Overview

overview

10

Static

static

10

Fact-79432...83.msi

windows7-x64

10

Fact-79432...83.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2025, 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fact-794322-387-4783.msi

  • Size

    2.9MB

  • MD5

    fff3cfda9152e4ea7d2a9524b8e8f9d0

  • SHA1

    666f0e0a551a32f7ce0a6e660f0e1b1089fd7f7b

  • SHA256

    4adf98b6c55cc8574e15d338e0f0d0a9ad1ef25e8a968f7b260047245429ba09

  • SHA512

    62f1c207f9355d4308b8e2af7f2f8f539a371738fb08449691e045c569a1c760c3b1138e642646b5a148b3e9ba2a02aa49dc186be665da35739ad9ada0421dc0

  • SSDEEP

    49152:J+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:J+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 20 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 7 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Fact-794322-387-4783.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3292
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4724
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 9C113A20B5D569DDDCCD6EA8EAD77F21
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI10A5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240652687 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2012
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI1317.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240653156 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4708
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI1951.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240654703 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3584
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSI24A1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240657609 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3840
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 4CED0DDAA6DEDDB8CAD2A3F071B744B2 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3636
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3392
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3544
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4640
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000R0dQRIAZ" /AgentId="ac943207-3fff-4db3-aadb-9749ebfeef38"
      2⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:4748
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 4A744197EC19C702A3B3A9A06F3A5696 E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      PID:3572
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ED88D810-2822-4617-A25E-A2A138E72E28}
        3⤵
        • Executes dropped EXE
        PID:2756
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6088D6E-76D3-45F9-8221-3B292D6FC48A}
        3⤵
        • Executes dropped EXE
        PID:1144
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{98993B5E-646E-4968-AD2A-7FF2E74BCB38}
        3⤵
        • Executes dropped EXE
        PID:880
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8F6516E8-8A9B-425A-A5D8-3281AD23B5FF}
        3⤵
        • Executes dropped EXE
        PID:1844
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B676F02D-7BEA-4DF1-94EE-A9FFCD38F650}
        3⤵
        • Executes dropped EXE
        PID:3012
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DA37CFA4-DCB5-471B-B4BB-C5FA300DA192}
        3⤵
        • Executes dropped EXE
        PID:3404
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3761A1A-4758-4B79-BCC7-38CB953F6310}
        3⤵
        • Executes dropped EXE
        PID:4456
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D9C87CCC-1276-48D7-A568-B1C43E13F57A}
        3⤵
        • Executes dropped EXE
        PID:548
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BAAFC62C-BC11-4536-A602-B6697C33C14C}
        3⤵
        • Executes dropped EXE
        PID:4484
      • C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe
        C:\Windows\TEMP\{5423116A-96A3-438A-8DF7-735158157FFA}\_is5B89.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{47D12F47-D1E6-45FD-B934-A0A740FC4D78}
        3⤵
        • Executes dropped EXE
        PID:3664
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3000
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5148
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5212
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5256
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5316
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5372
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5404
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5456
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5544
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5604
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5660
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5712
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5756
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5796
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5836
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5884
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5924
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5972
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:6012
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:6060
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8F2C8845-494F-4B4A-910D-B4A3957B5870}
        3⤵
        • Executes dropped EXE
        PID:5220
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FC423635-8A4F-41A5-911B-0F18ADE04DCD}
        3⤵
        • Executes dropped EXE
        PID:3256
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{015C5724-905C-4E45-8ED7-B7FD253C07A2}
        3⤵
        • Executes dropped EXE
        PID:5372
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{322FA3FF-1CB4-4556-8409-2B3B4CF6AEB2}
        3⤵
        • Executes dropped EXE
        PID:5424
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0A22F99-24D6-4020-9DE7-322994FC0750}
        3⤵
        • Executes dropped EXE
        PID:5460
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{612E5542-6ED7-43E1-B471-820E55229C30}
        3⤵
        • Executes dropped EXE
        PID:5648
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DAAC41E6-1BA6-41F0-A157-F4E538FE7DAC}
        3⤵
        • Executes dropped EXE
        PID:5572
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6AEC6979-E995-4E19-B6F8-43CD9955A350}
        3⤵
        • Executes dropped EXE
        PID:5556
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82EB6F4B-14C9-47D9-A93C-F0FDA63E0131}
        3⤵
        • Executes dropped EXE
        PID:5740
      • C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
        C:\Windows\TEMP\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FDD26026-71A0-400D-907F-835E70EE2F42}
        3⤵
        • Executes dropped EXE
        PID:5700
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{693EE48E-2F08-4443-8DE8-5584D5679F0E}
        3⤵
        • Executes dropped EXE
        PID:5564
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0534C9A2-50C0-474F-B12B-17ECC8191F58}
        3⤵
        • Executes dropped EXE
        PID:5180
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{967F5659-3DD8-4768-A290-02D584D00828}
        3⤵
        • Executes dropped EXE
        PID:5716
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EBFB9AEB-96C8-46BC-B418-2B6B17FB85D6}
        3⤵
        • Executes dropped EXE
        PID:5680
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{48A14539-D744-47E6-977A-F691341BA0C8}
        3⤵
        • Executes dropped EXE
        PID:5812
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3936B2D8-8BFD-4171-9992-CF62D53BC1A7}
        3⤵
        • Executes dropped EXE
        PID:5908
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4398FE1D-3E3D-4638-A125-8EAF4231F07F}
        3⤵
        • Executes dropped EXE
        PID:5860
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B1D455D9-7923-48E5-9D3D-E85FAA2C4F33}
        3⤵
        • Executes dropped EXE
        PID:5636
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{58AA9281-D0E4-467E-89D4-234082EA0070}
        3⤵
        • Executes dropped EXE
        PID:5996
      • C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe
        C:\Windows\TEMP\{52DBB0F2-4657-4CEB-9260-832C7C5BC328}\_is7481.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1A3B5AC0-CCB7-4961-A918-18260A82E637}
        3⤵
        • Executes dropped EXE
        PID:5960
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:5500
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:916
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:5556
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:5768
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:212
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:6036
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{335D71F7-6DA6-4A45-BEAA-E1B1EBB5BC7A}
            3⤵
            • Executes dropped EXE
            PID:5628
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D2F8E710-70E1-40C1-9C92-D20B8F6E2278}
            3⤵
            • Executes dropped EXE
            PID:5976
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{249DEC1F-4C49-4A88-BAE1-B2CA5C473559}
            3⤵
            • Executes dropped EXE
            PID:4976
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D5B8A431-4F2A-421B-BA18-3D8DA6A96030}
            3⤵
            • Executes dropped EXE
            PID:5968
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{53D3EBAF-D04E-4B97-953E-3EDA27DD00CA}
            3⤵
            • Executes dropped EXE
            PID:3404
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2447E871-03A8-48F4-B94C-4CD9C47CC59F}
            3⤵
            • Executes dropped EXE
            PID:5728
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BF64BC-546D-4D46-92B9-1F94373BA6B2}
            3⤵
            • Executes dropped EXE
