EXE
              PID:528
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49586800-D766-474D-9852-AFCF87CDB88D}
              3⤵
              • Executes dropped EXE
              PID:3876
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C12D0D67-91DF-4EFC-A370-74997C945957}
              3⤵
              • Executes dropped EXE
              PID:552
            • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
              C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6315A3E-2816-4355-8977-13E0F9E18540}
              3⤵
                PID:2616
              • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
                C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA3D6392-D94B-48FE-932F-8F17ADB7DDF1}
                3⤵
                  PID:5028
                • C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe
                  C:\Windows\TEMP\{39116068-5942-43C7-B188-B3CE76E6C660}\_isB055.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2010A128-5F17-4E09-8908-85C1DCE98A71}
                  3⤵
                    PID:2192
                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                    3⤵
                    • System Location Discovery: System Language Discovery
                    PID:528
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 97E9B33410AF0549433CF33A77911083 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:5256
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 182DF88759B8F8A22517A7BF01F89FAF E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:4948
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding B9142F58DB61627A2266DD52E867C8CA E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:3588
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                • Checks SCSI registry key(s)
                • Suspicious use of AdjustPrivilegeToken
                PID:444
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in System32 directory
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Modifies system certificate store
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:3148
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:4452
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "f7569b42-0d99-4190-81cb-5e410a4c5345" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QMzFeIAL
                  2⤵
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2620
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "c9894e65-5d50-4490-8a82-4000b422de1f" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QMzFeIAL
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4488
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "a85755d5-952f-46c1-901b-94143cf322f6" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000QMzFeIAL
                  2⤵
                  • Executes dropped EXE
                  PID:2836
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "903ca61b-a0ad-4b9a-9539-55893519d7db" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000QMzFeIAL
                  2⤵
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:3392
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                    3⤵
                    • Drops file in System32 directory
                    • Command and Scripting Interpreter: PowerShell
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2080
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:1876
                    • C:\Windows\system32\cscript.exe
                      cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      4⤵
                      • Modifies data under HKEY_USERS
                      PID:1564
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "500aa2d0-8edf-45bd-ba66-bd134f3cd3fa" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000QMzFeIAL
                  2⤵
                  • Downloads MZ/PE file
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:4632
                  • C:\Windows\TEMP\SplashtopStreamer.exe
                    "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    3⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Modifies data under HKEY_USERS
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    PID:1900
                    • C:\Windows\Temp\unpack\PreVerCheck.exe
                      "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      4⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:3520
                      • C:\Windows\SysWOW64\msiexec.exe
                        msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:1624
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "8a22baa1-620f-4f59-89a2-c42f5e06fe3d" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000QMzFeIAL
                  2⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1128
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:812
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:4696
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "8a22baa1-620f-4f59-89a2-c42f5e06fe3d" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000QMzFeIAL
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:4764
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "43a217cd-c6ed-4cef-948e-0f2de14229cc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000QMzFeIAL
                  2⤵
                  • Modifies data under HKEY_USERS
                  PID:4960
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                    3⤵
                    • Drops file in System32 directory
                    • Command and Scripting Interpreter: PowerShell
                    • Modifies data under HKEY_USERS
                    PID:5976
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                      PID:4884
                      • C:\Windows\system32\cscript.exe
                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        4⤵
                        • Modifies data under HKEY_USERS
                        PID:3440
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "3cc40331-f97e-4fd1-80fd-62e4e3243637" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000QMzFeIAL
                    2⤵
                    • Writes to the Master Boot Record (MBR)
                    • Drops file in Program Files directory
                    • Loads dropped DLL
                    PID:2192
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "1cc2cfe7-ae2b-4fd8-b36b-dba1b2b8ec63" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QMzFeIAL
                    2⤵
                    • Drops file in System32 directory
                    • Modifies data under HKEY_USERS
                    PID:5324
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "7b750aa0-8d92-4694-8378-c92f63b4db8d" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000QMzFeIAL
                    2⤵
                    • Drops file in System32 directory
                    • Modifies registry class
                    PID:5464
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "f8d187bc-4d41-445f-b93d-21621985412d" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000QMzFeIAL
                    2⤵
                    • Drops file in System32 directory
                    PID:5820
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "ef14a44c-f778-4336-bef3-c8cc4a539928" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000QMzFeIAL
                    2⤵
                      PID:5428
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "f36c1b34-0475-43a4-8f40-611dc3923496" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000QMzFeIAL
                      2⤵
                        PID:5668
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "6515d9ed-fdb2-4f78-b2d9-5554c67ef85a" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMn0ifQ==" 001Q300000QMzFeIAL
                        2⤵
                          PID:5696
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "bb11a1dd-b1cf-43f0-b092-2592cd921084" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000QMzFeIAL
                          2⤵
                            PID:5740
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "ad3c1176-b9d5-4d3b-a9ce-843e50d75e0d" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000QMzFeIAL
                            2⤵
                            • Drops file in System32 directory
                            PID:5904
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "350b7338-cd6e-4577-8d47-383527f0a7a5" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiIifQ==" 001Q300000QMzFeIAL
                            2⤵
                            • Drops file in System32 directory
                            PID:5232
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "943f94e2-03d4-4b50-81ba-5fc3176d7131" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000QMzFeIAL
                            2⤵
                            • Drops file in System32 directory
                            PID:5244
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "02eb030b-1a8e-47c1-bd36-20b269e7deb5" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000QMzFeIAL
                            2⤵
                            • Downloads MZ/PE file
                            • Drops file in System32 directory
                            PID:5664
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:5880
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:6140
                            • C:\Program Files\dotnet\dotnet.exe
                              "C:\Program Files\dotnet\dotnet" --list-runtimes
                              3⤵
                              • System Time Discovery
                              PID:396
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:1576
                              • C:\Windows\Temp\{BFDDBE89-83E4-4B5E-B9DF-3A43F08589CA}\.cr\8-0-11.exe
                                "C:\Windows\Temp\{BFDDBE89-83E4-4B5E-B9DF-3A43F08589CA}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=720 -burn.filehandle.self=724 /repair /quiet /norestart
                                4⤵
                                • System Location Discovery: System Language Discovery
                                • System Time Discovery
                                • Modifies data under HKEY_USERS
                                PID:5928
                                • C:\Windows\Temp\{6FB8D03F-5E50-42C1-B8AD-EB65CF8F2809}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                  "C:\Windows\Temp\{6FB8D03F-5E50-42C1-B8AD-EB65CF8F2809}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{AF6DB6B1-BF38-4184-A642-409A1358C52F} {E9FF1B8E-758A-4481-9EFF-112C0A7DCC7B} 5928
                                  5⤵
                                  • Adds Run key to start application
                                  • System Location Discovery: System Language Discovery
                                  • System Time Discovery
                                  • Modifies registry class
                                  PID:5492
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:5272
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5472
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:4960
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:4316
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "11bcd3c8-1863-4bdb-b682-3c5bbec1fa6e" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000QMzFeIAL
                            2⤵
                              PID:5648
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "cf9e3f25-c691-411e-9496-789932530614" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000QMzFeIAL
                              2⤵
                              • Modifies data under HKEY_USERS
                              PID:5420
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=2914c3a354f11ff3ae93f45deba3fb0f&rmm_session_pwd_ttl=86400"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                PID:4524
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "1cc2cfe7-ae2b-4fd8-b36b-dba1b2b8ec63" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QMzFeIAL
                              2⤵
                              • Modifies data under HKEY_USERS
                              PID:5092
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 7f6f771d-3e40-4000-ade6-197351299c01 "1cc2cfe7-ae2b-4fd8-b36b-dba1b2b8ec63" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QMzFeIAL
                              2⤵
                                PID:3180
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDBDNDM0NzEtQjMzRC00NDkxLTg2RkYtQzc0M0MwQUM5NUNDfSIgdXNlcmlkPSJ7OEU2QkM5RkMtQjlCMC00NDY3LUE2NEYtNEZEODQzNjMxQzE5fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDY0QTRBMjgtMDlFMy00RTNELUI2QzktMDk1NUM4NDQyM0JFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzY5ODIwODA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                              1⤵
                              • System Location Discovery: System Language Discovery
                              • System Network Configuration Discovery: Internet Connection Discovery
                              PID:3128
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                              1⤵
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1560
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                2⤵
                                • Drops file in System32 directory
                                • Loads dropped DLL
                                • System Location Discovery: System Language Discovery
                                • Modifies data under HKEY_USERS
                                PID:2836
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                  -h -t
                                  3⤵
                                  • Loads dropped DLL
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5860
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:6124
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                    4⤵
                                      PID:924
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of SetWindowsHookEx
                                    PID:4092
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:5784
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                      SRUtility.exe -r
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:5752

