Overview

overview

10

Static

static

10

IRS-Scan_D...sx.msi

windows7-x64

10

IRS-Scan_D...sx.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2025, 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IRS-Scan_Document_xlsx.msi

  • Size

    2.9MB

  • MD5

    e6b0bc0456d57fd0234df8dc69eee35e

  • SHA1

    02f317c3b6d2087d567aa2c5d67daca568eff615

  • SHA256

    6f22f8115db51b4b9881c47cd1d57962c3b719f0206ca4bf2bdbaab6c23497da

  • SHA512

    f9ba0ba25d0be16cff1117fdc5642f4b6a481cd28ffebdb4502b96fb75c942caa6a933e30f0168a1e9e0790308b264c6618a863830adb59de8b9aaf8ae45773b

  • SSDEEP

    49152:b+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:b+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 49 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 7 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\IRS-Scan_Document_xlsx.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2136
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4044
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding F8D86ACCCB1DF9EC284B7B3FE4B65110
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:612
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI5474.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240670140 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2384
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI5976.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240671125 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3104
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI5E98.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240672421 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4736
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI6A64.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240675437 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4356
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B5796E03A3025C124B8C39930A34D9EE E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4328
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:4440
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:3176
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Qn3yfIAB" /AgentId="73ac10ac-b6e5-416c-8b60-9fa897271261"
      2⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:2572
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DC1C85E3BBDA99980086CA82F1F92D4D E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      PID:2192
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{44AEF982-A7BC-4FAA-B8AC-D36E942780F0}
        3⤵
        • Executes dropped EXE
        PID:1720
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6DFC8BF8-6AB8-4A10-BAFE-334FACE75101}
        3⤵
        • Executes dropped EXE
        PID:1584
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28E482E3-0D96-4E3A-B97F-CE7EC9EEB7AB}
        3⤵
        • Executes dropped EXE
        PID:5540
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{50AD5A66-EE76-40FC-AFC8-3A3AFFAA675B}
        3⤵
        • Executes dropped EXE
        PID:2248
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2222090E-E7BB-40C2-84E0-17C6A41AF9F7}
        3⤵
        • Executes dropped EXE
        PID:5456
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E2FBAD1C-4913-44A5-AF54-AED34E2172C2}
        3⤵
        • Executes dropped EXE
        PID:5608
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F73A2100-FA87-4FF5-B9B7-452854C8B2B4}
        3⤵
        • Executes dropped EXE
        PID:5640
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{95C0EE53-781C-44F1-8CA7-E755B6D67662}
        3⤵
        • Executes dropped EXE
        PID:5620
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7F3DC35D-2AB2-4A91-B591-DD8BDBF776B9}
        3⤵
        • Executes dropped EXE
        PID:5688
      • C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe
        C:\Windows\TEMP\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isA330.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C0351DD-739B-4E9C-8E31-02FB4474EA8D}
        3⤵
        • Executes dropped EXE
        PID:5776
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5732
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5884
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5932
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:6016
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:6008
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:6100
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5088
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5176
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5228
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5972
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5820
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1412
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1536
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4992
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1268
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:1516
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5492
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2948
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5304
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5452
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7A1CDF34-7B15-4754-8CAA-92DC34BE283B}
        3⤵
        • Executes dropped EXE
        PID:5712
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F7B9D307-15B9-4203-98E0-B39E75D9BBB2}
        3⤵
        • Executes dropped EXE
        PID:5728
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EDA32B2D-9500-4F0C-82CB-2DB821E1D3C6}
        3⤵
        • Executes dropped EXE
        PID:5900
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{02068B02-768C-486D-84B4-9627079DDA09}
        3⤵
        • Executes dropped EXE
        PID:5840
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68DCFBE3-20FB-445D-BA9C-6AFD09028E5B}
        3⤵
        • Executes dropped EXE
        PID:968
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{63C13E53-9A8D-4299-BB18-3B1CDA53A160}
        3⤵
        • Executes dropped EXE
        PID:6104
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9F2FCDB0-3605-4EDF-AEB7-7BAD119A1372}
        3⤵
        • Executes dropped EXE
        PID:6076
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{27AF3397-10C6-47C7-AE9D-CCF9106D2174}
        3⤵
        • Executes dropped EXE
        PID:5220
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EF8B4F8B-9330-4D59-9171-BAAA24A32555}
        3⤵
        • Executes dropped EXE
        PID:5152
      • C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
        C:\Windows\TEMP\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E0C56C87-34B0-4BA7-AA18-04DCC308318D}
        3⤵
        • Executes dropped EXE
        PID:4328
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{952071EC-91C8-4DD1-97BD-C7001DE8394B}
        3⤵
        • Executes dropped EXE
        PID:5784
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFE62B23-B0FB-4409-A743-3FE5673960E3}
        3⤵
        • Executes dropped EXE
        PID:5588
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{484C3EF0-0960-4BA8-A4D8-653B2A860B8E}
        3⤵
        • Executes dropped EXE
        PID:5856
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B2C56F64-5CBE-4F8A-A360-1EE21B95FEDA}
        3⤵
        • Executes dropped EXE
        PID:6040
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EB48523E-ADBA-481B-9276-50246239A388}
        3⤵
        • Executes dropped EXE
        PID:5908
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28041E15-504D-41E7-BC31-72FC747B7A5E}
        3⤵
        • Executes dropped EXE
        PID:708
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{18C44401-F962-416D-89BB-B025A8EF686D}
        3⤵
        • Executes dropped EXE
        PID:1872
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B2F53A40-D56A-475B-A58E-940A38F09986}
        3⤵
        • Executes dropped EXE
        PID:5736
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{99AF825D-7C4E-480A-9FE1-C44BA275F230}
        3⤵
        • Executes dropped EXE
        PID:5480
      • C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe
        C:\Windows\TEMP\{467DD1D3-6B1A-4632-B54B-BBAD65D8DAC7}\_isBE6B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1906C9BF-AB57-40C7-906D-9A610DDEAA7D}
        3⤵
        • Executes dropped EXE
        PID:5816
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3744
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3952
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:1856
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:4336
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:5716
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:5936
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{40C5176A-DD43-4AE9-A39C-575B4BAC9349}
            3⤵
            • Executes dropped EXE
            PID:5612
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{35BF9BE5-DBCD-4723-A4DC-EBCB1D2F26AE}
            3⤵
            • Executes dropped EXE
            PID:5480
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{57C30B60-5ED5-4B67-BEFE-6B2B318CAAA1}
            3⤵
            • Executes dropped EXE
            PID:5816
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FE89602F-EA96-43BE-BF37-702FA42DDCB1}
            3⤵
            • Executes dropped EXE
            PID:5280
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2E93F142-3F9B-4618-A428-9BF98C302FA3}
            3⤵
            • Executes dropped EXE
            PID:5408
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{727B5340-6764-489F-9AF2-E22831978335}
            3⤵
            • Executes dropped EXE
            PID:5668
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EDA22D12-BCD9-4828-82C8-FE45F2568A01}
            3⤵
            • Executes dropped EXE
            PID:556
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{486DE12E-149D-4765-B368-0CAE9EB18A2D}
            3⤵
            • Executes dropped EXE
            PID:1516
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{838F2A7E-B778-4978-8F72-C9701C8734D3}
            3⤵
            • Executes dropped EXE
            PID:1848
          • C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe
            C:\Windows\TEMP\{9813DA72-16EC-4E85-B282-C7A21F1A9DD3}\_isD32E.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CF332641-D224-4A2A-B4E5-A0F4D74496C5}
            3⤵
            • Executes dropped EXE
            PID:5444
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:4268
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{46E5EB7A-DF64-460B-959E-1D2E65193AE6}
            3⤵
            • Executes dropped EXE
            PID:5888
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{073D81EE-BFD2-48A5-83AE-01ECCBE18DEF}
            3⤵
            • Executes dropped EXE
            PID:5404
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{72BE4BD8-3C0D-462E-A2CA-B095EDAD3133}
            3⤵
            • Executes dropped EXE
            PID:5384
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E2F28E49-5A39-4D91-ABDE-52F9EFD8B587}
            3⤵
            • Executes dropped EXE
            PID:4956
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{52BFF1D6-A550-4308-B05A-4BF05EF3059D}
            3⤵
            • Executes dropped EXE
            PID:6060
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{088D6908-1C96-4A7A-AC19-99858DFD9FDC}
            3⤵
            • Executes dropped EXE
            PID:5164
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5243E8FF-AAEC-4DB7-948A-DF3FF3CDFDAD}
            3⤵
            • Executes dropped EXE
            PID:5416
          • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
            C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F905EAAC-7866-4244-8DE2-D5B653F3A82E}
            3⤵
              PID:5980
            • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
              C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9F64F049-CD54-43A1-8CA5-4009200CAE69}
              3⤵
                PID:5736
              • C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe
                C:\Windows\TEMP\{21A9AE1E-98DB-4331-8452-14960355C71A}\_isD774.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D0AE44FC-454F-43D2-B823-D1961C118301}
                3⤵
                  PID:5236
                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:448
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding A2649D671E2BFB9A0325CF7E389EE5B0 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:6132
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI2F94.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240725968 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                  3⤵
                  • Drops file in System32 directory
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:3732
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI309F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240726156 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:4992
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI3311.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240726781 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                  3⤵
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:5176
                • C:\Windows\SysWOW64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:6472
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:6560
                • C:\Windows\SysWOW64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:6728
                • C:\Windows\syswow64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:1284
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:4536
                • C:\Windows\syswow64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:1856
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI541F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240735250 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:5368
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                2⤵
                • Drops file in System32 directory
                PID:6924
              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="cb98e23f-a05f-4a00-a944-1d8655d215e1"
                2⤵
                • Drops file in System32 directory
                • Modifies data under HKEY_USERS
                PID:6176
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 681C4450D7AB0BB79EEA620C7CCF7760 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5760
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding AC9DFCA8C32394252BCDCE767DDDF61F E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5680
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 5733C712474F2F67A76FBADC3B93E2B2 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:6000
            • C:\Windows\system32\vssvc.exe
              C:\Windows\system32\vssvc.exe
              1⤵
              • Checks SCSI registry key(s)
              • Suspicious use of AdjustPrivilegeToken
              PID:1948
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in System32 directory
              • Drops file in Program Files directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Modifies system certificate store
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1804
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:1448
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "f0b72499-97ae-4048-8ee1-5115062cb584" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Qn3yfIAB
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:4328
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "2a026f3f-c0d2-4ad8-b0b4-5a42b5ac1717" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Qn3yfIAB
                2⤵
                • Drops file in System32 directory
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:2556
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "ce1fe322-151b-4ea9-a9e1-e9b071baa673" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Qn3yfIAB
                2⤵
                • Executes dropped EXE
                PID:4884
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "1c49cdae-9f60-4cd9-b3bd-4ca77fa123b2" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Qn3yfIAB
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:1628
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                  3⤵
                  • Drops file in System32 directory
                  • Command and Scripting Interpreter: PowerShell
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1660
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  3⤵
                  • Suspicious use of WriteProcessMemory
                  PID:740
                  • C:\Windows\system32\cscript.exe
                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    4⤵
                    • Modifies data under HKEY_USERS
                    PID:3500
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "797944f0-a0ec-4a76-a7f0-5be0528eebc7" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Qn3yfIAB
                2⤵
                • Downloads MZ/PE file
                • Drops file in System32 directory
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:2548
                • C:\Windows\TEMP\SplashtopStreamer.exe
                  "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                  3⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Modifies data under HKEY_USERS
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:5552