            PID:6052
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DC25811C-BEE9-43EC-8C70-9C50FE337ED9}
            3⤵
            • Executes dropped EXE
            PID:5280
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{937287AF-ED00-431B-A9AF-A3D6B521B6D3}
            3⤵
            • Executes dropped EXE
            PID:4320
          • C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe
            C:\Windows\TEMP\{23057F22-CA1E-467F-BFBA-987832E793B7}\_is8608.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7099F41F-E723-44B7-BC34-14201AB20164}
            3⤵
            • Executes dropped EXE
            PID:3040
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:4128
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E8EED57F-91E5-4EDB-9662-43F2317D6589}
            3⤵
            • Executes dropped EXE
            PID:4064
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C497011-485D-4BE8-ABA2-E503F4B99D9C}
            3⤵
            • Executes dropped EXE
            PID:728
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{12FABB3C-E158-4C2A-93EF-436C06CE9ED5}
            3⤵
            • Executes dropped EXE
            PID:5932
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6F1EA9F0-C16A-4284-AC45-2A4CE156CF1D}
            3⤵
            • Executes dropped EXE
            PID:5576
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{25F74D78-74FB-4F8D-8B47-58278859A7E2}
            3⤵
            • Executes dropped EXE
            PID:3996
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{38FE0B03-0592-4949-A194-E5DDFD660AD2}
            3⤵
            • Executes dropped EXE
            PID:5780
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B9DC962-C109-496E-84CE-F75A24DBED0D}
            3⤵
            • Executes dropped EXE
            PID:5884
          • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
            C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{42B72509-4A24-4D27-BB3F-9D1A5FC47B9E}
            3⤵
              PID:5848
            • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
              C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{471CDBD1-8D8E-4954-836F-AFF2A8B09FDE}
              3⤵
                PID:5644
              • C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe
                C:\Windows\TEMP\{50EDC5B1-FC8D-42C7-BA99-C28BA2A85609}\_is8945.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0336D358-C3AD-4FA5-ACAA-28E65A5993AB}
                3⤵
                  PID:5852
                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:5252
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 219347C619E7679581BFC3CB2A2FDCBB E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5540
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSICFFF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240701484 463 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                  3⤵
                  • Drops file in System32 directory
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:5808
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSID10A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240701703 467 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:5756
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSIF9FF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240712171 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                  3⤵
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:2912
                • C:\Windows\SysWOW64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:2884
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:4124
                • C:\Windows\SysWOW64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:5460
                • C:\Windows\syswow64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:4540
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:4696
                • C:\Windows\syswow64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • Kills process with taskkill
                  PID:2268
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI1754.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240719671 510 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:2668
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                2⤵
                • Drops file in System32 directory
                PID:4700
              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="5893bbdb-0855-4ab4-8fa1-33b1da20e2ab"
                2⤵
                • Drops file in System32 directory
                • Modifies data under HKEY_USERS
                PID:4380
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 1AA8EA5168FB742425F7AD6DC55A78E6 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:1492
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 191798D4311D6375C4532C436116F9E0 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:2024
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 2284D0EE441C3FA7E9AC16F943BF024E E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:3780
            • C:\Windows\system32\vssvc.exe
              C:\Windows\system32\vssvc.exe
              1⤵
              • Checks SCSI registry key(s)
              • Suspicious use of AdjustPrivilegeToken
              PID:4556
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Modifies system certificate store
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3144
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:3324
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "25ed0590-f4b1-4d91-abe9-a067ea916fd1" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000R0dQRIAZ
                2⤵
                • Drops file in System32 directory
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:3392
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "1fa2f4c3-89ff-4dfa-81f2-0d1ff056cc8a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000R0dQRIAZ
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:2120
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "bdeea085-733b-4184-8a24-e655eaa13f1e" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000R0dQRIAZ
                2⤵
                • Executes dropped EXE
                PID:4320
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "3e249498-87e3-495d-a3be-89bff16d26af" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000R0dQRIAZ
                2⤵
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:3840
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                  3⤵
                  • Drops file in System32 directory
                  • Command and Scripting Interpreter: PowerShell
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2632
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  3⤵
                  • Suspicious use of WriteProcessMemory
                  PID:3240
                  • C:\Windows\system32\cscript.exe
                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    4⤵
                    • Modifies data under HKEY_USERS
                    PID:2308
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "62513dd3-164b-4068-976e-e3cc5d1ef4c5" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000R0dQRIAZ
                2⤵
                • Downloads MZ/PE file
                • Drops file in System32 directory
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4604
                • C:\Windows\TEMP\SplashtopStreamer.exe
                  "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                  3⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:1764
                  • C:\Windows\Temp\unpack\PreVerCheck.exe
                    "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    4⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:4088
                    • C:\Windows\SysWOW64\msiexec.exe
                      msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                      5⤵
                      • System Location Discovery: System Language Discovery
                      PID:1484
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "8986d9d6-96ea-44d4-9760-24142adb9740" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000R0dQRIAZ
                2⤵
                • Executes dropped EXE
                PID:412
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in Program Files directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:764
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:4720
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "8986d9d6-96ea-44d4-9760-24142adb9740" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000R0dQRIAZ
                2⤵
                • Drops file in System32 directory
                • Executes dropped EXE
                • Loads dropped DLL
                PID:4568
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "459651e0-8248-4aa8-81a4-9e0509e5701e" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000R0dQRIAZ
                2⤵
                • Modifies data under HKEY_USERS
                PID:6028
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                  3⤵
                  • Drops file in System32 directory
                  • Command and Scripting Interpreter: PowerShell
                  • Modifies data under HKEY_USERS
                  PID:1276
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  3⤵
                    PID:2208
                    • C:\Windows\system32\cscript.exe
                      cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      4⤵
                      • Modifies data under HKEY_USERS
                      PID:5752
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "827da919-d751-4bd2-a2da-0a3b25947871" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000R0dQRIAZ
                  2⤵