                              Network

                              MITRE ATT&CK Enterprise v15

                              Reconnaissance

                              Resource Development

                              Initial Access

                              Execution

                              Command and Scripting Interpreter

                              1
                              T1059

                              PowerShell

                              1
                              T1059.001

                              Persistence

                              Boot or Logon Autostart Execution

                              1
                              T1547

                              Registry Run Keys / Startup Folder

                              1
                              T1547.001

                              Event Triggered Execution

                              2
                              T1546

                              Component Object Model Hijacking

                              1
                              T1546.015

                              Installer Packages

                              1
                              T1546.016

                              Pre-OS Boot

                              1
                              T1542

                              Bootkit

                              1
                              T1542.003

                              Privilege Escalation

                              Boot or Logon Autostart Execution

                              1
                              T1547

                              Registry Run Keys / Startup Folder

                              1
                              T1547.001

                              Event Triggered Execution

                              2
                              T1546

                              Component Object Model Hijacking

                              1
                              T1546.015

                              Installer Packages

                              1
                              T1546.016

                              Defense Evasion

                              Modify Registry

                              2
                              T1112

                              Pre-OS Boot

                              1
                              T1542

                              Bootkit

                              1
                              T1542.003

                              Subvert Trust Controls

                              1
                              T1553

                              Install Root Certificate

                              1
                              T1553.004

                              System Binary Proxy Execution

                              1
                              T1218

                              Msiexec

                              1
                              T1218.007

                              Credential Access

                              Discovery

                              Peripheral Device Discovery

                              2
                              T1120

                              Query Registry

                              4
                              T1012

                              System Information Discovery

                              3
                              T1082

                              System Location Discovery

                              1
                              T1614

                              System Language Discovery

                              1
                              T1614.001

                              System Network Configuration Discovery

                              1
                              T1016

                              Internet Connection Discovery

                              1
                              T1016.001

                              System Time Discovery

                              1
                              T1124

                              Lateral Movement

                              Collection

                              Command and Control

                              Exfiltration

                              Impact

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Config.Msi\e57e02f.rbs
                                Filesize

                                8KB

                                MD5

                                ef46cc32c3e92db4ff6968593485dd58

                                SHA1

                                d1184a5dcbf9684c5146354d7ef3fd9bb4d6c155

                                SHA256

                                1e96047f2cec5fbbb506e23b15c3312d9e0273a06e1dfc4f4cd33b55b833f8ec

                                SHA512

                                8176c115fc2d9544ee8880e4fc2a26c8a44b7dffa35d8fe0443b810c74743b6a7576362c4cd256b083bf2827427cfc6ed1f12faffaa84941c654ef8cc384959a

                                Download Submit

                              • C:\Config.Msi\e57e034.rbs
                                Filesize

                                74KB

                                MD5

                                0bb6b1a7183b20ce6e037b5ec7e7e2a4

                                SHA1

                                dc1c62634b9958f51b7bdd2345f30d1d9f451b34

                                SHA256

                                c33cbc28ff591a4c7a0f4984db43c11f9806629188ef16aa4de47b60e87a33a8

                                SHA512

                                89d98d39ece15551408566f110efeb63bc36f0f3cdfbef4fb4440aa5bd7b5aa33ae12451d812c7df9f1013d9ee1889b3ea7198a2dfb79c0ac9354df7901ce8b9

                                Download Submit

                              • C:\Config.Msi\e57e036.rbs
                                Filesize

                                464B

                                MD5

                                7c217512491babaa0edb04c887b09b94

                                SHA1

                                a2c8655543fd87930305227f3eb2b1f7cffda1f3

                                SHA256

                                b0d7dc9875e60cf4686608198c4f3e2f8e32c911faad36bbe8434f17ce967cbb

                                SHA512

                                1e2b046e36872454cc681a67a666d565da92acd792057a9e130bf4c93250a76fe466f5d8cfe8f68ee8a2e6131f7c9313b32fed3ee4672a04982ef319a8765105

                                Download Submit

                              • C:\Config.Msi\e57e03a.rbs
                                Filesize

                                48KB

                                MD5

                                0984bf62509efa9ad0549419577ec858

                                SHA1

                                104588a0f087e2045e5e0d83789e14b26cb962c2

                                SHA256

                                7ccd62754c472b3adb7ef4ac2ce3ed381e8eea9fb9e60d91a64cccc7da2a6a01

                                SHA512

                                20818bd58cf981f367eda80d2564caaeea513e61b875820697965fccb3767f8ad5a9388fe6914c5579b9af882ae41fa648e798fe9197900ec9229510140cdfc4

                                Download Submit

                              • C:\Config.Msi\e57e03f.rbs
                                Filesize

                                9KB

                                MD5

                                b917f6134982f8cbc5e9fc3b9e19a3bd

                                SHA1

                                0fd871ecf95b12ad4786edb009d83e6fa6782f75

                                SHA256

                                7fa1bc9cbc926691b6e15791c2b2809a39fdb1b7f2a386218ec8c2d26f9bad56

                                SHA512

                                cc3a04935b99416aa64aa2d3a6e500d8556b9310ac0d82dc15b69dea57315ce86f947af497d35102365f49912d30bb003df36907dea1b6e72e355b4c97fe4478