                  • C:\Windows\Temp\unpack\PreVerCheck.exe
                    "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    4⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:6024
                    • C:\Windows\SysWOW64\msiexec.exe
                      msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                      5⤵
                      • System Location Discovery: System Language Discovery
                      PID:6116
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "08d1b180-2585-47cb-83c8-5786672a262e" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Qn3yfIAB
                2⤵
                • Drops file in System32 directory
                • Executes dropped EXE
                • Loads dropped DLL
                PID:2208
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in Program Files directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3608
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:956
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "08d1b180-2585-47cb-83c8-5786672a262e" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Qn3yfIAB
                2⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:5792
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "eed04e42-ac0a-4c25-a34f-a108e72444ea" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Qn3yfIAB
                2⤵
                  PID:3096
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                    3⤵
                    • Drops file in System32 directory
                    • Command and Scripting Interpreter: PowerShell
                    • Modifies data under HKEY_USERS
                    PID:2264
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                      PID:6312
                      • C:\Windows\system32\cscript.exe
                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                        4⤵
                        • Modifies data under HKEY_USERS
                        PID:6320
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "1596affd-c5d2-4630-8d29-34fb5a9e6705" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Qn3yfIAB
                    2⤵
                    • Writes to the Master Boot Record (MBR)
                    PID:796
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "65dd22c0-f2a2-419b-8508-f05c10a03d46" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Qn3yfIAB
                    2⤵
                      PID:5512
                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=00d3075e90920d942e79fc9ed274694d&rmm_session_pwd_ttl=86400"
                        3⤵
                        • System Location Discovery: System Language Discovery
                        PID:2408
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "919ddacc-c189-450f-a339-ef691aeb80a0" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Qn3yfIAB
                      2⤵
                      • Drops file in System32 directory
                      PID:4196
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "0088397d-abcb-42dc-9cd3-8797a5b5e1af" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Qn3yfIAB
                      2⤵
                      • Drops file in System32 directory
                      PID:1536
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "ba57b79f-fe57-4eca-b3e0-11fe829f6368" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Qn3yfIAB
                      2⤵
                        PID:4776
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "caf1f252-662a-4b71-9000-d9777ef3915b" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Qn3yfIAB
                        2⤵
                        • Drops file in System32 directory
                        PID:6040
                        • C:\Windows\SYSTEM32\msiexec.exe
                          "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                          3⤵
                          • Modifies data under HKEY_USERS
                          PID:5888
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "8aebb694-66d0-4b83-9823-5b80d854e3ef" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjMubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC4zIn0=" 001Q300000Qn3yfIAB
                        2⤵
                        • Drops file in System32 directory
                        PID:5636
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "b4afc3a0-6030-4369-80dc-84b40d6e4fe6" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Qn3yfIAB
                        2⤵
                        • Drops file in System32 directory
                        • Modifies registry class
                        PID:2448
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "a08ccf91-bc43-4f7b-bf28-4a97ae86b581" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMn0ifQ==" 001Q300000Qn3yfIAB
                        2⤵
                          PID:4340
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "10e0c32a-89a7-4508-91cb-316b390e7860" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Qn3yfIAB
                          2⤵
                          • Drops file in System32 directory
                          PID:5296
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "fed5cb7a-8181-488a-bf7c-22dfa82654fa" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Qn3yfIAB
                          2⤵
                          • Drops file in System32 directory
                          PID:5916
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "fcad9f2b-7885-486b-bceb-70798b4d6a9e" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Qn3yfIAB
                          2⤵
                          • Downloads MZ/PE file
                          • Drops file in System32 directory
                          PID:6692
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:5260
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:2220
                          • C:\Program Files\dotnet\dotnet.exe
                            "C:\Program Files\dotnet\dotnet" --list-runtimes
                            3⤵
                            • System Time Discovery
                            PID:6608
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                            3⤵
                            • System Location Discovery: System Language Discovery
                            PID:6412
                            • C:\Windows\Temp\{333C69D1-2321-4816-BF8F-1CE51EBBEA8D}\.cr\8-0-11.exe
                              "C:\Windows\Temp\{333C69D1-2321-4816-BF8F-1CE51EBBEA8D}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=588 -burn.filehandle.self=728 /repair /quiet /norestart
                              4⤵
                              • System Location Discovery: System Language Discovery
                              • System Time Discovery
                              PID:1220
                              • C:\Windows\Temp\{9BB5D29D-ECB3-4F4E-9B3D-C509ECDACBF7}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                "C:\Windows\Temp\{9BB5D29D-ECB3-4F4E-9B3D-C509ECDACBF7}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{12C30C28-33C1-4D07-8AE2-C8BE13F1FBBB} {D69B47FB-8FEA-4745-AFCF-9086C08307E6} 1220
                                5⤵
                                • Adds Run key to start application
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                • System Time Discovery
                                • Modifies registry class
                                PID:5304
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:3400
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:4196
                          • C:\Windows\SYSTEM32\cmd.exe
                            "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                            3⤵
                            • System Time Discovery
                            PID:4732
                            • C:\Program Files\dotnet\dotnet.exe
                              dotnet --list-runtimes
                              4⤵
                              • System Time Discovery
                              PID:6536
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "82993683-d2ac-432a-a656-ca138cfc0cdc" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Qn3yfIAB
                          2⤵
                            PID:6720
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "29c57784-3732-4769-8858-c87bb29c2349" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Qn3yfIAB
                            2⤵
                            • Drops file in System32 directory
                            PID:6760
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                          1⤵
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5268
                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                            2⤵
                            • Drops file in System32 directory
                            • Loads dropped DLL
                            • System Location Discovery: System Language Discovery
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5928
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                              -h
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SetWindowsHookEx
                              PID:5920
                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                              3⤵
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5644
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                4⤵
                                  PID:5680
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of SetWindowsHookEx
                                PID:1236
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                3⤵
                                • System Location Discovery: System Language Discovery
                                PID:5488
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                  SRUtility.exe -r
                                  4⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:3972
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                3⤵
                                • Suspicious use of SetWindowsHookEx
                                PID:2572
                          • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                            "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                            1⤵
                            • Drops file in Program Files directory
                            • Modifies data under HKEY_USERS
                            PID:6108
                            • C:\Windows\System32\sc.exe
                              "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              2⤵
                              • Launches sc.exe
                              PID:5128
                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "d48b4b72-24f9-4cf5-bbd1-68639df7ade4" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000Qn3yfIAB
                              2⤵
                                PID:4956
                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "a0b383a5-d2b7-47e2-bca3-c2864202a482" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Qn3yfIAB
                                2⤵
                                  PID:5384
                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "dad15445-a58a-429c-8257-06582002d515" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjMubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC4zIn0=" 001Q300000Qn3yfIAB
                                  2⤵
                                    PID:5736
                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "e9a72029-8fa9-4887-a2cc-cbd8cfd38a4c" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMn0ifQ==" 001Q300000Qn3yfIAB
                                    2⤵
                                    • Modifies data under HKEY_USERS
                                    PID:7164
                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "6c0338b3-7b04-416b-aad9-542f7ce6692e" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000Qn3yfIAB
                                    2⤵
                                      PID:5224
                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "365dc6ed-cbf8-4241-89ec-07aca2c6fbea" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Qn3yfIAB
                                      2⤵
                                        PID:6908
                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                          3⤵
                                          • Drops file in System32 directory
                                          • Command and Scripting Interpreter: PowerShell
                                          • Modifies data under HKEY_USERS
                                          PID:6772
                                        • C:\Windows\System32\cmd.exe
                                          "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                          3⤵
                                            PID:6484
                                            • C:\Windows\system32\cscript.exe
                                              cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                              4⤵
                                              • Modifies data under HKEY_USERS
                                              PID:4460
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "cbd00b04-0db0-455a-a250-31768504dbce" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000Qn3yfIAB
                                          2⤵
                                            PID:5296
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "08fc64b7-d2c6-4c13-acd4-f3169eb1b291" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000Qn3yfIAB
                                            2⤵
                                              PID:5388
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "bd606e3e-5b48-4b35-9c3a-8728f6536a7c" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000Qn3yfIAB
                                              2⤵
                                                PID:3964
                                                • C:\Windows\SYSTEM32\cmd.exe
                                                  "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                  3⤵
                                                  • System Time Discovery
                                                  PID:1428
                                                  • C:\Program Files\dotnet\dotnet.exe
                                                    dotnet --list-runtimes
                                                    4⤵
                                                    • System Time Discovery
                                                    PID:3660
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "d8e01f7d-7301-40c4-8fb8-c73c39e20c15" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000Qn3yfIAB
                                                2⤵
                                                • Modifies data under HKEY_USERS
                                                PID:5996
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "71e47211-09e9-402c-8e66-d2da83b731ca" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000Qn3yfIAB
                                                2⤵
                                                  PID:3732
                                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=00d3075e90920d942e79fc9ed274694d&rmm_session_pwd_ttl=86400"
                                                    3⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:1256
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "fb17b27c-9507-4bb0-9840-fbdff5726d79" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Qn3yfIAB
                                                  2⤵
                                                  • Writes to the Master Boot Record (MBR)
                                                  • Drops file in Program Files directory
                                                  PID:2192
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "6ede9f88-6d8b-4364-92ec-d83a1d0b0c42" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Qn3yfIAB
                                                  2⤵
                                                    PID:456
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "5fb13529-ce15-40af-b5e6-fb942719d9f0" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000Qn3yfIAB
                                                    2⤵
                                                      PID:5300
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 73ac10ac-b6e5-416c-8b60-9fa897271261 "700a60a4-e647-47e3-9f3d-79a563a6ebb6" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Qn3yfIAB
                                                      2⤵
                                                        PID:7152
                                                        • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                          "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "73ac10ac-b6e5-416c-8b60-9fa897271261" "700a60a4-e647-47e3-9f3d-79a563a6ebb6" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000Qn3yfIAB"
                                                          3⤵
                                                            PID:6736