                  • Writes to the Master Boot Record (MBR)
                  PID:3212
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "0a768de4-f349-4cae-9299-9598f7518615" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000R0dQRIAZ
                  2⤵
                  • Drops file in System32 directory
                  PID:6008
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "c314e362-cc47-4e60-bd6b-3e1cd1173d4a" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000R0dQRIAZ
                  2⤵
                    PID:5452
                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=1940f4f2558966b6663f1479754f603f&rmm_session_pwd_ttl=86400"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:548
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "83dbf10f-1b85-48ec-ac08-6c430b5126c8" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000R0dQRIAZ
                    2⤵
                    • Drops file in System32 directory
                    PID:5752
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "853cafd5-19f5-4b51-b6df-dbeeb3e14e0a" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000R0dQRIAZ
                    2⤵
                    • Drops file in System32 directory
                    • Modifies registry class
                    PID:2904
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "dd1eae6e-89f2-44d0-b712-d603139169d3" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjMubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC4zIn0=" 001Q300000R0dQRIAZ
                    2⤵
                      PID:4168
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "777db3d5-c6d3-473b-9644-cee2dfefb06a" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000R0dQRIAZ
                      2⤵
                        PID:5444
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "70d36ae7-912c-445b-938b-cf4bcb214760" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000R0dQRIAZ
                        2⤵
                          PID:5392
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "e293b056-0cee-42c7-a731-c895a8833461" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMn0ifQ==" 001Q300000R0dQRIAZ
                          2⤵
                            PID:5108
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "501b4200-c5a5-46f0-afa6-a2640948c631" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000R0dQRIAZ
                            2⤵
                            • Drops file in System32 directory
                            PID:3748
                            • C:\Windows\SYSTEM32\msiexec.exe
                              "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                              3⤵
                              • Modifies data under HKEY_USERS
                              PID:5036
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "6c737a6a-d489-4a1b-b362-309e52927555" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000R0dQRIAZ
                            2⤵
                            • Downloads MZ/PE file
                            • Drops file in System32 directory
                            PID:5504
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:5508
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:1916
                            • C:\Program Files\dotnet\dotnet.exe
                              "C:\Program Files\dotnet\dotnet" --list-runtimes
                              3⤵
                              • System Time Discovery
                              PID:3464
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                              3⤵
                                PID:6116
                                • C:\Windows\Temp\{98B76C42-99AF-49A7-9303-0286E5929B40}\.cr\8-0-11.exe
                                  "C:\Windows\Temp\{98B76C42-99AF-49A7-9303-0286E5929B40}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=724 -burn.filehandle.self=728 /repair /quiet /norestart
                                  4⤵
                                  • System Location Discovery: System Language Discovery
                                  • System Time Discovery
                                  • Modifies data under HKEY_USERS
                                  PID:5928
                                  • C:\Windows\Temp\{08073E56-4772-48DB-AAC9-A6C43DB79FBB}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                    "C:\Windows\Temp\{08073E56-4772-48DB-AAC9-A6C43DB79FBB}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{B9E8413C-93C4-41DD-AAB8-83CE6B72EA5B} {D938C4D4-C875-40A2-AE23-50B32685704D} 5928
                                    5⤵
                                    • Adds Run key to start application
                                    • System Location Discovery: System Language Discovery
                                    • System Time Discovery
                                    • Modifies registry class
                                    PID:4028
                              • C:\Windows\SYSTEM32\cmd.exe
                                "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                3⤵
                                • System Time Discovery
                                PID:4124
                                • C:\Program Files\dotnet\dotnet.exe
                                  dotnet --list-runtimes
                                  4⤵
                                  • System Time Discovery
                                  PID:2976
                              • C:\Windows\SYSTEM32\cmd.exe
                                "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                3⤵
                                • System Time Discovery
                                PID:2496
                                • C:\Program Files\dotnet\dotnet.exe
                                  dotnet --list-runtimes
                                  4⤵
                                  • System Time Discovery
                                  PID:5416
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "f2f2e278-d04a-4dd4-a6b1-76f43605f8f8" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000R0dQRIAZ
                              2⤵
                                PID:6040
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "077b5f2a-d013-437e-909b-badd4812a67e" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000R0dQRIAZ
                                2⤵
                                  PID:5968
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "06b90af6-7042-4b92-8979-e7d88e3b64bb" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000R0dQRIAZ
                                  2⤵
                                    PID:5340
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:6100
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                    2⤵
                                    • Drops file in System32 directory
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    • Modifies data under HKEY_USERS
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:6112
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                      -h
                                      3⤵
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SetWindowsHookEx
                                      PID:5572
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:3948
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                        4⤵
                                          PID:5648
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5728
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:5468
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                          SRUtility.exe -r
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:5452
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of SetWindowsHookEx
                                        PID:3240
                                        • C:\Windows\System32\cmd.exe
                                          "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                          4⤵
                                            PID:1712
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /c ver
                                              5⤵
                                                PID:4696
                                              • C:\Windows\system32\sc.exe
                                                sc query ddmgr
                                                5⤵
                                                • Launches sc.exe
                                                PID:5976
                                              • C:\Windows\system32\sc.exe
                                                sc query lci_proxykmd
                                                5⤵
                                                • Launches sc.exe
                                                PID:4444
                                              • C:\Windows\system32\rundll32.exe
                                                rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                                5⤵
                                                • Drops file in System32 directory
                                                • Checks SCSI registry key(s)
                                                • Modifies data under HKEY_USERS
                                                PID:5844
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                        1⤵
                                        • Drops file in Windows directory
                                        • Checks SCSI registry key(s)
                                        PID:3012
                                        • C:\Windows\system32\DrvInst.exe