                                Download Submit

                              • C:\Config.Msi\e57e044.rbs
                                Filesize

                                11KB

                                MD5

                                384c0ccf798f6b3df9bda54a85d896b8

                                SHA1

                                710dc16dfb96e5cdb248b5934e7d8ffb50ffe8e2

                                SHA256

                                605565bb35094cedd10a35b937040429077c64259b422858377dda93fab9e6ca

                                SHA512

                                ad4222093db7c9e1a76bdc0a14e62197589825f87b7bf3bed4ffe3ec6a5ebf89d907b1c9bcacfdb55208742172196783f90283d8f04389dbbefecaa6c3c1d456

                                Download Submit

                              • C:\Config.Msi\e57e049.rbs
                                Filesize

                                8KB

                                MD5

                                d83bd49bc63cf59aa8b369204a3fa06f

                                SHA1

                                42d1b240b5e1133cfaab97924a684c321d3ebb2f

                                SHA256

                                97a33327bea0c664f683023acbbd9f1ca98a0c7417f9628dd50f513d076a0122

                                SHA512

                                94115a83dbf2e64326ef6a60b82549da8cd1536b830dc8816f15ea0a34e06641d29e31ed773c04ae47780031fe2de912a204448401209aac39b5eb78e574743d

                                Download Submit

                              • C:\Config.Msi\e57e04a.rbf
                                Filesize

                                143KB

                                MD5

                                33b4c87f18b4c49114d7a8980241657a

                                SHA1

                                254c67b915e45ad8584434a4af5e06ca730baa3b

                                SHA256

                                587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                SHA512

                                42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                Download Submit

                              • C:\Config.Msi\e57e04b.rbf
                                Filesize

                                3B

                                MD5

                                21438ef4b9ad4fc266b6129a2f60de29

                                SHA1

                                5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                SHA256

                                13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                SHA512

                                37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                Filesize

                                142KB

                                MD5

                                477293f80461713d51a98a24023d45e8

                                SHA1

                                e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                SHA256

                                a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                SHA512

                                23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                Filesize

                                1KB

                                MD5

                                b3bb71f9bb4de4236c26578a8fae2dcd

                                SHA1

                                1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                SHA256

                                e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                SHA512

                                fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                Filesize

                                210KB

                                MD5

                                c106df1b5b43af3b937ace19d92b42f3

                                SHA1

                                7670fc4b6369e3fb705200050618acaa5213637f

                                SHA256

                                2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                SHA512

                                616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                Filesize

                                693KB

                                MD5

                                2c4d25b7fbd1adfd4471052fa482af72

                                SHA1

                                fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                SHA256

                                2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                SHA512

                                f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                Filesize

                                146KB

                                MD5

                                8d477b63bc5a56ae15314bda8dea7a3a

                                SHA1

                                3ca390584cd3e11172a014784e4c968e7cbb18f5

                                SHA256

                                9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                SHA512

                                44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                Filesize

                                145KB

                                MD5

                                84a9f9fe8ceceea17c1e22c5afcdf65a

                                SHA1

                                4f2c2bfeb2273eae55f7ba738962de1c6f5717f0

                                SHA256

                                0e4d4c1ce8faad3c60b5fbe10f31ab2288305eefd47531f5dd785a4a294bf099

                                SHA512

                                a9a9f6b4c66864eca64eb92e961ce8d87e2bd68eb257d885f7d6b37980c8512e348e8c7741b792971dce5743a2fe4cf020378b7a4aff2df1ba441c82cf3d6947

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                Filesize

                                145KB

                                MD5

                                2b9beb2fdbc41afc48d68d32ef41dd08

                                SHA1

                                4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                SHA256

                                977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                SHA512

                                3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                Filesize

                                51KB

                                MD5

                                3180c705182447f4bcc7ce8e2820b25d

                                SHA1

                                ad6486557819a33d3f29b18d92b43b11707aae6e

                                SHA256

                                5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                SHA512

                                228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                Filesize

                                12B

                                MD5

                                1e065e191e89cc811ff49c96fa8fa5e6

                                SHA1

                                bc50ff2a20a8b83683583684fcac640a91689ed4

                                SHA256

                                d88faf6d47342587ea5fbcaf2ef88fb403f7fcdc08fcab67d4f4f381c237a61e

                                SHA512

                                5a710e168316c30ca10f7b126e870621f46cca6200e206a9984d144abd11fea045bc475599b18597bbed1e4f00e832d94576837f643b22ffaee56871629290dd

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                Filesize

                                247KB

                                MD5

                                aa5cf64d575b7544eefd77f256c4dc57

                                SHA1

                                bd23989db4f9af0aae34d032e817d802c06ca5a9

                                SHA256

                                79c5afd94d0ffa3519a90e691a6d47f9c2eec93277f7d369aa34e64b171fc920

                                SHA512

                                774aeb5188c536d556a8c7a0cd3dfd9ab22d7bc0ad13353d11c9153232585da352552a69eb967a741372a99db490df355a5a47696b2ea446582c834c963cfeff

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                Filesize

                                546B

                                MD5

                                158fb7d9323c6ce69d4fce11486a40a1

                                SHA1

                                29ab26f5728f6ba6f0e5636bf47149bd9851f532

                                SHA256

                                5e38ef232f42f9b0474f8ce937a478200f7a8926b90e45cb375ffda339ec3c21

                                SHA512

                                7eefcc5e65ab4110655e71bc282587e88242c15292d9c670885f0daae30fa19a4b059390eb8e934607b8b14105e3e25d7c5c1b926b6f93bdd40cbd284aaa3ceb

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                Filesize

                                27KB

                                MD5

                                797c9554ec56fd72ebb3f6f6bef67fb5

                                SHA1

                                40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                SHA256

                                7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                SHA512

                                4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                Filesize

                                214KB

                                MD5

                                01807774f043028ec29982a62fa75941

                                SHA1

                                afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                SHA256

                                9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                SHA512

                                33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                Filesize

                                37KB

                                MD5

                                efb4712c8713cb05eb7fe7d87a83a55a

                                SHA1

                                c94d106bba77aecf88540807da89349b50ea5ae7

                                SHA256

                                30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                SHA512

                                3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                Filesize

                                3.5MB

                                MD5

                                c841eadd1786b7a780b96c2a44351cc9

                                SHA1

                                bde0a8f67bd2b54678fc9a9135ed49821f75f212

                                SHA256

                                3749a43d5297ec2328ddd6af6708de29a5b66efde7423ff72706ab4ca92f56f0

                                SHA512

                                edbc3d526e32de1bf8b7ac6e35fb558b250c7026ec38d5af214dfd47f934375e99da775d3147ce641acd8e51e240df32177b825aa403a40af3291cbb56f3a6b1

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                Filesize

                                397KB

                                MD5

                                99f67d47a8dbdee98407885a1ac58e7c

                                SHA1

                                3cb9d10a8e6ed1acfa802045aca6e931ba7a8759

                                SHA256

                                0aa983060464d62b3da159e533769e8440612e3ec23fb8eff4fc52a0d79cc00e

                                SHA512

                                1a0779480bc3e268882d99206f621ea0feb9548df362f1920b793804fbbbf3fc530e263f0307f3cacbc8af54fd503f3f15b967a1464facd273c16bbbb56a27ab