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Reconnaissance

                                                      Resource Development

                                                      Initial Access

                                                      Execution

                                                      Command and Scripting Interpreter

                                                      1
                                                      T1059

                                                      PowerShell

                                                      1
                                                      T1059.001

                                                      Persistence

                                                      Boot or Logon Autostart Execution

                                                      1
                                                      T1547

                                                      Registry Run Keys / Startup Folder

                                                      1
                                                      T1547.001

                                                      Event Triggered Execution

                                                      2
                                                      T1546

                                                      Component Object Model Hijacking

                                                      1
                                                      T1546.015

                                                      Installer Packages

                                                      1
                                                      T1546.016

                                                      Pre-OS Boot

                                                      1
                                                      T1542

                                                      Bootkit

                                                      1
                                                      T1542.003

                                                      Privilege Escalation

                                                      Boot or Logon Autostart Execution

                                                      1
                                                      T1547

                                                      Registry Run Keys / Startup Folder

                                                      1
                                                      T1547.001

                                                      Event Triggered Execution

                                                      2
                                                      T1546

                                                      Component Object Model Hijacking

                                                      1
                                                      T1546.015

                                                      Installer Packages

                                                      1
                                                      T1546.016

                                                      Defense Evasion

                                                      Modify Registry

                                                      2
                                                      T1112

                                                      Pre-OS Boot

                                                      1
                                                      T1542

                                                      Bootkit

                                                      1
                                                      T1542.003

                                                      Subvert Trust Controls

                                                      1
                                                      T1553

                                                      Install Root Certificate

                                                      1
                                                      T1553.004

                                                      System Binary Proxy Execution

                                                      1
                                                      T1218

                                                      Msiexec

                                                      1
                                                      T1218.007

                                                      Credential Access

                                                      Discovery

                                                      Peripheral Device Discovery

                                                      2
                                                      T1120

                                                      Query Registry

                                                      4
                                                      T1012

                                                      System Information Discovery

                                                      3
                                                      T1082

                                                      System Location Discovery

                                                      1
                                                      T1614

                                                      System Language Discovery

                                                      1
                                                      T1614.001

                                                      System Time Discovery

                                                      1
                                                      T1124

                                                      Lateral Movement

                                                      Collection

                                                      Command and Control

                                                      Exfiltration

                                                      Impact

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Config.Msi\e5853c9.rbs
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        02cf6cc9d200841a1bb3fc53440ba4a4

                                                        SHA1

                                                        09426599455f84570b64c27e4bfd141b8483dd04

                                                        SHA256

                                                        547301953795bc37cb48888c199a7d719afb1027630cbf131f70a0d6348c3d67

                                                        SHA512

                                                        1a7d6247c609f0367ed4fb10060ebc8017a8c1d9afaae1a8ce3159336f2e0ed479b1ee703a69717dd8ddd5c8a083136d05c68f353d6b598c901e15c557e157f9

                                                        Download Submit

                                                      • C:\Config.Msi\e5853ce.rbs
                                                        Filesize

                                                        74KB

                                                        MD5

                                                        3cb3c0d239c141ba8e4afa5ff8cb17d6

                                                        SHA1

                                                        722a1e45726473ad2f4bf2b9319c62159cbba08c

                                                        SHA256

                                                        6e891db432b232b8f2b4722fde9ab9fd6695ac01a3798095ec1fe97d191b0468

                                                        SHA512

                                                        bf538571e72aba24145b9d532e1f0e764c1c2b5fb2755bbe9725aca11f01fe04bc5961df3d043d1fbd7bcb9ee103936470b475cff83c6858596b54b84431b3cc

                                                        Download Submit

                                                      • C:\Config.Msi\e5853d0.rbs
                                                        Filesize

                                                        464B

                                                        MD5

                                                        02f8b17f375837130d4033d67c440727

                                                        SHA1

                                                        d0dc113fc4b0841ce54e33dcab2cf0161b0061b7

                                                        SHA256

                                                        3d8bf462d79e677dfa39a28c488926b87665dc98725ba82b352e5d028d2f4a4c

                                                        SHA512

                                                        a1f612a99563271ac74ca35397e88933e0abf83def0100bfb0e6fd28417c6b2bd009a4ea4cce43f54801357826dfd046df76b42465e921f9638d82be3b74b8f9

                                                        Download Submit

                                                      • C:\Config.Msi\e5853d6.rbs
                                                        Filesize

                                                        9KB

                                                        MD5

                                                        aa6beef100a169f89ce02ba5ca8dbcbe

                                                        SHA1

                                                        09e76e4c3297b85468536b0f77d6a6abd22c80eb

                                                        SHA256

                                                        1b48adde9285632ebccd424fd8a8a0412fd0dd729ad013b84bec135dd6fa7c84

                                                        SHA512

                                                        84829a5e45d960539e39b3a718cb637fef3cc44e9a4e3058bae7a151c715c99ecec54691b0882d9e50587a0a2badbd63171e7412b3e0342f5a56d2963ed572e4

                                                        Download Submit

                                                      • C:\Config.Msi\e5853de.rbs
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        473ab6198d4a2df9c2f3dd102b32e3d0

                                                        SHA1

                                                        b81687322c53f5c921cd1a0d5ec88c6f2ca6329b

                                                        SHA256

                                                        90139489b14e6b2f083475c48eff0fe43f848a205cb0255e78182b7c4cd4ac5a

                                                        SHA512

                                                        efcec4b8a10e9858b0c833a1788f72e3c1c7c1bb6431f86dc13c46149e787ad6673bc4c1942a144d806ddb3c6e19353b3d903d04025ae33d38e4938c95f1199e

                                                        Download Submit

                                                      • C:\Config.Msi\e5853e3.rbs
                                                        Filesize

                                                        48KB

                                                        MD5

                                                        272e7c7486de2b8d0adc8815556408b1

                                                        SHA1

                                                        270004066095e9063dacf4aee455c78474622a32

                                                        SHA256

                                                        0b695420b43ef13937ce5860ff732728353cf3eb87fddc2e391cccd45cc9bbfb

                                                        SHA512

                                                        08110dfd776a2ccea94e82a5d79b31d2a75162af7c1122910e18e86e1ffdd1686742c0580b42a16b57e12b094584e503c554c0c5cd60cb89462b4378d4c86cf5

                                                        Download Submit

                                                      • C:\Config.Msi\e5853e8.rbs
                                                        Filesize

                                                        9KB

                                                        MD5

                                                        9aefab3916d5111cb3ea6ebb6fb2077c

                                                        SHA1

                                                        6572e684e5469ef338d4f51083e5f290473487c4

                                                        SHA256

                                                        bcbcba8407aeff9049f038aca1bca73c666390952b44651493ad684ded95d8a5

                                                        SHA512

                                                        368984f2dc9bb954868c2ba555044f82054b76f6370a9666d7001ea4527934800521116dff58a0de9bcebafc62c34073a4bc31933e1bfbb8cedf19dec23bd0e5

                                                        Download Submit

                                                      • C:\Config.Msi\e5853ed.rbs
                                                        Filesize

                                                        11KB

                                                        MD5

                                                        a9ae6c492d9ac4f48d042b7464b320dc

                                                        SHA1

                                                        24ccf174c3b4bec66f5f91deec083758616af9e5

                                                        SHA256

                                                        69c4e348f90f8bad9b9813f55540635c9b2a63dc92b208e4193bb405683c63f0

                                                        SHA512

                                                        c8d1a89fc68ce46b400c896d560e0155b18e4af2e7fdc5a332c13984f33c21061ae1d679ba6d05c8ef9547a00d6ae7a13aa88c25ea02bb779fd7711c48ff75e4

                                                        Download Submit

                                                      • C:\Config.Msi\e5853f2.rbs
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        a1bf3172b07f34896c927ce99f8fcd93

                                                        SHA1

                                                        c82f9746dde5d7d5e1805cbc5d86bc219974284f

                                                        SHA256

                                                        96d421f52b0136e4aac2330a01fe79edbc5c7f01bedb76de65f0422736aa86a6

                                                        SHA512

                                                        633d021c5db9a84bac253690f183f15f6270ee20f7c1f795990f2e0f515ed1edb8cc960508c5ae22ff5e5416d63405ee7c17408142c6d837f51f67d0ee9b6364

                                                        Download Submit

                                                      • C:\Config.Msi\e5853f3.rbf
                                                        Filesize

                                                        143KB

                                                        MD5

                                                        33b4c87f18b4c49114d7a8980241657a

                                                        SHA1

                                                        254c67b915e45ad8584434a4af5e06ca730baa3b

                                                        SHA256

                                                        587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                        SHA512

                                                        42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                        Download Submit

                                                      • C:\Config.Msi\e5853f4.rbf
                                                        Filesize

                                                        3B

                                                        MD5

                                                        21438ef4b9ad4fc266b6129a2f60de29

                                                        SHA1

                                                        5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                        SHA256

                                                        13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                        SHA512

                                                        37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        337079222a6f6c6edf58f3f981ff20ae

                                                        SHA1

                                                        1f705fc0faa84c69e1fe936b34783b301323e255

                                                        SHA256

                                                        ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                        SHA512

                                                        ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                        Filesize

                                                        142KB

                                                        MD5

                                                        477293f80461713d51a98a24023d45e8

                                                        SHA1

                                                        e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                        SHA256

                                                        a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                        SHA512

                                                        23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        b3bb71f9bb4de4236c26578a8fae2dcd

                                                        SHA1

                                                        1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                        SHA256

                                                        e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                        SHA512

                                                        fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                        Filesize