                                          DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000138" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                          2⤵
                                          • Drops file in System32 directory
                                          • Drops file in Windows directory
                                          • Checks SCSI registry key(s)
                                          • Modifies data under HKEY_USERS
                                          PID:6012
                                        • C:\Windows\system32\DrvInst.exe
                                          DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000158" "WinSta0\Default" "0000000000000164" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                          2⤵
                                          • Drops file in System32 directory
                                          • Drops file in Windows directory
                                          • Checks SCSI registry key(s)
                                          • Modifies data under HKEY_USERS
                                          PID:4692
                                        • C:\Windows\system32\DrvInst.exe
                                          DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000158"
                                          2⤵
                                          • Drops file in Drivers directory
                                          • Drops file in System32 directory
                                          • Drops file in Windows directory
                                          • Checks SCSI registry key(s)
                                          PID:224
                                        • C:\Windows\system32\DrvInst.exe
                                          DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                          2⤵
                                          • Drops file in Drivers directory
                                          • Drops file in Windows directory
                                          • Checks SCSI registry key(s)
                                          PID:4676
                                      • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                        1⤵
                                        • Drops file in Program Files directory
                                        • Modifies data under HKEY_USERS
                                        PID:3576
                                        • C:\Windows\System32\sc.exe
                                          "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                          2⤵
                                          • Launches sc.exe
                                          PID:404
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "6d13552f-2693-4208-a28c-ed46caa0ebc1" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMn0ifQ==" 001Q300000R0dQRIAZ
                                          2⤵
                                            PID:2976
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "314d32a6-2e16-4179-8f3c-958702e41d9c" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000R0dQRIAZ
                                            2⤵
                                              PID:2396
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "0e9b1008-e44d-4885-b26f-c06f6d75bf8f" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000R0dQRIAZ
                                              2⤵
                                                PID:4968
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "cf75dae1-1490-4386-8675-02b477192bc7" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000R0dQRIAZ
                                                2⤵
                                                  PID:4572
                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "8583a08d-2738-4185-8ada-71db84f03c0c" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjMubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC4zIn0=" 001Q300000R0dQRIAZ
                                                  2⤵
                                                    PID:3944
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "41e86404-d749-4aa5-b62c-31d4c8970ee1" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000R0dQRIAZ
                                                    2⤵
                                                      PID:1868
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "b7bda491-c0a2-4a81-9645-7aa89a33ec0e" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000R0dQRIAZ
                                                      2⤵
                                                      • Modifies data under HKEY_USERS
                                                      PID:3404
                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                        3⤵
                                                        • Drops file in System32 directory
                                                        • Command and Scripting Interpreter: PowerShell
                                                        • Modifies data under HKEY_USERS
                                                        PID:4028
                                                      • C:\Windows\System32\cmd.exe
                                                        "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                        3⤵
                                                          PID:3304
                                                          • C:\Windows\system32\cscript.exe
                                                            cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                            4⤵
                                                            • Modifies data under HKEY_USERS
                                                            PID:5124
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "81dda7b3-9cfa-4293-9701-e3915ba46c18" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000R0dQRIAZ
                                                        2⤵
                                                          PID:1680
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "b62e7421-01e9-435b-889a-acd810efb9a9" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000R0dQRIAZ
                                                          2⤵
                                                            PID:5844
                                                            • C:\Windows\SYSTEM32\cmd.exe
                                                              "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                              3⤵
                                                              • System Time Discovery
                                                              PID:6120
                                                              • C:\Program Files\dotnet\dotnet.exe
                                                                dotnet --list-runtimes
                                                                4⤵
                                                                • System Time Discovery
                                                                PID:2176
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "8de84774-25e3-4ecc-bb7e-8146f04b9e5a" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000R0dQRIAZ
                                                            2⤵
                                                              PID:5188
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "05525f49-5a60-499a-92a4-911800a10125" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000R0dQRIAZ
                                                              2⤵
                                                                PID:4880
                                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=1940f4f2558966b6663f1479754f603f&rmm_session_pwd_ttl=86400"
                                                                  3⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:6048
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "141b8c7c-f547-4590-879a-66c58690fe80" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000R0dQRIAZ
                                                                2⤵
                                                                • Writes to the Master Boot Record (MBR)
                                                                • Drops file in Program Files directory
                                                                PID:3256
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "de7766a2-f3b2-4dcb-8a24-364a19feea54" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000R0dQRIAZ
                                                                2⤵
                                                                • Modifies registry class
                                                                PID:5656
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" ac943207-3fff-4db3-aadb-9749ebfeef38 "ca5f1dd2-5072-4e2b-9e25-59b9f199768d" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000R0dQRIAZ
                                                                2⤵
                                                                  PID:4424
                                                                  • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                    "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "ac943207-3fff-4db3-aadb-9749ebfeef38" "ca5f1dd2-5072-4e2b-9e25-59b9f199768d" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000R0dQRIAZ"
                                                                    3⤵
                                                                      PID:5112