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                Filesize

                                48KB

                                MD5

                                fcbead4dbc2632afcd0419d8c33aef5d

                                SHA1

                                e246f08bc29d162ed461d2a56243b053bd65c55c

                                SHA256

                                1d26295ce9a2e788761d503469e1218659430c17132d5dd24671a8416efab427

                                SHA512

                                ae423d10725893f3676f33e455797e0a522130e342ed2fb8c6a74869b4bfb92f28e453762bdfcebe13f5c1848330bece35d59f7d1bd30dcdaa17d4b5f0417bfc

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                Filesize

                                197KB

                                MD5

                                d0d21e16e57a1a73056eae228da1e287

                                SHA1

                                ab5a27b1d3d977a7f657d0acdf047067c625869f

                                SHA256

                                3db5809f23020f9988d5db0cf494f014a87b9dc1547cf804ae9d66667505a60c

                                SHA512

                                470bac3e691525ff6007293bac32198c0021a1411ba9d069f88f8603189b1617c2265fe6553c1f60ef788e69afcb8aa790714c59260b7c015a5be5b149222c48

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                Filesize

                                54KB

                                MD5

                                77c613ffadf1f4b2f50d31eeec83af30

                                SHA1

                                76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                SHA256

                                2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                SHA512

                                29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                Filesize

                                333KB

                                MD5

                                745714d838c4d4f88c6e0db6a434f444

                                SHA1

                                90689ce709bf2464b678c7afa7b1e18f080d52bb

                                SHA256

                                e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                SHA512

                                08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                Filesize

                                70KB

                                MD5

                                e9b3a59f67febdd7f8fbe68d71c5d0ab

                                SHA1

                                22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                SHA256

                                bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                SHA512

                                00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                Filesize

                                50KB

                                MD5

                                5bb0687e2384644ea48f688d7e75377b

                                SHA1

                                44e4651a52517570894cfec764ec790263b88c4a

                                SHA256

                                963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                SHA512

                                260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                Filesize

                                32KB

                                MD5

                                80eb4e033338fa114a4d010e9ce0b195

                                SHA1

                                f907ba4231bd21ac056375f23a36be648f5b2ba7

                                SHA256

                                b82e5dfecd3118dca11c86bf7829205fe3e5fcf0eeb57e1999e2fd2f9bd63d52

                                SHA512

                                26d4096f8c9652ea4e3920dc67144a082e069e22b85504f64f15b47f5106ef1df0601bdd7e0c34f4f534d920a520872847e6d57bc985f6e20636a26e0f7acb20

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                Filesize

                                60KB

                                MD5

                                5c5c5f5be28276fb9a808d93eef71267

                                SHA1

                                e89938944bdf0cf7d91bc37ff1f129749f2989f9

                                SHA256

                                6ee89d62bde6c8656a70dfeb3665e96288dc3c77ea67e955ff041c6bef8065dc

                                SHA512

                                ee568509ba54c90c82423f36d7bf34407a34fd748df38871f53d4e35b28502d50fb2f6dddaf1e55c427c4ad99142a9e1e9b9763abbc2a8cee457af349df23f7b

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                Filesize

                                588KB

                                MD5

                                17d74c03b6bcbcd88b46fcc58fc79a0d

                                SHA1

                                bc0316e11c119806907c058d62513eb8ce32288c

                                SHA256

                                13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                SHA512

                                f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                Download Submit

                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                Filesize

                                214B

                                MD5

                                c72a34f5c310370c0baa8be880306641

                                SHA1

                                c2ca33e98f79692bc68474cff4ebfae09d47bf01

                                SHA256

                                c8c6fcccdea494cce16b792127581bdb7c5e5d7f12e6e9f192b9bd06e380ba53

                                SHA512

                                8d29fe552f6ad6149d39c7128d1fbc4a0f02b0acf82dd4b85f4667660be0bb6c59c546b1e5d1a75b96d97c24f9022a0a43f8cc7f9c3b73b41a5d5a9d578b3ba6

                                Download Submit

                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                Filesize

                                9KB

                                MD5

                                1ef7574bc4d8b6034935d99ad884f15b

                                SHA1

                                110709ab33f893737f4b0567f9495ac60c37667c

                                SHA256

                                0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                SHA512

                                947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                Download Submit

                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                Filesize

                                10KB

                                MD5

                                f512536173e386121b3ebd22aac41a4e

                                SHA1

                                74ae133215345beaebb7a95f969f34a40dda922a

                                SHA256

                                a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                SHA512

                                1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                Download Submit

                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                Filesize

                                76KB

                                MD5

                                b40fe65431b18a52e6452279b88954af

                                SHA1

                                c25de80f00014e129ff290bf84ddf25a23fdfc30

                                SHA256

                                800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                SHA512

                                e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                Download Submit

                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                Filesize

                                80KB

                                MD5

                                3904d0698962e09da946046020cbcb17

                                SHA1

                                edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                SHA256

                                a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                SHA512

                                c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                Download Submit

                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                Filesize

                                96KB

                                MD5

                                9712ac7b7b222561d994f3c47e58bc13

                                SHA1

                                3ac5ad555de63f3ec5117246acd4101f8980b6d1

                                SHA256

                                ae7e5ae708beb9de77a6d646af522e9d2a67f6c7c7de8f47cbc01ba118282387

                                SHA512

                                f5647ac9122159fb469feeae76640027c70c905ec57480a01fcc658e635e6a9064741dda1f30e830dd17f2d820ee4cc6e88699062df12297c7e434e4192192a1

                                Download Submit

                              • C:\Program Files\dotnet\dotnet.exe
                                Filesize

                                143KB

                                MD5

                                71026b098f8fb39c88b003df746d9fa0

                                SHA1

                                013ca259f551ad6f33db53fff0e121e74408e20e

                                SHA256

                                11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                SHA512

                                9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                Download Submit

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Filesize

                                471B

                                MD5

                                5a6ad86366d524d0c97575a793f9341a

                                SHA1

                                37c1d9a31181095aa815c91b174e7556dab24b06

                                SHA256

                                a8b872392b38fa5ab1b500a3c6636bace1beb21fe017a7a85cc018e643e82191

                                SHA512

                                a88fb5809703642704b333a68f5757fee28f0e42d387aea880a3382a2f320a32db0e5ab55a692b4d992df8ee52752646bb733b89042e80b496f5c5424168da0e

                                Download Submit

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                Filesize

                                727B

                                MD5

                                156cc0b9a84bd4cc910a2b7ae8b3e17c

                                SHA1

                                2f5e03718a3e5214ebd4b60f0192c0758ffb133c

                                SHA256

                                91e12d6913a6091044b8477e4d28652e163b303a5855dff8eaf58dd6d29b65f2

                                SHA512

                                07908eb97e43e5b06612c5efef273b1ca68eaf121d2dcf7ff4607152254a4166b39a69a3d752d95857c863701eee58192c722415fca2dadea56179b83e40d1d2