                                                        210KB

                                                        MD5

                                                        c106df1b5b43af3b937ace19d92b42f3

                                                        SHA1

                                                        7670fc4b6369e3fb705200050618acaa5213637f

                                                        SHA256

                                                        2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                        SHA512

                                                        616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                        Filesize

                                                        693KB

                                                        MD5

                                                        2c4d25b7fbd1adfd4471052fa482af72

                                                        SHA1

                                                        fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                        SHA256

                                                        2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                        SHA512

                                                        f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                        Filesize

                                                        146KB

                                                        MD5

                                                        8d477b63bc5a56ae15314bda8dea7a3a

                                                        SHA1

                                                        3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                        SHA256

                                                        9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                        SHA512

                                                        44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                        Filesize

                                                        145KB

                                                        MD5

                                                        d7b2ab03e3b1a165783362f5ca78c6d8

                                                        SHA1

                                                        3687d9b5ae423cb301665ecc90f18daf2d5de55d

                                                        SHA256

                                                        da6d12273298417c10fc1f0d727cc38284454733959a7418a2a8cf3968321cdb

                                                        SHA512

                                                        a8ebceef001d60799522114da17b098f23e7b19b1725f5bb91a971462bb14445226d5fa9fae3987399a531c838d912245d5dd3aa866e0cb230a86240ab1532ab

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                        Filesize

                                                        145KB

                                                        MD5

                                                        2b9beb2fdbc41afc48d68d32ef41dd08

                                                        SHA1

                                                        4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                        SHA256

                                                        977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                        SHA512

                                                        3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                        Filesize

                                                        51KB

                                                        MD5

                                                        3180c705182447f4bcc7ce8e2820b25d

                                                        SHA1

                                                        ad6486557819a33d3f29b18d92b43b11707aae6e

                                                        SHA256

                                                        5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                        SHA512

                                                        228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                        Filesize

                                                        12B

                                                        MD5

                                                        b9b3d6c686765a6b0b61a745d430375b

                                                        SHA1

                                                        9fc00362b4925e4f4e41fec32eaee14d1b3db906

                                                        SHA256

                                                        9a52038c8c84b12293b09dbc65aef1b15a54fc4b9a7a8b6c8bef9c4768155767

                                                        SHA512

                                                        6a5f58a8346128296c34f474c7e4ed0d1567439bc85ff5bb55091e953d7df6af6bca256eb2d7a5e3ece56d42610d235fa52ab283a7d00d4b31d0aae34be4fef7

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                        Filesize

                                                        247KB

                                                        MD5

                                                        849cacb8dff5de7ccc9c514229f6c931

                                                        SHA1

                                                        723669746e5f54fa419a02e9d90edfb659459cd5

                                                        SHA256

                                                        23f5cb1e889f1a8f5965a880e9858f4913fa40558c810c6cfc4d69d96c2c42f7

                                                        SHA512

                                                        c4d218611cd46832c9656ec873e8c277c918fdbab871b2265cca7024f805f9f7cf2873a4458391a25c3e0d56c3dcf94b12ff60116160b5db72052673fdf09755

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                        Filesize

                                                        1021B

                                                        MD5

                                                        51a41966b950af62998eee5043f543b0

                                                        SHA1

                                                        d4ce80134834a1f10d50a6cac3ca3a3e80ff1dc2

                                                        SHA256

                                                        f1461b023e02fac832979ebf9bfa59ee7043885c90fc8ee6f8077f07a1cb7097

                                                        SHA512

                                                        9c4ba08451116f92036ce24075a641eb5973b740bb876cb8ec7229dae10308364404f175b8abd1f0d6eefa73b9123fa857bf2c3b39577d767831444f99435936

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                        Filesize

                                                        109KB

                                                        MD5

                                                        17f6bfaeb887a39cad3433c6fd11e33e

                                                        SHA1

                                                        388df13dd0e7a6d94f7c949a48abc59ac9fb059b

                                                        SHA256

                                                        dfcc3dd196a4873b85ba2357ded27281cd7330ea05bfce1ba4134f3b16fb6531

                                                        SHA512

                                                        2a82ca12cbac5aab250f10a81281c13ccf24c94f365ce5b2b4e5271f54d2c4477a86b066c31e2e59c78d7f9dbb25d95796eecc0e6c503a249ba9b6b7eb2939b5

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                        Filesize

                                                        693KB

                                                        MD5

                                                        c945ce7d10429cbbb75d300f5ad6a2bb

                                                        SHA1

                                                        f4abee3f357d95064deb051ad869a1c65306334a

                                                        SHA256

                                                        b273634da59a6e13c97593118b36c6f9eacb37344796998dafa724459bae7681

                                                        SHA512

                                                        01558c4b14c8ba03901adca270e594ef33c5181013c5df171a3533deaeb4327e1da5c82301cda5652f6290c78bf460f26c0d8fe19eb03a130ec5eac6ef824dde

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                        Filesize

                                                        27KB

                                                        MD5

                                                        797c9554ec56fd72ebb3f6f6bef67fb5

                                                        SHA1

                                                        40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                        SHA256

                                                        7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                        SHA512

                                                        4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                        Filesize

                                                        214KB

                                                        MD5

                                                        01807774f043028ec29982a62fa75941

                                                        SHA1

                                                        afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                        SHA256

                                                        9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                        SHA512

                                                        33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                        Filesize

                                                        37KB

                                                        MD5

                                                        efb4712c8713cb05eb7fe7d87a83a55a

                                                        SHA1

                                                        c94d106bba77aecf88540807da89349b50ea5ae7

                                                        SHA256

                                                        30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                        SHA512

                                                        3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                        Filesize

                                                        3.5MB

                                                        MD5

                                                        723a7f489fb1861821fee5f5de0acba0

                                                        SHA1

                                                        ad76a8ec8cd52346c575894e08c458e1adf620b7

                                                        SHA256

                                                        0b1afe081f2e2aefdcf40cada67e79e287536999e99145748aeeb4f0010730f5

                                                        SHA512

                                                        b3ea87dd52d79b73b443154b71ea44da1ce86032bb4646d2a2813218e55113b3c1b854dc638229ecda370fa49863228dea1e86b6d455457095a9de865e25b0e1

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                        Filesize

                                                        396KB

                                                        MD5

                                                        b5929e2ca0e402a373b633bb78d0414a

                                                        SHA1

                                                        38146d4f3ddca1b1e854bf638b7722356e5e2195

                                                        SHA256

                                                        d7b43a4807e1841b94353656fcfd45b69f7550adf137c56aefb85104883fb821

                                                        SHA512

                                                        65e02019656d61238b8fc784496eb6ccf238a5f6eff9b101893641cb45d9c63058cf67abb2bc75007e9e2726458115eb8e9ad9a4cf34a86435ea637dc78c3ea6

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                        Filesize

                                                        56KB

                                                        MD5

                                                        7d749e5c46fea2bea2e5173befe38a92

                                                        SHA1

                                                        d21d0db498748e75341531f5d4220df5e9b59e4d

                                                        SHA256

                                                        1b711b33b1ce51a943f6f546a73adbe6b4d1a9c4569afa86f24be8c642ae07fe

                                                        SHA512

                                                        e127edb335ff9807734a1e4e310f22c09a1fd40ef523ecc6b3a146d3da0e8e06da0da336aa4cbffdd6f157b96c12f22800b5cbbbade77c8f327bc73669abeb3c

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                        Filesize

                                                        205KB

                                                        MD5

                                                        df56f2b155823b6acab45139c3a48367

                                                        SHA1

                                                        05fc8e4a0eae77e259a85db1f34c10ae978416cf

                                                        SHA256

                                                        abe2f4422997c38308ceb941b6ab33bc5978c22d2e95ff0c1ae18f203bbc090e

                                                        SHA512

                                                        76878818e23da0bb4293183e739b738a68ca2c39ac102b00de108123f36c210e37f0554235c3723ae4a54a3404e69b4b6d4ad82427895d31b21a898f82513734

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                        Filesize

                                                        54KB

                                                        MD5

                                                        77c613ffadf1f4b2f50d31eeec83af30

                                                        SHA1

                                                        76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                        SHA256

                                                        2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                        SHA512

                                                        29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                        Filesize

                                                        333KB

                                                        MD5

                                                        745714d838c4d4f88c6e0db6a434f444

                                                        SHA1

                                                        90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                        SHA256

                                                        e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                        SHA512

                                                        08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                        Filesize

                                                        70KB

                                                        MD5

                                                        e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                        SHA1

                                                        22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                        SHA256

                                                        bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                        SHA512

                                                        00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                        Filesize

                                                        50KB

                                                        MD5

                                                        5bb0687e2384644ea48f688d7e75377b

                                                        SHA1

                                                        44e4651a52517570894cfec764ec790263b88c4a

                                                        SHA256

                                                        963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                        SHA512

                                                        260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                        Filesize

                                                        32KB

                                                        MD5

                                                        653e24836cca87a61fdc0443842d02f9

                                                        SHA1

                                                        d3419ee871b4f18a2cf690208a4ac9917aa133eb

                                                        SHA256

                                                        e3dff2e33ebf10fd7364e01401894f8ed1216c3d10e85483f0d16004812da19c

                                                        SHA512

                                                        a76dd7572b2a12256039c6fd537d440146d3c3c0a02d91af9378239c5380bf907528018b4cb02031352ee025deb83f333e950f1517b1c17b49739e0186dfdc62

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                        Filesize

                                                        60KB

                                                        MD5

                                                        5c5c5f5be28276fb9a808d93eef71267

                                                        SHA1

                                                        e89938944bdf0cf7d91bc37ff1f129749f2989f9

                                                        SHA256

                                                        6ee89d62bde6c8656a70dfeb3665e96288dc3c77ea67e955ff041c6bef8065dc

                                                        SHA512

                                                        ee568509ba54c90c82423f36d7bf34407a34fd748df38871f53d4e35b28502d50fb2f6dddaf1e55c427c4ad99142a9e1e9b9763abbc2a8cee457af349df23f7b

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                        Filesize

                                                        588KB

                                                        MD5

                                                        17d74c03b6bcbcd88b46fcc58fc79a0d

                                                        SHA1

                                                        bc0316e11c119806907c058d62513eb8ce32288c

                                                        SHA256

                                                        13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                        SHA512

                                                        f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                        Download Submit

                                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                        Filesize