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Reconnaissance

                                                                Resource Development

                                                                Initial Access

                                                                Execution

                                                                Command and Scripting Interpreter

                                                                1
                                                                T1059

                                                                PowerShell

                                                                1
                                                                T1059.001

                                                                Persistence

                                                                Boot or Logon Autostart Execution

                                                                1
                                                                T1547

                                                                Registry Run Keys / Startup Folder

                                                                1
                                                                T1547.001

                                                                Event Triggered Execution

                                                                2
                                                                T1546

                                                                Component Object Model Hijacking

                                                                1
                                                                T1546.015

                                                                Installer Packages

                                                                1
                                                                T1546.016

                                                                Pre-OS Boot

                                                                1
                                                                T1542

                                                                Bootkit

                                                                1
                                                                T1542.003

                                                                Privilege Escalation

                                                                Boot or Logon Autostart Execution

                                                                1
                                                                T1547

                                                                Registry Run Keys / Startup Folder

                                                                1
                                                                T1547.001

                                                                Event Triggered Execution

                                                                2
                                                                T1546

                                                                Component Object Model Hijacking

                                                                1
                                                                T1546.015

                                                                Installer Packages

                                                                1
                                                                T1546.016

                                                                Defense Evasion

                                                                Modify Registry

                                                                2
                                                                T1112

                                                                Pre-OS Boot

                                                                1
                                                                T1542

                                                                Bootkit

                                                                1
                                                                T1542.003

                                                                Subvert Trust Controls

                                                                1
                                                                T1553

                                                                Install Root Certificate

                                                                1
                                                                T1553.004

                                                                System Binary Proxy Execution

                                                                1
                                                                T1218

                                                                Msiexec

                                                                1
                                                                T1218.007

                                                                Credential Access

                                                                Discovery

                                                                Peripheral Device Discovery

                                                                2
                                                                T1120

                                                                Query Registry

                                                                4
                                                                T1012

                                                                System Information Discovery

                                                                3
                                                                T1082

                                                                System Location Discovery

                                                                1
                                                                T1614

                                                                System Language Discovery

                                                                1
                                                                T1614.001

                                                                System Time Discovery

                                                                1
                                                                T1124

                                                                Lateral Movement

                                                                Collection

                                                                Command and Control

                                                                Exfiltration

                                                                Impact

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Config.Msi\e581019.rbs
                                                                  Filesize

                                                                  8KB

                                                                  MD5

                                                                  5bf79956862db2c0c53919783ece7606

                                                                  SHA1

                                                                  50d53d37035faf2117cb1faccdb38722a1f9311d

                                                                  SHA256

                                                                  e2f956085ba147dfc9d574927e461897b342d29b0ed3de60c54a3c7c3bd41c32

                                                                  SHA512

                                                                  961d41b6bb9805a4daf82204942863c2d3ad1f6120ca44228a66ccef0afb6a8b2bfc583fd24e6f76c7ec40b2d325b03fbf29cd1356e7fa27b300fbc06dcbd2ca