                                Download Submit

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Filesize

                                727B

                                MD5

                                8a8dfd7a40e2ef9d8d0310c48d44bae0

                                SHA1

                                3173b171fb0fc79c702063992fda658885fbe9b0

                                SHA256

                                46295f8688897d50a4d3ae2b47b58221b66bae567b96e5dd4a988175f3c59cd4

                                SHA512

                                8c0f510e553b4b74934c7b1cb18bcf3f9f95017badba4e66af7c1199ecc8349d33f5497ef033ff23f3d40dfad1237a4ce94c683b12341bab7576fdcf5cf9056c

                                Download Submit

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Filesize

                                400B

                                MD5

                                35d32a73a4671c7d4fec98ed827c7122

                                SHA1

                                997cb539b0518aaed10e9342ff9a549327460bbd

                                SHA256

                                7cc5e26a6564b5b514ab1b43a94a3dd73d1b1f0a4b63183fb05117e722b3d688

                                SHA512

                                a69ef21f24e2b0afda2d8b5f326ddf5fdd4e701966d14cbfb5e7b2ae4bc89898f36533b167cdf696de7bbab99d18360c249517c4374d935ccc0ac69f4c735e4d

                                Download Submit

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                Filesize

                                412B

                                MD5

                                ee73b2d986938299dd139d6569fd438e

                                SHA1

                                e3449ddf37709de3bdd95b5b51d88192879ed191

                                SHA256

                                6cb3f07662ba3e00b3cde9e0b58c8aac4eda898ea82298025330791257b39c3e

                                SHA512

                                12d4aa1b2cb23ed594f763e7a97a3a3f3eb2164dced040e9bcec51c38f63c8fcac344bcc9e3e354a287370c910642c4ba3777f3dc97fb903037e0eab4e1f170a

                                Download Submit

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Filesize

                                412B

                                MD5

                                96139a4a02932d488920ae60db1763ab

                                SHA1

                                aa3159cac9988175037af3d573f647bf209353ed

                                SHA256

                                e4f3b965d25815d813cb1c15511ab5a1006cf45cce0fecf15504724a9e6d9cb1

                                SHA512

                                69c4dc0345b6f9ce96110361e6d0cda4e2fb9266a5c312d0b468f93012ec1cd8d414ef151f07c52c77ff1c0a51e386c7c40abe32aadbc2b477064c4d56770a9e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                Filesize

                                651B

                                MD5

                                9bbfe11735bac43a2ed1be18d0655fe2

                                SHA1

                                61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                SHA256

                                549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                SHA512

                                a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                Download Submit

                              • C:\Windows\Installer\MSI645.tmp
                                Filesize

                                219KB

                                MD5

                                928f4b0fc68501395f93ad524a36148c

                                SHA1

                                084590b18957ca45b4a0d4576d1cc72966c3ea10

                                SHA256

                                2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                SHA512

                                7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                Download Submit

                              • C:\Windows\Installer\MSI9AD2.tmp
                                Filesize

                                4.5MB

                                MD5

                                08211c29e0d617a579ffa2c41bde1317

                                SHA1

                                4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                SHA256

                                3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                SHA512

                                d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                Download Submit

                              • C:\Windows\Installer\MSIE0CB.tmp
                                Filesize

                                509KB

                                MD5

                                88d29734f37bdcffd202eafcdd082f9d

                                SHA1

                                823b40d05a1cab06b857ed87451bf683fdd56a5e

                                SHA256

                                87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                SHA512

                                1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                Download Submit

                              • C:\Windows\Installer\MSIE0CB.tmp-\AlphaControlAgentInstallation.dll
                                Filesize

                                25KB

                                MD5

                                aa1b9c5c685173fad2dabebeb3171f01

                                SHA1

                                ed756b1760e563ce888276ff248c734b7dd851fb

                                SHA256

                                e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                SHA512

                                d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                Download Submit

                              • C:\Windows\Installer\MSIE0CB.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                Filesize

                                179KB

                                MD5

                                1a5caea6734fdd07caa514c3f3fb75da

                                SHA1

                                f070ac0d91bd337d7952abd1ddf19a737b94510c

                                SHA256

                                cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                SHA512

                                a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                Download Submit

                              • C:\Windows\Installer\MSIE35C.tmp-\CustomAction.config
                                Filesize

                                1KB

                                MD5

                                bc17e956cde8dd5425f2b2a68ed919f8

                                SHA1

                                5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                SHA256

                                e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                SHA512

                                02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                Download Submit

                              • C:\Windows\Installer\MSIE35C.tmp-\Newtonsoft.Json.dll
                                Filesize

                                695KB

                                MD5

                                715a1fbee4665e99e859eda667fe8034

                                SHA1

                                e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                SHA256

                                c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                SHA512

                                bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                Download Submit

                              • C:\Windows\Installer\MSIEA06.tmp
                                Filesize

                                211KB

                                MD5

                                a3ae5d86ecf38db9427359ea37a5f646

                                SHA1

                                eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                SHA256

                                c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                SHA512

                                96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                Download Submit

                              • C:\Windows\Installer\e57e02e.msi
                                Filesize

                                2.9MB

                                MD5

                                8b6b0ec93209591b6f987b27b150f803

                                SHA1

                                dd64e5c25c9237b6a52f68dcc6a5777c83c5fef3

                                SHA256

                                768eaad977f0e47869a05f653895ef1c14b3c83905a91e2b8dc56b718e056de6

                                SHA512

                                0e892754f982114ab1d99bef288123563543c1010289f312f9b9e8c3abd8845c907ef665dc60dd744b3c840fe11c4546c1bee5bcbebeb67469cda4e3409e0a39

                                Download Submit

                              • C:\Windows\Installer\e57e03b.msi
                                Filesize

                                26.3MB

                                MD5

                                b9c6d23462adef092b8a5b7880531b03

                                SHA1

                                9e8c4f7f48d38fb54a93789a583852869c074f2d

                                SHA256

                                2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                SHA512

                                18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                Download Submit

                              • C:\Windows\Installer\e57e03c.msi
                                Filesize

                                772KB

                                MD5

                                d73de5788ab129f16afdd990d8e6bfa9

                                SHA1

                                88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                SHA256

                                4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                SHA512

                                bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                Download Submit

                              • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-02-45-16.dat
                                Filesize

                                602B

                                MD5

                                b3e8117aef387987d96a9c40bcf4d26a

                                SHA1

                                4b2d9dbaf77ffbc5d948fd707b834a39d8fbabc0

                                SHA256

                                df61b25b0938d3ad57755f8455eec159b3f3761c43fffa0cc42aa50eaeeeb9b4

                                SHA512

                                28e18cb0b3af4802cabf50e8bf41ead067225457877b66e4b08a2a25228822847f84f8552c84d26bf08d5f4b84548921414e853c4bbfd7ff29b08998e054eb0f

                                Download Submit

                              • C:\Windows\Temp\InstallUtil.log
                                Filesize

                                976B

                                MD5

                                37101b02f08d897ef9fcc4c70dc9599c

                                SHA1

                                b1a9eb248edc3db1fef1b73ed9be062bdf020972

                                SHA256

                                6c50d6e207c5b72421fbc9bab9e6072fb19ebcb4944965666cadf8260fd30bf9

                                SHA512

                                ba7c3fa522e76dc86102545c864f694bc87d6c4c29654699fdacc2da018a8de14b9df1b4a2da28ad130537a6b7c0f8cf5068a2ea9e87f1e4a53b3e825d98df1a