                                                        218B

                                                        MD5

                                                        eaca9952812c62e7cb5a9238507feb02

                                                        SHA1

                                                        cb12d5214c4bceb8024308b4135399076323bb33

                                                        SHA256

                                                        31015a48fd431cf2a95237c6664854fe0cb84d54bafc0d0b1351559ca5c436d9

                                                        SHA512

                                                        3a4fb04cc7c200ab298f72e86a28c2807baa89e589fcf7cbaa6d649dc00cdd7f01dce937aa75d8647eea9b6d0c9d0fb3a3bfb6d55471ae69c00fa312016e167b

                                                        Download Submit

                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                        Filesize

                                                        9KB

                                                        MD5

                                                        1ef7574bc4d8b6034935d99ad884f15b

                                                        SHA1

                                                        110709ab33f893737f4b0567f9495ac60c37667c

                                                        SHA256

                                                        0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                        SHA512

                                                        947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                        Download Submit

                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                        Filesize

                                                        10KB

                                                        MD5

                                                        f512536173e386121b3ebd22aac41a4e

                                                        SHA1

                                                        74ae133215345beaebb7a95f969f34a40dda922a

                                                        SHA256

                                                        a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                        SHA512

                                                        1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                        Download Submit

                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                        Filesize

                                                        76KB

                                                        MD5

                                                        b40fe65431b18a52e6452279b88954af

                                                        SHA1

                                                        c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                        SHA256

                                                        800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                        SHA512

                                                        e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                        Download Submit

                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                        Filesize

                                                        80KB

                                                        MD5

                                                        3904d0698962e09da946046020cbcb17

                                                        SHA1

                                                        edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                        SHA256

                                                        a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                        SHA512

                                                        c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                        Download Submit

                                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                        Filesize

                                                        92KB

                                                        MD5

                                                        911def7410e645e189e82ab0548b563c

                                                        SHA1

                                                        704799546c1c11eed911a2acafd29c26069e53ab

                                                        SHA256

                                                        263d6456516a91a5fcae1bd7ef2bcf6c457af9c11f8a4201f075476dbed4ebfb

                                                        SHA512

                                                        85fd834ea6d2a15f79644ecbe11c5b2bf51976fa60f25ea8091fa07978716d7ac7b4eec7f364a716f6500fa96b20ccb7d0f1f8c3e99ded9342b23dbb85a31d83

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                        Filesize

                                                        287B

                                                        MD5

                                                        fcad4da5d24f95ebf38031673ddbcdb8

                                                        SHA1

                                                        3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                        SHA256

                                                        7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                        SHA512

                                                        1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        362ce475f5d1e84641bad999c16727a0

                                                        SHA1

                                                        6b613c73acb58d259c6379bd820cca6f785cc812

                                                        SHA256

                                                        1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                        SHA512

                                                        7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                        Filesize

                                                        1.3MB

                                                        MD5

                                                        40df7f2a02cdfa70ae76d70d21473428

                                                        SHA1

                                                        4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                        SHA256

                                                        f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                        SHA512

                                                        2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.runtimeconfig.json
                                                        Filesize

                                                        375B

                                                        MD5

                                                        e8d9109bd15637b1fbf349f9c7ff776f

                                                        SHA1

                                                        19762daa20afc8085ba6417a7215f1fe2d619f60

                                                        SHA256

                                                        c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                        SHA512

                                                        5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software.zip
                                                        Filesize

                                                        1.6MB

                                                        MD5

                                                        a200756f60c7f437127e6883f72ed609

                                                        SHA1

                                                        b882102b7a418d034bd857fa4878c2a219f2f5e2

                                                        SHA256

                                                        8a67a2ba74c799da7e45ebe63add46dfdd5fcfa4218e30a77b72f47c79dc84f2

                                                        SHA512

                                                        a076ee7ac35e8db305955f918a439c0861f0fa4a1846904a8acae1a20fc1e7ad5551fe9e38b29f97428b6680128377f96e325c874f47c5b7b4e2f840d7630803

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                        Filesize

                                                        1.8MB

                                                        MD5

                                                        5ed9543e9f5826ead203316ef0a8863d

                                                        SHA1

                                                        8235c0e7568ec42d6851c198adc76f006883eb4b

                                                        SHA256

                                                        33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                        SHA512

                                                        5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                        Filesize

                                                        1.1MB

                                                        MD5

                                                        9a9b1fd85b5f1dcd568a521399a0d057

                                                        SHA1

                                                        34ed149b290a3a94260d889ba50cb286f1795fa6

                                                        SHA256

                                                        88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                        SHA512

                                                        7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                        Filesize

                                                        673KB

                                                        MD5

                                                        63a422ae6bf3e855a6ad03e38fd9227d

                                                        SHA1

                                                        bd2b4d36fd46ee68210df03834b49efa3d92fe0c

                                                        SHA256

                                                        96914b93e416796b415cf63210345f0c5a806aeafb9a6c61bf2a2acfef756b34

                                                        SHA512

                                                        40cbde0a05c73509c8f1f55c13e720ca91016fbbe5eca688dcc2af71a12049680502ed7062994b3c26a22924b41b1c1cc11a6a463446b0d27c7293298b243793

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                        Filesize

                                                        321KB

                                                        MD5

                                                        d3901e62166e9c42864fe3062cb4d8d5

                                                        SHA1

                                                        c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                        SHA256

                                                        dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                        SHA512

                                                        ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                        Filesize

                                                        814KB

                                                        MD5

                                                        9b1f97a41bfb95f148868b49460d9d04

                                                        SHA1

                                                        768031d5e877e347a249dfdeab7c725df941324b

                                                        SHA256

                                                        09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                        SHA512

                                                        9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                        Filesize

                                                        1.2MB

                                                        MD5

                                                        e74d2a16da1ddb7f9c54f72b8a25897c

                                                        SHA1

                                                        32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                        SHA256

                                                        a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                        SHA512

                                                        52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                        Filesize

                                                        12B

                                                        MD5

                                                        b2d5d511002960697118598e9233b21d

                                                        SHA1

                                                        9f0c9252594d590e47027d9fb6afc34abbd3d6f1

                                                        SHA256

                                                        a7a70e5be36672e698230c01904255958bf3e5d81bb5655ffc8dc9221b6134be

                                                        SHA512

                                                        d773d1c77c59c51270ec4f1357ae227e81ca599a98798001ad2c587f1b54877501128a9895ebdc47a5d0a0372a2804ecdc9fb9b47f1ea53607c54eb74a4a7dd7

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                        Filesize

                                                        48KB

                                                        MD5

                                                        b4a865268d5aca5f93bab91d7d83c800

                                                        SHA1

                                                        95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                        SHA256

                                                        5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                        SHA512

                                                        c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                        Filesize

                                                        48KB

                                                        MD5

                                                        e6fa58cf8c6a92f9ae7ebe437243e55e

                                                        SHA1

                                                        cedb8d747b6d4b3acc8ade508a685002e6220a31

                                                        SHA256

                                                        6014a1febc1704eff54a620cf9d55920ac1a7693ac56312940bb736931592f46

                                                        SHA512

                                                        6fc10b0866fd86bf5bff5f5029731f24d8d1b2a0101eb6e71eafb02ab98f37fb3c4146362b5bdb693d60e0d753aec845a924aa5a0d78b6259cdfa96d7c46c587

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                        Filesize

                                                        48KB

                                                        MD5

                                                        f1bf9202825edbd8a925856b224dc78e

                                                        SHA1

                                                        396a6b5dda1ec90c13ea3286aac89e13b60507d1

                                                        SHA256

                                                        bafd23566943a2ce7d45b5ac311070bc55894646122458af18b9689a0e89853e

                                                        SHA512

                                                        f46faee301718f3a49f4f883a6b72b48e4a63a14c2a7ddb95935b58b09a9de286c0305399bc7f05000a8c213c7a3ffc758332de1964a00a4497061a6f5078e47

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                        Filesize

                                                        2.8MB

                                                        MD5

                                                        f6c4a6114f919d27bec0f97104c40eb9

                                                        SHA1

                                                        07f41a3879693e2df43010b95227fda85d8b47ce

                                                        SHA256

                                                        46944f150ce3a6e1860420d4a188228512f4f320e69f120915c50e40f31f9fa4

                                                        SHA512

                                                        2d9aa036d946362de68dd12add53aab369b60d98ecf7ba928b1553d19d46158d192104da217c4e18d3f7a12a51d0fb5fc4b7677320bfc89f5eabbe803661f252

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                        Filesize

                                                        1.1MB

                                                        MD5

                                                        6c6f85e896655a6eb726482f04c49086

                                                        SHA1

                                                        2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                        SHA256

                                                        e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                        SHA512

                                                        b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.ini
                                                        Filesize

                                                        11B

                                                        MD5

                                                        5eda46a55c61b07029e7202f8cf1781c

                                                        SHA1

                                                        862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                        SHA256

                                                        12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                        SHA512

                                                        4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                        Filesize

                                                        541B

                                                        MD5

                                                        d0efb0a6d260dbe5d8c91d94b77d7acd

                                                        SHA1

                                                        e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                        SHA256

                                                        7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                        SHA512

                                                        a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                        Filesize

                                                        12B

                                                        MD5

                                                        880d31390a25de6a9cd34463b46c75e6

                                                        SHA1

                                                        837af65938c9606b5de3c6f2195fc3e855554cd7

                                                        SHA256

                                                        425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                        SHA512

                                                        8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                        Filesize

                                                        670KB

                                                        MD5

                                                        96e50bbca30d75af7b8b40acf8dda817

                                                        SHA1

                                                        4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                        SHA256

                                                        a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                        SHA512

                                                        0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                        Filesize

                                                        3.1MB

                                                        MD5

                                                        8521aaed55b11624c6ecfbf96f9c7075

                                                        SHA1

                                                        49e5dd2c3c7bced8f133aa84c903b3770a70ee37

                                                        SHA256

                                                        e946b42b249411a89660252ea65e760a6b3c22ac95f4122a405bce04d511820e

                                                        SHA512

                                                        080fc4392d5f2eb9bb88ca853347d2bac51a936c38df7cef7eedbd206dac0d51c262ed13095eaca62251730197d5353b7abee5c57f6421308aaabd9ac69622b8

                                                        Download Submit

                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                        Filesize