                                                                  Download Submit

                                                                • C:\Config.Msi\e58101e.rbs
                                                                  Filesize

                                                                  74KB

                                                                  MD5

                                                                  5a3f17c70942b672ac3b7827c71fd0a6

                                                                  SHA1

                                                                  d8fe9afccd9d11df26d978876453422fd6e29dc4

                                                                  SHA256

                                                                  8af1d274657534f2f303f03b4ad9d691a4ddb7f4ff762920ef34e28ebf3382c6

                                                                  SHA512

                                                                  7f8d82677171e77620a22cdc207c136082b298e79c511eb32ee243e73fa6a6451d582d16536f6629f292e18483c88324af9b07463a24fd0b4afa6ea9dbb930cc

                                                                  Download Submit

                                                                • C:\Config.Msi\e581020.rbs
                                                                  Filesize

                                                                  464B

                                                                  MD5

                                                                  a8cb5e2f46e0b7d6b98e6b97478a2be3

                                                                  SHA1

                                                                  63234835a49ee1de6636652d40cc4601e2da9514

                                                                  SHA256

                                                                  c83c0c2de64267a5fbd41ade5a698475ddcd906587f400f54b52f02bc70c905a

                                                                  SHA512

                                                                  99c53d1c888849522af5a886cb505939998a30d4ead03e749e5afac5405583b1567d49702cbf89a5e4d0459b628d29b09ab6f2fec3843e4a6c795cdb3d7d7ac1

                                                                  Download Submit

                                                                • C:\Config.Msi\e581026.rbs
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  b01a00e8b7629d1fd7f2e0cccef32e07

                                                                  SHA1

                                                                  24a8cf682986df07c3ba8aac68e164c286dab132

                                                                  SHA256

                                                                  188b4d9a85f219d79c0c3eb8acde43dbefc6a1c3b37779b8dc2893ab6349132e

                                                                  SHA512

                                                                  badd0b0f016cb79a6181911ccc25f0513026a2f90feae2beb354e8fc846d18128be26b1c6948f9978437258b211d8b209916b9deb0cadf10a6a531c094bbea0c

                                                                  Download Submit

                                                                • C:\Config.Msi\e58102e.rbs
                                                                  Filesize

                                                                  8KB

                                                                  MD5

                                                                  f59012421cd723baedabec391000ea98

                                                                  SHA1

                                                                  826e38b5f74f0ca46ffe0aad3f7d84eae4f30230

                                                                  SHA256

                                                                  41d91277d2ca4df2b7bc1fb40d80a81350ce4abeda5f88c00fe5b1acf2dc2dc3

                                                                  SHA512

                                                                  de4d6ee541b86c255582185ff14489741951eb6656e0c8dc21b0a9d1397f12a3cabaea2c33595421b619b33dc26b64e37d87d0832a28b6d033316609661d91a6

                                                                  Download Submit

                                                                • C:\Config.Msi\e581033.rbs
                                                                  Filesize

                                                                  48KB

                                                                  MD5

                                                                  e689c8d8576b7fe09c80692cb6beb174

                                                                  SHA1

                                                                  483e8156a72ad889e5fc19db6fc403cac057df46

                                                                  SHA256

                                                                  4b52c126dd889105113ba57d949a1782566bfdf368605f2b93d7271d0dace2dc

                                                                  SHA512

                                                                  4b02a4868aad8c0ede14fca457ba64ee9f5f3254b5620e45a0a5e018dcb66371d5b24d4aa883b6d8e735c58cab59c3a62d2fc9bddd6c94dd14e65aae0b7183a1

                                                                  Download Submit

                                                                • C:\Config.Msi\e581038.rbs
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  c8e98fd959c0faf00381c6128b5b6ae1

                                                                  SHA1

                                                                  e1f901a17c97ba91538fb873887260369a56fc97

                                                                  SHA256

                                                                  a5718457db21922624d92b2b7b064bad64376d6bcb77dcd8594ec5a58324a8d4

                                                                  SHA512

                                                                  d53e09ca6c7fc5603d85743c163f4b409d689299e0333ec2d41dd1964ac54cd9c19de0eb18c30a408a3e4615d3520ec58afcd1f897061ede55fa79e5575e813c

                                                                  Download Submit

                                                                • C:\Config.Msi\e58103d.rbs
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  ce7f74bd24106bdaae7bc48acfb00b09

                                                                  SHA1

                                                                  6f89e71c0660c9b1f40b81b1c5c9e7a5c66d3033

                                                                  SHA256

                                                                  c36233e7f7abaa0ab3e93b7c29f232dac80b86d1c027d4f2ffda156d16e3036b

                                                                  SHA512

                                                                  3236d8ac82bd7d0529cde495e99613bcd1dc9a6f465627ebeeafa71ba77c9ceee34426a2e6b1b4820af83a07152011fd7dfe2f98f613b3aa386e5cd55c5391c2

                                                                  Download Submit

                                                                • C:\Config.Msi\e581042.rbs
                                                                  Filesize