                                Download Submit

                              • C:\Windows\Temp\InstallUtil.log
                                Filesize

                                1KB

                                MD5

                                2ca9ca851b49dc997c8b3687f37a2b75

                                SHA1

                                de8198b6a1381b213f02e2e6ef4216254e36e68e

                                SHA256

                                323d24e4b688a008119afab43ea1354091386a00ec9dca5bb82f6ea665aa71f0

                                SHA512

                                9f5f23b74fb41f28ed1d2b030fb5f03d70ccf1c735151535aef37c952630d4355aa5cd4c608924917383dfba5f7a25ac83f368728dba3e3ebb78598a570059ec

                                Download Submit

                              • C:\Windows\Temp\InstallUtil.log
                                Filesize

                                4KB

                                MD5

                                e26c57654e9bb10f7ce673af46f01b19

                                SHA1

                                86c7fb0237c8fe3f03153c741fb520b848a3a594

                                SHA256

                                6e5f25888d794f816dc7a1d55c4b998bcbd2c7f70f888ddae2f5c3110e82bb5f

                                SHA512

                                0270260ae3ceb59a0ad77bfa4a281b6d97d5b77225dd2e686c097c33c9d0c866a146a5e461e59cbe221b5950ebfda2ff22c8895b24f79fc10717c02c151f7313

                                Download Submit

                              • C:\Windows\Temp\PreVer.log
                                Filesize

                                2KB

                                MD5

                                8f4106b2eb21ba16ef39f93023914ca4

                                SHA1

                                72d6be5749569d20a7a5377173db3246e8f78a3f

                                SHA256

                                e6ca306d2a162696647063a3f8b352fafc8ec17113d48007d51ea6d996906ec2

                                SHA512

                                c87875d3f219eab874a84bda2b0de530b3f512d8c7b9eb57bd5b5aebfce8fd42c5514f719c4e9157792d948e21cbf5a3ca9eb3e2ba9ab62652a160f7dbddb8fc

                                Download Submit

                              • C:\Windows\Temp\__PSScriptPolicyTest_ywy3dvh4.baf.ps1
                                Filesize

                                60B

                                MD5

                                d17fe0a3f47be24a6453e9ef58c94641

                                SHA1

                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                SHA256

                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                SHA512

                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                Download Submit

                              • C:\Windows\Temp\unpack.log
                                Filesize

                                4KB

                                MD5

                                81abfc7cde6c948d890323c1d7fcdfae

                                SHA1

                                e2cbbd40edcd2a29118606c74af0b67adbbccc7a

                                SHA256

                                d8c4d89b18455d37830173f46f3c99c7a25e4f092b73b1e468ba42172773f805

                                SHA512

                                c4cfc1ca9bd743731802c6870454229d2e120384d60d1f839f4bd48fbd1df06f5174419d934de5ddb0d74c96a21cbb81cf62cbb6da723bc5f532cc474f2bdaf1

                                Download Submit

                              • C:\Windows\Temp\unpack\PreVerCheck.exe
                                Filesize

                                3.2MB

                                MD5

                                2c18826adf72365827f780b2a1d5ea75

                                SHA1

                                a85b5eae6eba4af001d03996f48d97f7791e36eb

                                SHA256

                                ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                SHA512

                                474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                Download Submit

                              • C:\Windows\Temp\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\IsConfig.ini
                                Filesize

                                571B

                                MD5

                                d239b8964e37974225ad69d78a0a8275

                                SHA1

                                cf208e98a6f11d1807cd84ca61504ad783471679

                                SHA256

                                0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                SHA512

                                88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                Download Submit

                              • C:\Windows\Temp\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\String1033.txt
                                Filesize

                                182KB

                                MD5

                                99bbffd900115fe8672c73fb1a48a604

                                SHA1

                                8f587395fa6b954affef337c70781ce00913950e

                                SHA256

                                57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                SHA512

                                d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                Download Submit

                              • C:\Windows\Temp\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\_is916E.exe
                                Filesize

                                179KB

                                MD5

                                7a1c100df8065815dc34c05abc0c13de

                                SHA1

                                3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                SHA256

                                e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                SHA512

                                bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                Download Submit

                              • C:\Windows\Temp\{3F45E7B8-0106-4B6F-A705-050538ED03D8}\setup.inx
                                Filesize

                                345KB

                                MD5

                                0376dd5b7e37985ea50e693dc212094c

                                SHA1

                                02859394164c33924907b85ab0aaddc628c31bf1

                                SHA256

                                c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                SHA512

                                69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                Download Submit

                              • C:\Windows\Temp\{6807C799-E84C-4500-A577-FD16D998E4F5}\ISRT.dll
                                Filesize

                                427KB

                                MD5

                                85315ad538fa5af8162f1cd2fce1c99d

                                SHA1

                                31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                SHA256

                                70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                SHA512

                                877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                Download Submit

                              • C:\Windows\Temp\{6807C799-E84C-4500-A577-FD16D998E4F5}\_isres_0x0409.dll
                                Filesize

                                1.8MB

                                MD5

                                befe2ef369d12f83c72c5f2f7069dd87

                                SHA1

                                b89c7f6da1241ed98015dc347e70322832bcbe50

                                SHA256

                                9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                SHA512

                                760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                Download Submit

                              • C:\Windows\Temp\{6FB8D03F-5E50-42C1-B8AD-EB65CF8F2809}\.ba\bg.png
                                Filesize

                                4KB

                                MD5

                                9eb0320dfbf2bd541e6a55c01ddc9f20

                                SHA1

                                eb282a66d29594346531b1ff886d455e1dcd6d99

                                SHA256

                                9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                SHA512

                                9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                Download Submit

                              • C:\Windows\Temp\{6FB8D03F-5E50-42C1-B8AD-EB65CF8F2809}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                Filesize

                                607KB

                                MD5

                                669de3ab32955e69decfe13a3c89891e

                                SHA1

                                ab2e90613c8b9261f022348ca11952a29f9b2c73

                                SHA256

                                2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                SHA512

                                be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                Download Submit

                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Filesize

                                727B

                                MD5

                                1167bcb840f031161de408717b54bdce

                                SHA1

                                cc7efcf77db65f5192777492adf5b1b8968a1728

                                SHA256

                                9da91d23cdc033b7044075e32ae09312dfc7207fe3dbf537fd19703471d2f62b

                                SHA512

                                53e384e03b465b3f3aa8df7408fac93385434844cd57c34e89ffd4aff918fdb969a229a5d08f03805133c31fe209aae89b0e1c547157ff5550e1680e5716d1c7

                                Download Submit

                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Filesize

                                404B

                                MD5

                                c1de0fa762f2027e8e7c4802c9646626

                                SHA1

                                58b757966f7e7552593f196500048547cb38e217

                                SHA256

                                079a17816a0d656ca94d7fbe46646f9455ccea62dde5290c55c1e2415199f8d9

                                SHA512

                                06ad241fc808f6a0494e7a82e4469e89778fff413b88b3a1c295f4d882a2d3bcd51ce478e6cfd332684fdf95390247890b06aa4785418a4a7d728ccbc0a3b9bc