                                                        571KB

                                                        MD5

                                                        f41e9ef0f54bfc3ea79f7637d4ed1231

                                                        SHA1

                                                        41dff80bb43f29b1a417fa99238db2bb6ac7a29e

                                                        SHA256

                                                        b2be0b6ade2ccb3fc0b93cf226c08664f71c7dc55d7ca6d334ee4e77610585f1

                                                        SHA512

                                                        3ee90a0c459185cceaf1456dbba2d1504067ceb15ed656c9f579d13b3e1e1171415c837ad37ab77f030a91e106a01066ac212f83d7449ef403ad3702ad25dba5

                                                        Download Submit

                                                      • C:\Program Files\dotnet\dotnet.exe
                                                        Filesize

                                                        143KB

                                                        MD5

                                                        71026b098f8fb39c88b003df746d9fa0

                                                        SHA1

                                                        013ca259f551ad6f33db53fff0e121e74408e20e

                                                        SHA256

                                                        11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                        SHA512

                                                        9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                        Download Submit

                                                      • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\865950bdb40a1e4863b8a0d0de584bbd
                                                        Filesize

                                                        16KB

                                                        MD5

                                                        b2e89027a140a89b6e3eb4e504e93d96

                                                        SHA1

                                                        f3b1b34874b73ae3032decb97ef96a53a654228f

                                                        SHA256

                                                        5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                        SHA512

                                                        93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                        Filesize

                                                        471B

                                                        MD5

                                                        3e1a60ee3911d7db9d0e888d8364648d

                                                        SHA1

                                                        5114269aa75dfe658e717892b6c5220671c9da3d

                                                        SHA256

                                                        7f48be87830cf00e11951318ecdcad7d2b76c3efa957f76dbc02b487c724f7b6

                                                        SHA512

                                                        658fdda93a29abdc71bceb97473aeaa0bb707d440531cf5bad67c050562fe982f6cbce772b897a94e10ac2e51152b3599be10601518a3830b5d741dea82ea510

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                        Filesize

                                                        727B

                                                        MD5

                                                        d9d9e849b4b1b7087bfc7348f20b5631

                                                        SHA1

                                                        003f733f1dedb4be9babc9ab29adba972ea3a4a3

                                                        SHA256

                                                        dde62c239bcff123d28bd3aa320442a4d6e56c4c924a33eb2f58827eac6ff106

                                                        SHA512

                                                        01d758f97424363fa7ea01358f801575588e45df5a3fafa44e4cd60ae1490b5e62a4a934c14333fcf532e16905488a2de96b0cc90a6ebabdca53a0c6cb02e7a1

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                        Filesize

                                                        727B

                                                        MD5

                                                        6ef6199738fa0017b44408283562b200

                                                        SHA1

                                                        5fe9fff204721b652e7b7aa1254ad1b8a773d3a8

                                                        SHA256

                                                        e5922f2df9a8a610b8efaa7e8c4f2b7dac5d52de732cd2cd734a7ef628d534eb

                                                        SHA512

                                                        83bdc00b6242b18cecf7c03cc26117536638e81591bcadec34c42cfab0baeb28060d77efd0b94db2e8ba82bc50fe0b1e755d1ac5071efde81a7c0b870a0ad4dd

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                        Filesize

                                                        400B

                                                        MD5

                                                        be33537fb5d185817b97ecd0d158ea23

                                                        SHA1

                                                        5c510c97ac24d4b16c3bc14c1f6eafe7f4c53ffb

                                                        SHA256

                                                        5f26cf58acfafab7c08deb02ea45dc6d0aefc660491baa1e2e7cf21c1d744859

                                                        SHA512

                                                        e1d1078d7ca0888f8c0fff7d0e03e34519cc6f8fd30185ba573a3d282e5e4ccb65f7fd88e14e9807d3eec2d78e9b389d63fba6a0e13d594c57754689038877a9

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                        Filesize

                                                        412B

                                                        MD5

                                                        4301b9c5cb1899c75003804ac4f4470b

                                                        SHA1

                                                        219480088471366fa6c579515aed2d29346b25b2

                                                        SHA256

                                                        d65d7f1fa0b57a55b9eb056ab313f4a0a487e7ffdff010a84c1c144132b47978

                                                        SHA512

                                                        c1bcb690300deaf9be5a437bcc953af61a6f26c2b280a568162d34811c77d1a48609846d538e4dab8f7e057f2a24af6bb4e419dadde93f72b52c8ca990b67739

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                        Filesize

                                                        412B

                                                        MD5

                                                        7cb5245467d55ebd3f8eca861e9d1530

                                                        SHA1

                                                        88f7832e58bdd32613d4f9352836c48689af0abf

                                                        SHA256

                                                        ed2bc5ad47b243e8718555208776168de72cc96dc7b9f82dfebed63697f36923

                                                        SHA512

                                                        483413c29cdfeb309039800f988d9f14e20eb3245f3e6bd3ffefb8ed146ec4fad6eef49232caa3cddacc4c87b8d1318fd5d976ae1072ed08fd7f7ac2a42db47e

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                        Filesize

                                                        651B

                                                        MD5

                                                        9bbfe11735bac43a2ed1be18d0655fe2

                                                        SHA1

                                                        61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                        SHA256

                                                        549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                        SHA512

                                                        a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI2F94.tmp-\System.Management.dll
                                                        Filesize

                                                        60KB

                                                        MD5

                                                        878e361c41c05c0519bfc72c7d6e141c

                                                        SHA1

                                                        432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                        SHA256

                                                        24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                        SHA512

                                                        59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI5474.tmp
                                                        Filesize

                                                        509KB

                                                        MD5

                                                        88d29734f37bdcffd202eafcdd082f9d

                                                        SHA1

                                                        823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                        SHA256

                                                        87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                        SHA512

                                                        1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI5474.tmp-\AlphaControlAgentInstallation.dll
                                                        Filesize

                                                        25KB

                                                        MD5

                                                        aa1b9c5c685173fad2dabebeb3171f01

                                                        SHA1

                                                        ed756b1760e563ce888276ff248c734b7dd851fb

                                                        SHA256

                                                        e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                        SHA512

                                                        d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI5474.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                        Filesize

                                                        179KB

                                                        MD5

                                                        1a5caea6734fdd07caa514c3f3fb75da

                                                        SHA1

                                                        f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                        SHA256

                                                        cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                        SHA512

                                                        a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI5976.tmp-\CustomAction.config
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        bc17e956cde8dd5425f2b2a68ed919f8

                                                        SHA1

                                                        5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                        SHA256

                                                        e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                        SHA512

                                                        02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI5976.tmp-\Newtonsoft.Json.dll
                                                        Filesize

                                                        695KB

                                                        MD5

                                                        715a1fbee4665e99e859eda667fe8034

                                                        SHA1

                                                        e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                        SHA256

                                                        c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                        SHA512

                                                        bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI604F.tmp
                                                        Filesize

                                                        211KB

                                                        MD5

                                                        a3ae5d86ecf38db9427359ea37a5f646

                                                        SHA1

                                                        eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                        SHA256

                                                        c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                        SHA512

                                                        96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                        Download Submit

                                                      • C:\Windows\Installer\MSI6AA9.tmp
                                                        Filesize

                                                        219KB

                                                        MD5

                                                        928f4b0fc68501395f93ad524a36148c

                                                        SHA1

                                                        084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                        SHA256

                                                        2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                        SHA512

                                                        7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                        Download Submit

                                                      • C:\Windows\Installer\MSIBDAC.tmp
                                                        Filesize

                                                        4.5MB

                                                        MD5

                                                        08211c29e0d617a579ffa2c41bde1317

                                                        SHA1

                                                        4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                        SHA256

                                                        3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                        SHA512

                                                        d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                        Download Submit

                                                      • C:\Windows\Installer\e5853c8.msi
                                                        Filesize

                                                        2.9MB

                                                        MD5

                                                        e6b0bc0456d57fd0234df8dc69eee35e

                                                        SHA1

                                                        02f317c3b6d2087d567aa2c5d67daca568eff615

                                                        SHA256

                                                        6f22f8115db51b4b9881c47cd1d57962c3b719f0206ca4bf2bdbaab6c23497da

                                                        SHA512

                                                        f9ba0ba25d0be16cff1117fdc5642f4b6a481cd28ffebdb4502b96fb75c942caa6a933e30f0168a1e9e0790308b264c6618a863830adb59de8b9aaf8ae45773b

                                                        Download Submit

                                                      • C:\Windows\Installer\e5853e4.msi
                                                        Filesize

                                                        26.3MB

                                                        MD5

                                                        b9c6d23462adef092b8a5b7880531b03

                                                        SHA1

                                                        9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                        SHA256

                                                        2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                        SHA512

                                                        18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                        Download Submit

                                                      • C:\Windows\Installer\e5853e5.msi
                                                        Filesize

                                                        772KB

                                                        MD5

                                                        d73de5788ab129f16afdd990d8e6bfa9

                                                        SHA1

                                                        88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                        SHA256

                                                        4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                        SHA512

                                                        bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                        Download Submit

                                                      • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-15-16-39.dat
                                                        Filesize

                                                        602B

                                                        MD5

                                                        6dd7dc9d702ac59827511ca687091c22

                                                        SHA1

                                                        bb69f7962d75a392374c40b86e64b7ab5d63f3cb

                                                        SHA256

                                                        1418d773b39bec52c95cb29b1d2308cc80e44c126a637de7fd20a58b91c87c18

                                                        SHA512

                                                        55527f09e5895847485e66dfd7de6dd9b45691b556bdd009a8f6652585e175fc246dc6b600c7516cfef824b6c7fdbccfcbf5fac8595914ae574571fd12c9d5bc

                                                        Download Submit

                                                      • C:\Windows\Temp\InstallUtil.log
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        95f68921444b5e8ecdbc47c33ca60cb3

                                                        SHA1

                                                        112d7ab896e09b7ea606c9822037cffdb972489b

                                                        SHA256

                                                        319f0fe6a7c7f3ffbb0821591c1531a53f76c2a4a6a4d9b3c46c47cfa73b1202

                                                        SHA512

                                                        fa85ae0c47b59e483549ab8675e83782cf5863eb0046909d8a54648bdb5ba7765d0b1458fa2a9f0be2edf52dfbf2c7899df27dfbe713c4c72ac8957d54f8cde1

                                                        Download Submit

                                                      • C:\Windows\Temp\InstallUtil.log
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        9db76bb0eb23ab76aea3a7c130142db7