                                                                  8KB

                                                                  MD5

                                                                  634afbceb2708a3ebafc2272108a7d60

                                                                  SHA1

                                                                  e5ce33bdd2531b3f66ce536b23f74eb6cbe4894f

                                                                  SHA256

                                                                  12b696471a2cba3bed01f0965ff730b023c5bac193d6f28b86ab0482c318271d

                                                                  SHA512

                                                                  258cf9e4c85de8f0f7d3d87e3960bb19de37541a399d80f191a54ab24b49707e3e92ced12c686a6dd8bfb21815c6e2de2e61cf9ada50c64c6906eaef6f45a95e

                                                                  Download Submit

                                                                • C:\Config.Msi\e581043.rbf
                                                                  Filesize

                                                                  143KB

                                                                  MD5

                                                                  33b4c87f18b4c49114d7a8980241657a

                                                                  SHA1

                                                                  254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                  SHA256

                                                                  587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                  SHA512

                                                                  42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                  Download Submit

                                                                • C:\Config.Msi\e581044.rbf
                                                                  Filesize

                                                                  3B

                                                                  MD5

                                                                  21438ef4b9ad4fc266b6129a2f60de29

                                                                  SHA1

                                                                  5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                  SHA256

                                                                  13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                  SHA512

                                                                  37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  3840b31c383fdf49bfd6740d945c9032

                                                                  SHA1

                                                                  a6f50164a69718bcef4664d7c47534f0d721866a

                                                                  SHA256

                                                                  1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

                                                                  SHA512

                                                                  f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                  Filesize

                                                                  142KB

                                                                  MD5

                                                                  477293f80461713d51a98a24023d45e8

                                                                  SHA1

                                                                  e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                  SHA256

                                                                  a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                  SHA512

                                                                  23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  b3bb71f9bb4de4236c26578a8fae2dcd

                                                                  SHA1

                                                                  1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                  SHA256

                                                                  e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                  SHA512

                                                                  fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                  Filesize

                                                                  210KB

                                                                  MD5

                                                                  c106df1b5b43af3b937ace19d92b42f3

                                                                  SHA1

                                                                  7670fc4b6369e3fb705200050618acaa5213637f

                                                                  SHA256

                                                                  2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                  SHA512

                                                                  616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                  Filesize

                                                                  693KB

                                                                  MD5

                                                                  2c4d25b7fbd1adfd4471052fa482af72

                                                                  SHA1

                                                                  fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                  SHA256

                                                                  2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                  SHA512

                                                                  f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                  Filesize

                                                                  146KB

                                                                  MD5

                                                                  8d477b63bc5a56ae15314bda8dea7a3a

                                                                  SHA1

                                                                  3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                  SHA256

                                                                  9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                  SHA512

                                                                  44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                                  Filesize

                                                                  145KB

                                                                  MD5

                                                                  d7b2ab03e3b1a165783362f5ca78c6d8

                                                                  SHA1

                                                                  3687d9b5ae423cb301665ecc90f18daf2d5de55d

                                                                  SHA256

                                                                  da6d12273298417c10fc1f0d727cc38284454733959a7418a2a8cf3968321cdb

                                                                  SHA512

                                                                  a8ebceef001d60799522114da17b098f23e7b19b1725f5bb91a971462bb14445226d5fa9fae3987399a531c838d912245d5dd3aa866e0cb230a86240ab1532ab

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                  Filesize

                                                                  145KB

                                                                  MD5

                                                                  2b9beb2fdbc41afc48d68d32ef41dd08

                                                                  SHA1

                                                                  4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                  SHA256

                                                                  977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                  SHA512

                                                                  3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                  Filesize

                                                                  51KB

                                                                  MD5

                                                                  3180c705182447f4bcc7ce8e2820b25d

                                                                  SHA1

                                                                  ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                  SHA256

                                                                  5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                  SHA512

                                                                  228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                  Filesize

                                                                  12B

                                                                  MD5

                                                                  b9b3d6c686765a6b0b61a745d430375b

                                                                  SHA1

                                                                  9fc00362b4925e4f4e41fec32eaee14d1b3db906

                                                                  SHA256

                                                                  9a52038c8c84b12293b09dbc65aef1b15a54fc4b9a7a8b6c8bef9c4768155767

                                                                  SHA512

                                                                  6a5f58a8346128296c34f474c7e4ed0d1567439bc85ff5bb55091e953d7df6af6bca256eb2d7a5e3ece56d42610d235fa52ab283a7d00d4b31d0aae34be4fef7

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                  Filesize

                                                                  247KB

                                                                  MD5

                                                                  849cacb8dff5de7ccc9c514229f6c931

                                                                  SHA1

                                                                  723669746e5f54fa419a02e9d90edfb659459cd5

                                                                  SHA256

                                                                  23f5cb1e889f1a8f5965a880e9858f4913fa40558c810c6cfc4d69d96c2c42f7

                                                                  SHA512

                                                                  c4d218611cd46832c9656ec873e8c277c918fdbab871b2265cca7024f805f9f7cf2873a4458391a25c3e0d56c3dcf94b12ff60116160b5db72052673fdf09755

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                  Filesize

                                                                  1021B

                                                                  MD5

                                                                  51a41966b950af62998eee5043f543b0

                                                                  SHA1

                                                                  d4ce80134834a1f10d50a6cac3ca3a3e80ff1dc2

                                                                  SHA256

                                                                  f1461b023e02fac832979ebf9bfa59ee7043885c90fc8ee6f8077f07a1cb7097

                                                                  SHA512

                                                                  9c4ba08451116f92036ce24075a641eb5973b740bb876cb8ec7229dae10308364404f175b8abd1f0d6eefa73b9123fa857bf2c3b39577d767831444f99435936