                                Download Submit

                              • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Filesize

                                412B

                                MD5

                                1ebc91f2eeaca4168dba23ed0dec7257

                                SHA1

                                dec9beb6b5b15f5f146e240dd2fa8e9dbbd828f7

                                SHA256

                                128a122f1a26489e75e7c63717831fd547f883c53c76f55625ee359345af30e4

                                SHA512

                                5bd38bd3de7ddcd3752a24220131bca0773d8297ac24db5416a59fe6e60d9985fae28677324abdbcf81a7b81a946e82a0056549f1ccb0e4ee77be93b6bc3131c

                                Download Submit

                              • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                Filesize

                                24.1MB

                                MD5

                                1b71d08a6e3af20b036d532d8c1437f7

                                SHA1

                                a96170945eb37ac9cd0481decb2160055c9d991b

                                SHA256

                                63b150263cca2b9593178909fc58bf07df31691620fd2033aeb15dc980b66b49

                                SHA512

                                c5f18c7289cdb5949b7ac8a4bd98bc082a3d6aff73c6407fff628382a77460dc3d84dad9859f7db23cc792cf5a538a195dd3ca31b87a03237520539493a69032

                                Download Submit

                              • \??\Volume{9342aa26-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{7217a0d9-6f26-4e8e-9f6a-6fd2931e23d0}_OnDiskSnapshotProp
                                Filesize

                                6KB

                                MD5

                                db5cd6699031498cb795e731bab5440a

                                SHA1

                                d760839a23399069f4990818f8fd3a639eb289bf

                                SHA256

                                86240364623fbebcaae916b66c820d03539b667930f4edf4379d66e68cbda5a5

                                SHA512

                                1201b8b6d501a6aee2d80176ec9be3d670956f4edface73102655091d4a43572e941ab908910ea768372d6f3547c46754ad1e335d963d51ea239c29abf3d2d24

                                Download Submit

                              • memory/1128-368-0x000001E6F3910000-0x000001E6F3978000-memory.dmp

                                Filesize

                                416KB

                                Download

                              • memory/1128-384-0x000001E6F4CF0000-0x000001E6F4D1A000-memory.dmp

                                Filesize

                                168KB

                                Download

                              • memory/1128-381-0x000001E6F43F0000-0x000001E6F43F8000-memory.dmp

                                Filesize

                                32KB

                                Download

                              • memory/1128-380-0x000001E6F3EE0000-0x000001E6F3EE8000-memory.dmp

                                Filesize

                                32KB

                                Download

                              • memory/1128-379-0x000001E6F4E80000-0x000001E6F4F32000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/1128-375-0x000001E6F4DA0000-0x000001E6F4E7C000-memory.dmp

                                Filesize

                                880KB

                                Download

                              • memory/1128-373-0x000001E6F3E10000-0x000001E6F3E18000-memory.dmp

                                Filesize

                                32KB

                                Download

                              • memory/1128-382-0x000001E6F4400000-0x000001E6F4408000-memory.dmp

                                Filesize

                                32KB

                                Download

                              • memory/1128-383-0x000001E6F4D30000-0x000001E6F4D98000-memory.dmp

                                Filesize

                                416KB

                                Download

                              • memory/1128-385-0x000001E6F5BD0000-0x000001E6F5C0A000-memory.dmp

                                Filesize

                                232KB

                                Download

                              • memory/1128-374-0x000001E6F3E40000-0x000001E6F3E4A000-memory.dmp

                                Filesize

                                40KB

                                Download

                              • memory/1128-372-0x000001E6F4B20000-0x000001E6F4B68000-memory.dmp

                                Filesize

                                288KB

                                Download

                              • memory/1128-371-0x000001E6F43A0000-0x000001E6F43EC000-memory.dmp

                                Filesize

                                304KB

                                Download

                              • memory/1128-386-0x000001E6F4CC0000-0x000001E6F4CE6000-memory.dmp

                                Filesize

                                152KB

                                Download

                              • memory/1128-370-0x000001E6F3E20000-0x000001E6F3E3C000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/1128-369-0x000001E6F3E50000-0x000001E6F3E9A000-memory.dmp

                                Filesize

                                296KB

                                Download

                              • memory/2192-1302-0x0000020641340000-0x0000020641366000-memory.dmp

                                Filesize

                                152KB

                                Download

                              • memory/2620-288-0x000002214BFC0000-0x000002214C070000-memory.dmp

                                Filesize

                                704KB

                                Download

                              • memory/2620-286-0x0000022132D50000-0x0000022132D92000-memory.dmp

                                Filesize

                                264KB

                                Download

                              • memory/2620-289-0x00000221335E0000-0x00000221335FC000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/2836-1532-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/2836-1948-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download

                              • memory/2836-1947-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/2836-2452-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download

                              • memory/2836-2451-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/2836-1533-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download

                              • memory/3148-203-0x0000019FE2B10000-0x0000019FE2B32000-memory.dmp

                                Filesize

                                136KB

                                Download

                              • memory/3148-243-0x0000019FE30D0000-0x0000019FE3108000-memory.dmp

                                Filesize

                                224KB

                                Download

                              • memory/3148-197-0x0000019FE2BD0000-0x0000019FE2C82000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/3656-112-0x0000000002E30000-0x0000000002E96000-memory.dmp

                                Filesize

                                408KB

                                Download

                              • memory/4032-81-0x0000000004810000-0x0000000004832000-memory.dmp

                                Filesize

                                136KB

                                Download

                              • memory/4032-82-0x0000000004980000-0x0000000004CD4000-memory.dmp

                                Filesize

                                3.3MB

                                Download

                              • memory/4032-78-0x0000000004890000-0x0000000004942000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/4060-166-0x000001A190630000-0x000001A190642000-memory.dmp

                                Filesize

                                72KB

                                Download

                              • memory/4060-150-0x000001A18EA80000-0x000001A18EAA8000-memory.dmp

                                Filesize

                                160KB

                                Download

                              • memory/4060-162-0x000001A190830000-0x000001A1908C8000-memory.dmp

                                Filesize

                                608KB

                                Download

                              • memory/4060-167-0x000001A190690000-0x000001A1906CC000-memory.dmp

                                Filesize

                                240KB

                                Download

                              • memory/4436-45-0x0000000005070000-0x000000000507C000-memory.dmp

                                Filesize

                                48KB

                                Download

                              • memory/4436-40-0x0000000005030000-0x000000000505E000-memory.dmp

                                Filesize

                                184KB

                                Download

                              • memory/4632-366-0x000002121CFF0000-0x000002121D0A2000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/4632-365-0x0000021203EB0000-0x0000021203EC6000-memory.dmp

                                Filesize

                                88KB

                                Download

                              • memory/4632-367-0x00000212042A0000-0x00000212042BC000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/4764-519-0x000002C8DBBD0000-0x000002C8DBBF6000-memory.dmp