                                                        SHA1

                                                        d0b90eeb3f5166a44c1c1e9ef02c988226f11632

                                                        SHA256

                                                        7950949850fc128b14a55ddb9421400c52f92d7aab5edd6fc51e913bba694662

                                                        SHA512

                                                        05221e2cdbee016c874b7a62532429402c03e1d7e7c4e6bfb77ad68435819c8cb768a06110fa0cdd717ea3dda9a5de2908967f361118eacc6ecc21a034ab1c80

                                                        Download Submit

                                                      • C:\Windows\Temp\PreVer.log
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        0ad0ffb20dc8637a1919cb6b40470aa6

                                                        SHA1

                                                        43e78e163d038abc43f8604db9703a1b5dfd4e7c

                                                        SHA256

                                                        e6c43a718761e063f6462df5b1129f47f1ee94a6f563044ef94d788d31166ada

                                                        SHA512

                                                        aea20dc01446daae574ff65448c97415c3fd573e26f133dc83f35fca2d834d06fd89b3f738abaaedb2c49b1715023e6b76836be4bdffd1244ef3a644b54cc705

                                                        Download Submit

                                                      • C:\Windows\Temp\__PSScriptPolicyTest_cp035n2d.4es.ps1
                                                        Filesize

                                                        60B

                                                        MD5

                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                        SHA1

                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                        SHA256

                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                        SHA512

                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                        Download Submit

                                                      • C:\Windows\Temp\unpack.log
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        71be2755b1060c1c651dd4ff6c14841b

                                                        SHA1

                                                        9e2a51a0ff941a3864834dd93413c2e6bdf2531f

                                                        SHA256

                                                        78e15a2890e7d02115ad0440357bedc9576711155f8cd688445350d18a2b78fe

                                                        SHA512

                                                        84bde65e5610ab9a7db302ccfa6a755dd78535cd1eb908258c906c36923903a1e929f4ad7da03669f8e527f59fc38fa68ac799b433d6db6b6e2f437409f9e50b

                                                        Download Submit

                                                      • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                        Filesize

                                                        3.2MB

                                                        MD5

                                                        2c18826adf72365827f780b2a1d5ea75

                                                        SHA1

                                                        a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                        SHA256

                                                        ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                        SHA512

                                                        474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                        Download Submit

                                                      • C:\Windows\Temp\{36A83203-2631-4CFC-87EA-01D2FD169170}\ISRT.dll
                                                        Filesize

                                                        427KB

                                                        MD5

                                                        85315ad538fa5af8162f1cd2fce1c99d

                                                        SHA1

                                                        31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                        SHA256

                                                        70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                        SHA512

                                                        877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                        Download Submit

                                                      • C:\Windows\Temp\{36A83203-2631-4CFC-87EA-01D2FD169170}\_isres_0x0409.dll
                                                        Filesize

                                                        1.8MB

                                                        MD5

                                                        befe2ef369d12f83c72c5f2f7069dd87

                                                        SHA1

                                                        b89c7f6da1241ed98015dc347e70322832bcbe50

                                                        SHA256

                                                        9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                        SHA512

                                                        760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                        Download Submit

                                                      • C:\Windows\Temp\{9BB5D29D-ECB3-4F4E-9B3D-C509ECDACBF7}\.ba\bg.png
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        9eb0320dfbf2bd541e6a55c01ddc9f20

                                                        SHA1

                                                        eb282a66d29594346531b1ff886d455e1dcd6d99

                                                        SHA256

                                                        9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                        SHA512

                                                        9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                        Download Submit

                                                      • C:\Windows\Temp\{9BB5D29D-ECB3-4F4E-9B3D-C509ECDACBF7}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                        Filesize

                                                        607KB

                                                        MD5

                                                        669de3ab32955e69decfe13a3c89891e

                                                        SHA1

                                                        ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                        SHA256

                                                        2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                        SHA512

                                                        be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                        Download Submit

                                                      • C:\Windows\Temp\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\IsConfig.ini
                                                        Filesize

                                                        571B

                                                        MD5

                                                        d239b8964e37974225ad69d78a0a8275

                                                        SHA1

                                                        cf208e98a6f11d1807cd84ca61504ad783471679

                                                        SHA256

                                                        0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                        SHA512

                                                        88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                        Download Submit

                                                      • C:\Windows\Temp\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\String1033.txt
                                                        Filesize

                                                        182KB

                                                        MD5

                                                        99bbffd900115fe8672c73fb1a48a604

                                                        SHA1

                                                        8f587395fa6b954affef337c70781ce00913950e

                                                        SHA256

                                                        57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                        SHA512

                                                        d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                        Download Submit

                                                      • C:\Windows\Temp\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\_isB37D.exe
                                                        Filesize

                                                        179KB

                                                        MD5

                                                        7a1c100df8065815dc34c05abc0c13de

                                                        SHA1

                                                        3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                        SHA256

                                                        e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                        SHA512

                                                        bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                        Download Submit

                                                      • C:\Windows\Temp\{CC02CF34-E8DA-419F-936F-59E49F8DDFFB}\setup.inx
                                                        Filesize

                                                        345KB

                                                        MD5

                                                        0376dd5b7e37985ea50e693dc212094c

                                                        SHA1

                                                        02859394164c33924907b85ab0aaddc628c31bf1

                                                        SHA256

                                                        c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                        SHA512

                                                        69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                        Download Submit

                                                      • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                        Filesize

                                                        412B

                                                        MD5

                                                        395b6bb4732814d2f59f1ce1d72bb5ab

                                                        SHA1

                                                        87a1b73b4e4d5e00667334e224e2ffa1d31234d7

                                                        SHA256

                                                        a12d3ed2850bdb5b6b99f552f57385aea8fc4ca88cbac00ec97276aeb1180850

                                                        SHA512

                                                        261ae86d08d9c6ba422723e1af03ca04d4063cc652b0cc46f7c84c5c34b3dc4d2de0e5b6f670d23378d01c200364f8f043f83e1587d36e70e9f7b82eafc12bee

                                                        Download Submit

                                                      • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                        Filesize

                                                        24.1MB

                                                        MD5

                                                        664c7dd6829909257e058dcb418b3463

                                                        SHA1

                                                        f7668e3e850b70a5e105ab6d9c882dab2dc23e3f

                                                        SHA256

                                                        4f4ecec82f472ed9d2fe8ae4b39b96603e740f0aebb43c5a633db8a7242bc97d

                                                        SHA512

                                                        749e1988cfb51ed9b6b8cae7348b35571a23c40101bb1fb3f6a841224d315fb08ed7445d8c3c79c3106bead7462649190b0def8768f5641f141f7467933809d8

                                                        Download Submit

                                                      • \??\Volume{25f6202e-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{38fc75fc-35dd-4094-8a28-d7dd2307a724}_OnDiskSnapshotProp
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        1a5db4e7f04efbf25af149c863f9f879

                                                        SHA1

                                                        06b675512d03c6d0bb0f06fabc6aaa94c29946cb

                                                        SHA256

                                                        067bbdaec18e9cc65724a3d83cb2ec0ec29b036e5434ceaf61cda6f152c409a5

                                                        SHA512

                                                        1c4bedb97bae278dd2e4cd1b1fefff94170bafa40e0daba9a9c067d63b9ef0a3dd535b2dfc9abe53401256fe352059e19018073a0d1ffbc26f7ba358c0ba220e

                                                        Download Submit

                                                      • memory/1536-1634-0x000001DB75A40000-0x000001DB75A8A000-memory.dmp

                                                        Filesize

                                                        296KB

                                                        Download

                                                      • memory/1536-1922-0x000001DB75C60000-0x000001DB75D10000-memory.dmp

                                                        Filesize

                                                        704KB

                                                        Download

                                                      • memory/1536-1932-0x000001DB75DF0000-0x000001DB75ECC000-memory.dmp

                                                        Filesize

                                                        880KB

                                                        Download

                                                      • memory/1536-1939-0x000001DB75BD0000-0x000001DB75BEC000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/1536-1581-0x000001DB749A0000-0x000001DB749AC000-memory.dmp

                                                        Filesize

                                                        48KB

                                                        Download

                                                      • memory/1536-1823-0x000001DB75300000-0x000001DB7531C000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/1660-339-0x00000280EB270000-0x00000280EB3BE000-memory.dmp

                                                        Filesize

                                                        1.3MB

                                                        Download

                                                      • memory/1804-197-0x0000028D51390000-0x0000028D51442000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/1804-243-0x0000028D51890000-0x0000028D518C8000-memory.dmp

                                                        Filesize

                                                        224KB

                                                        Download

                                                      • memory/1804-207-0x0000028D38840000-0x0000028D38862000-memory.dmp

                                                        Filesize

                                                        136KB

                                                        Download

                                                      • memory/2192-1164-0x0000000010000000-0x0000000010114000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/2192-1127-0x0000000010000000-0x0000000010114000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/2192-1071-0x0000000010000000-0x0000000010114000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/2192-987-0x00000000031A0000-0x0000000003367000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                        Download

                                                      • memory/2192-984-0x0000000010000000-0x0000000010114000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/2192-596-0x0000000010000000-0x0000000010114000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/2192-565-0x0000000003160000-0x0000000003327000-memory.dmp

                                                        Filesize

                                                        1.8MB

                                                        Download

                                                      • memory/2192-562-0x0000000010000000-0x0000000010114000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/2208-384-0x000001EC6C720000-0x000001EC6C73C000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/2208-389-0x000001EC6D350000-0x000001EC6D42C000-memory.dmp

                                                        Filesize

                                                        880KB

                                                        Download

                                                      • memory/2208-388-0x000001EC6C750000-0x000001EC6C75A000-memory.dmp

                                                        Filesize

                                                        40KB

                                                        Download

                                                      • memory/2208-397-0x000001EC6D0F0000-0x000001EC6D116000-memory.dmp

                                                        Filesize

                                                        152KB

                                                        Download

                                                      • memory/2208-390-0x000001EC6D430000-0x000001EC6D4E2000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/2208-392-0x000001EC6C800000-0x000001EC6C808000-memory.dmp

                                                        Filesize

                                                        32KB

                                                        Download

                                                      • memory/2208-385-0x000001EC6CFF0000-0x000001EC6D03C000-memory.dmp

                                                        Filesize

                                                        304KB

                                                        Download

                                                      • memory/2208-394-0x000001EC6D270000-0x000001EC6D2D8000-memory.dmp

                                                        Filesize

                                                        416KB

                                                        Download

                                                      • memory/2208-383-0x000001EC6C7A0000-0x000001EC6C7EA000-memory.dmp

                                                        Filesize

                                                        296KB

                                                        Download

                                                      • memory/2208-391-0x000001EC6C7F0000-0x000001EC6C7F8000-memory.dmp

                                                        Filesize

                                                        32KB

                                                        Download

                                                      • memory/2208-387-0x000001EC6C710000-0x000001EC6C718000-memory.dmp

                                                        Filesize

                                                        32KB

                                                        Download

                                                      • memory/2208-395-0x000001EC6D120000-0x000001EC6D14A000-memory.dmp

                                                        Filesize

                                                        168KB

                                                        Download

                                                      • memory/2208-396-0x000001EC6D530000-0x000001EC6D56A000-memory.dmp

                                                        Filesize

                                                        232KB

                                                        Download

                                                      • memory/2208-386-0x000001EC6D040000-0x000001EC6D088000-memory.dmp

                                                        Filesize

                                                        288KB

                                                        Download

                                                      • memory/2208-393-0x000001EC6D0E0000-0x000001EC6D0E8000-memory.dmp

                                                        Filesize

                                                        32KB

                                                        Download

                                                      • memory/2208-382-0x000001EC6BE80000-0x000001EC6BEE6000-memory.dmp

                                                        Filesize

                                                        408KB

                                                        Download

                                                      • memory/2264-1987-0x0000021166020000-0x000002116616E000-memory.dmp

                                                        Filesize

                                                        1.3MB

                                                        Download

                                                      • memory/2384-45-0x00000000028A0000-0x00000000028AC000-memory.dmp

                                                        Filesize

                                                        48KB

                                                        Download

                                                      • memory/2384-41-0x0000000002850000-0x000000000287E000-memory.dmp

                                                        Filesize

                                                        184KB

                                                        Download

                                                      • memory/2448-1690-0x00000263AB030000-0x00000263AB03C000-memory.dmp

                                                        Filesize

                                                        48KB

                                                        Download

                                                      • memory/2448-1695-0x00000263AB9A0000-0x00000263ABA52000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/2448-1822-0x00000263AB510000-0x00000263AB530000-memory.dmp

                                                        Filesize

                                                        128KB

                                                        Download

                                                      • memory/2448-1692-0x00000263AB4D0000-0x00000263AB4E8000-memory.dmp

                                                        Filesize

                                                        96KB

                                                        Download

                                                      • memory/2548-335-0x000001C27AD70000-0x000001C27AE22000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/2548-336-0x000001C2625C0000-0x000001C2625DC000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/2548-334-0x000001C261C50000-0x000001C261C66000-memory.dmp

                                                        Filesize

                                                        88KB

                                                        Download

                                                      • memory/2572-166-0x000001737FE20000-0x000001737FE32000-memory.dmp

                                                        Filesize

                                                        72KB

                                                        Download

                                                      • memory/2572-167-0x000001737FFD0000-0x000001738000C000-memory.dmp

                                                        Filesize

                                                        240KB

                                                        Download

                                                      • memory/2572-162-0x0000017380070000-0x0000017380108000-memory.dmp

                                                        Filesize

                                                        608KB

                                                        Download

                                                      • memory/2572-150-0x000001737E2A0000-0x000001737E2C8000-memory.dmp

                                                        Filesize

                                                        160KB

                                                        Download

                                                      • memory/3104-82-0x0000000005660000-0x00000000059B4000-memory.dmp

                                                        Filesize

                                                        3.3MB

                                                        Download

                                                      • memory/3104-81-0x0000000005530000-0x0000000005552000-memory.dmp

                                                        Filesize

                                                        136KB

                                                        Download

                                                      • memory/3104-78-0x00000000055A0000-0x0000000005652000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/4196-1530-0x0000027EEDD00000-0x0000027EEDD3A000-memory.dmp

                                                        Filesize

                                                        232KB

                                                        Download

                                                      • memory/4196-1913-0x0000027EEE5E0000-0x0000027EEE5FC000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/4196-1921-0x0000027EEEEA0000-0x0000027EEEEE8000-memory.dmp

                                                        Filesize

                                                        288KB

                                                        Download

                                                      • memory/4196-1909-0x0000027EEEF60000-0x0000027EEF012000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/4328-297-0x000001DF8DC90000-0x000001DF8DCD2000-memory.dmp

                                                        Filesize

                                                        264KB

                                                        Download

                                                      • memory/4328-300-0x000001DFA6EC0000-0x000001DFA6F72000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/4328-302-0x000001DF8E190000-0x000001DF8E1B0000-memory.dmp

                                                        Filesize

                                                        128KB

                                                        Download

                                                      • memory/4736-112-0x0000000004C70000-0x0000000004CD6000-memory.dmp

                                                        Filesize

                                                        408KB

                                                        Download

                                                      • memory/5296-1907-0x0000024AFF4F0000-0x0000024AFF510000-memory.dmp

                                                        Filesize

                                                        128KB

                                                        Download

                                                      • memory/5296-1912-0x0000024AFF580000-0x0000024AFF5E6000-memory.dmp

                                                        Filesize

                                                        408KB

                                                        Download

                                                      • memory/5296-1916-0x0000024AFF510000-0x0000024AFF524000-memory.dmp

                                                        Filesize

                                                        80KB

                                                        Download

                                                      • memory/5296-1910-0x0000024AFF690000-0x0000024AFF742000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/5296-1905-0x0000024AFF190000-0x0000024AFF1A0000-memory.dmp

                                                        Filesize

                                                        64KB

                                                        Download

                                                      • memory/5636-1875-0x0000014EB5660000-0x0000014EB56AA000-memory.dmp

                                                        Filesize

                                                        296KB

                                                        Download

                                                      • memory/5636-1930-0x0000014E9CE40000-0x0000014E9CE48000-memory.dmp

                                                        Filesize

                                                        32KB

                                                        Download

                                                      • memory/5636-1915-0x0000014EB5960000-0x0000014EB5A3C000-memory.dmp

                                                        Filesize

                                                        880KB

                                                        Download

                                                      • memory/5636-1923-0x0000014EB5880000-0x0000014EB5932000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/5636-1840-0x0000014E9C5C0000-0x0000014E9C5D0000-memory.dmp

                                                        Filesize

                                                        64KB

                                                        Download

                                                      • memory/5636-1901-0x0000014E9CE00000-0x0000014E9CE1C000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/5644-2721-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5644-1247-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5644-2722-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5644-1244-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5792-529-0x000002991B740000-0x000002991B766000-memory.dmp

                                                        Filesize

                                                        152KB

                                                        Download

                                                      • memory/5916-1898-0x00000209A7440000-0x00000209A745A000-memory.dmp

                                                        Filesize

                                                        104KB

                                                        Download

                                                      • memory/5916-1904-0x00000209BFDB0000-0x00000209BFE62000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/5916-1897-0x00000209A6BF0000-0x00000209A6BFA000-memory.dmp

                                                        Filesize

                                                        40KB

                                                        Download

                                                      • memory/5916-1934-0x00000209C04A0000-0x00000209C09C8000-memory.dmp

                                                        Filesize

                                                        5.2MB

                                                        Download

                                                      • memory/5920-2719-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5920-2720-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5920-1230-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5920-1928-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5920-1927-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5920-2380-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5920-2381-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5920-1231-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5928-1217-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5928-1218-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5928-1970-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5928-1295-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5928-1971-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5928-2080-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/5928-2079-0x0000000072660000-0x000000007277C000-memory.dmp

                                                        Filesize

                                                        1.1MB

                                                        Download

                                                      • memory/5928-1296-0x0000000072290000-0x000000007265D000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                        Download

                                                      • memory/6040-1936-0x0000022D63FF0000-0x0000022D64044000-memory.dmp

                                                        Filesize

                                                        336KB

                                                        Download

                                                      • memory/6040-1903-0x0000022D7C7B0000-0x0000022D7C862000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/6040-1899-0x0000022D63A70000-0x0000022D63A8C000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/6040-1896-0x0000022D635D0000-0x0000022D635E2000-memory.dmp

                                                        Filesize

                                                        72KB

                                                        Download

                                                      • memory/6692-1924-0x00000254B33C0000-0x00000254B33DC000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/6692-1908-0x00000254B2B60000-0x00000254B2B72000-memory.dmp

                                                        Filesize

                                                        72KB

                                                        Download

                                                      • memory/6692-1914-0x00000254B3410000-0x00000254B345A000-memory.dmp

                                                        Filesize

                                                        296KB

                                                        Download

                                                      • memory/6692-1935-0x00000254CBEB0000-0x00000254CBF62000-memory.dmp

                                                        Filesize

                                                        712KB

                                                        Download

                                                      • memory/6692-1937-0x00000254CC050000-0x00000254CC12C000-memory.dmp

                                                        Filesize

                                                        880KB

                                                        Download

                                                      • memory/6760-1926-0x00000245935D0000-0x00000245935DA000-memory.dmp

                                                        Filesize

                                                        40KB

                                                        Download

                                                      • memory/6760-1925-0x0000024593720000-0x0000024593738000-memory.dmp

                                                        Filesize

                                                        96KB

                                                        Download

                                                      • memory/6760-1919-0x00000245ABE10000-0x00000245ABE5A000-memory.dmp

                                                        Filesize

                                                        296KB

                                                        Download

                                                      • memory/6760-1920-0x00000245935B0000-0x00000245935CC000-memory.dmp

                                                        Filesize

                                                        112KB

                                                        Download

                                                      • memory/6760-1911-0x0000024592D50000-0x0000024592D88000-memory.dmp

                                                        Filesize

                                                        224KB

                                                        Download

                                                      • memory/6760-1929-0x00000245ABFC0000-0x00000245AC00A000-memory.dmp

                                                        Filesize

                                                        296KB

                                                        Download

                                                      • memory/6760-1938-0x00000245AC0F0000-0x00000245AC1CC000-memory.dmp

                                                        Filesize

                                                        880KB

                                                        Download

                                                      • memory/6772-3292-0x000001847BD10000-0x000001847BE5E000-memory.dmp

                                                        Filesize

                                                        1.3MB

                                                        Download