                                Filesize

                                152KB

                                Download

                              • memory/4932-973-0x0000000010000000-0x0000000010114000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4932-582-0x0000000010000000-0x0000000010114000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4932-551-0x0000000003060000-0x0000000003227000-memory.dmp

                                Filesize

                                1.8MB

                                Download

                              • memory/4932-976-0x00000000030A0000-0x0000000003267000-memory.dmp

                                Filesize

                                1.8MB

                                Download

                              • memory/4932-1151-0x0000000010000000-0x0000000010114000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4932-548-0x0000000010000000-0x0000000010114000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/4932-972-0x0000000010000000-0x0000000010114000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/5232-1840-0x000002E876530000-0x000002E87660C000-memory.dmp

                                Filesize

                                880KB

                                Download

                              • memory/5232-1822-0x000002E875BD0000-0x000002E875C1A000-memory.dmp

                                Filesize

                                296KB

                                Download

                              • memory/5232-1903-0x000002E875BC0000-0x000002E875BC8000-memory.dmp

                                Filesize

                                32KB

                                Download

                              • memory/5232-1821-0x000002E875260000-0x000002E875270000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/5232-1826-0x000002E875BA0000-0x000002E875BBC000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5232-1894-0x000002E876610000-0x000002E8766C2000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5244-1867-0x0000022F9FA10000-0x0000022F9FAC2000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5244-1891-0x0000022F87260000-0x0000022F872C6000-memory.dmp

                                Filesize

                                408KB

                                Download

                              • memory/5244-1892-0x0000022F86CD0000-0x0000022F86CE4000-memory.dmp

                                Filesize

                                80KB

                                Download

                              • memory/5244-1838-0x0000022F86BA0000-0x0000022F86BC0000-memory.dmp

                                Filesize

                                128KB

                                Download

                              • memory/5244-1834-0x0000022F867F0000-0x0000022F86800000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/5324-1303-0x000001DD825B0000-0x000001DD825BA000-memory.dmp

                                Filesize

                                40KB

                                Download

                              • memory/5324-1305-0x000001DD82DF0000-0x000001DD82E0A000-memory.dmp

                                Filesize

                                104KB

                                Download

                              • memory/5324-1347-0x000001DD9B7E0000-0x000001DD9B892000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5324-1520-0x000001DD9BED0000-0x000001DD9C3F8000-memory.dmp

                                Filesize

                                5.2MB

                                Download

                              • memory/5464-1487-0x00000220C6260000-0x00000220C6280000-memory.dmp

                                Filesize

                                128KB

                                Download

                              • memory/5464-1330-0x00000220C6220000-0x00000220C6238000-memory.dmp

                                Filesize

                                96KB

                                Download

                              • memory/5464-1328-0x00000220C59E0000-0x00000220C59EC000-memory.dmp

                                Filesize

                                48KB

                                Download

                              • memory/5464-1382-0x00000220DEBB0000-0x00000220DEC62000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5648-1909-0x000002CC33C50000-0x000002CC33CA4000-memory.dmp

                                Filesize

                                336KB

                                Download

                              • memory/5648-1842-0x000002CC33CB0000-0x000002CC33D62000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5648-1825-0x000002CC1AB60000-0x000002CC1AB72000-memory.dmp

                                Filesize

                                72KB

                                Download

                              • memory/5648-1831-0x000002CC1B3C0000-0x000002CC1B3DC000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5664-1882-0x00000182D69B0000-0x00000182D69CC000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5664-1911-0x00000182D6E30000-0x00000182D6E4A000-memory.dmp

                                Filesize

                                104KB

                                Download

                              • memory/5664-1829-0x00000182D6510000-0x00000182D6522000-memory.dmp

                                Filesize

                                72KB

                                Download

                              • memory/5664-1833-0x00000182D6D90000-0x00000182D6DDA000-memory.dmp

                                Filesize

                                296KB

                                Download

                              • memory/5664-1906-0x00000182EF880000-0x00000182EF932000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5664-1907-0x00000182EFA20000-0x00000182EFAFC000-memory.dmp

                                Filesize

                                880KB

                                Download

                              • memory/5740-1827-0x000001F41F280000-0x000001F41F35C000-memory.dmp

                                Filesize

                                880KB

                                Download

                              • memory/5740-1677-0x000001F4065D0000-0x000001F4065DA000-memory.dmp

                                Filesize

                                40KB

                                Download

                              • memory/5740-1673-0x000001F405D50000-0x000001F405D84000-memory.dmp

                                Filesize

                                208KB

                                Download

                              • memory/5740-1674-0x000001F4065E0000-0x000001F40662A000-memory.dmp

                                Filesize

                                296KB

                                Download

                              • memory/5740-1675-0x000001F4065B0000-0x000001F4065CC000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5740-1676-0x000001F41EE50000-0x000001F41EE68000-memory.dmp

                                Filesize

                                96KB

                                Download

                              • memory/5740-1841-0x000001F41F060000-0x000001F41F07C000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5740-1685-0x000001F41EED0000-0x000001F41EF1A000-memory.dmp

                                Filesize

                                296KB

                                Download

                              • memory/5740-1835-0x000001F41F1A0000-0x000001F41F202000-memory.dmp

                                Filesize

                                392KB

                                Download

                              • memory/5740-1823-0x000001F41F0E0000-0x000001F41F192000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5820-1483-0x000001E5E49A0000-0x000001E5E49EA000-memory.dmp

                                Filesize

                                296KB

                                Download

                              • memory/5820-1519-0x000001E5FD2F0000-0x000001E5FD3A0000-memory.dmp

                                Filesize

                                704KB

                                Download

                              • memory/5820-1405-0x000001E5E3FA0000-0x000001E5E3FAC000-memory.dmp

                                Filesize

                                48KB

                                Download

                              • memory/5820-1494-0x000001E5E4350000-0x000001E5E436C000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5820-1522-0x000001E5E4970000-0x000001E5E498C000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5820-1521-0x000001E5FD480000-0x000001E5FD55C000-memory.dmp

                                Filesize

                                880KB

                                Download

                              • memory/5860-2412-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download

                              • memory/5860-1828-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/5860-2436-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download

                              • memory/5860-1830-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download

                              • memory/5860-2435-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/5860-2411-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/5904-1895-0x0000014875CC0000-0x0000014875D72000-memory.dmp

                                Filesize

                                712KB

                                Download

                              • memory/5904-1902-0x0000014875C50000-0x0000014875C98000-memory.dmp

                                Filesize

                                288KB

                                Download

                              • memory/5904-1896-0x000001485D4F0000-0x000001485D50C000-memory.dmp

                                Filesize

                                112KB

                                Download

                              • memory/5904-1816-0x000001485CAF0000-0x000001485CB2A000-memory.dmp

                                Filesize

                                232KB

                                Download

                              • memory/6124-1837-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download

                              • memory/6124-1974-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/6124-1836-0x0000000074BC0000-0x0000000074CDC000-memory.dmp

                                Filesize

                                1.1MB

                                Download

                              • memory/6124-1975-0x00000000741F0000-0x00000000745BD000-memory.dmp

                                Filesize

                                3.8MB

                                Download