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                  Filesize

                                                                  109KB

                                                                  MD5

                                                                  17f6bfaeb887a39cad3433c6fd11e33e

                                                                  SHA1

                                                                  388df13dd0e7a6d94f7c949a48abc59ac9fb059b

                                                                  SHA256

                                                                  dfcc3dd196a4873b85ba2357ded27281cd7330ea05bfce1ba4134f3b16fb6531

                                                                  SHA512

                                                                  2a82ca12cbac5aab250f10a81281c13ccf24c94f365ce5b2b4e5271f54d2c4477a86b066c31e2e59c78d7f9dbb25d95796eecc0e6c503a249ba9b6b7eb2939b5

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                  Filesize

                                                                  693KB

                                                                  MD5

                                                                  c945ce7d10429cbbb75d300f5ad6a2bb

                                                                  SHA1

                                                                  f4abee3f357d95064deb051ad869a1c65306334a

                                                                  SHA256

                                                                  b273634da59a6e13c97593118b36c6f9eacb37344796998dafa724459bae7681

                                                                  SHA512

                                                                  01558c4b14c8ba03901adca270e594ef33c5181013c5df171a3533deaeb4327e1da5c82301cda5652f6290c78bf460f26c0d8fe19eb03a130ec5eac6ef824dde

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                  Filesize

                                                                  27KB

                                                                  MD5

                                                                  797c9554ec56fd72ebb3f6f6bef67fb5

                                                                  SHA1

                                                                  40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                  SHA256

                                                                  7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                  SHA512

                                                                  4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                  Filesize

                                                                  214KB

                                                                  MD5

                                                                  01807774f043028ec29982a62fa75941

                                                                  SHA1

                                                                  afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                  SHA256

                                                                  9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                  SHA512

                                                                  33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                  Filesize

                                                                  37KB

                                                                  MD5

                                                                  efb4712c8713cb05eb7fe7d87a83a55a

                                                                  SHA1

                                                                  c94d106bba77aecf88540807da89349b50ea5ae7

                                                                  SHA256

                                                                  30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                  SHA512

                                                                  3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                  Filesize

                                                                  3.5MB

                                                                  MD5

                                                                  723a7f489fb1861821fee5f5de0acba0

                                                                  SHA1

                                                                  ad76a8ec8cd52346c575894e08c458e1adf620b7

                                                                  SHA256

                                                                  0b1afe081f2e2aefdcf40cada67e79e287536999e99145748aeeb4f0010730f5

                                                                  SHA512

                                                                  b3ea87dd52d79b73b443154b71ea44da1ce86032bb4646d2a2813218e55113b3c1b854dc638229ecda370fa49863228dea1e86b6d455457095a9de865e25b0e1

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                  Filesize

                                                                  396KB

                                                                  MD5

                                                                  b5929e2ca0e402a373b633bb78d0414a

                                                                  SHA1

                                                                  38146d4f3ddca1b1e854bf638b7722356e5e2195

                                                                  SHA256

                                                                  d7b43a4807e1841b94353656fcfd45b69f7550adf137c56aefb85104883fb821

                                                                  SHA512

                                                                  65e02019656d61238b8fc784496eb6ccf238a5f6eff9b101893641cb45d9c63058cf67abb2bc75007e9e2726458115eb8e9ad9a4cf34a86435ea637dc78c3ea6

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                  Filesize

                                                                  48KB

                                                                  MD5

                                                                  d867451584941298b9f1ebfcfc90aec8

                                                                  SHA1

                                                                  b2b495d719052b360dfc886f64f46af93e488003

                                                                  SHA256

                                                                  24655b93a1fc8a50bbb74a089d938c878b2b725012027e765aa6aaff41d591da

                                                                  SHA512

                                                                  64a0ce9fcc6a73e3485c1e76a914e7aa4ae32fa50732d9c2adee927eabe5f09764ec52bbab17cf5e18bed0bfd42e8baecf1da6a18eaf513203f82be641a3e92e

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                  Filesize

                                                                  205KB

                                                                  MD5

                                                                  df56f2b155823b6acab45139c3a48367

                                                                  SHA1

                                                                  05fc8e4a0eae77e259a85db1f34c10ae978416cf

                                                                  SHA256

                                                                  abe2f4422997c38308ceb941b6ab33bc5978c22d2e95ff0c1ae18f203bbc090e

                                                                  SHA512

                                                                  76878818e23da0bb4293183e739b738a68ca2c39ac102b00de108123f36c210e37f0554235c3723ae4a54a3404e69b4b6d4ad82427895d31b21a898f82513734

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                  Filesize

                                                                  54KB

                                                                  MD5

                                                                  77c613ffadf1f4b2f50d31eeec83af30

                                                                  SHA1

                                                                  76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                                  SHA256

                                                                  2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                                  SHA512

                                                                  29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                  Filesize

                                                                  333KB

                                                                  MD5

                                                                  745714d838c4d4f88c6e0db6a434f444

                                                                  SHA1

                                                                  90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                  SHA256

                                                                  e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                  SHA512

                                                                  08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                  Filesize

                                                                  70KB

                                                                  MD5

                                                                  e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                  SHA1

                                                                  22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                  SHA256

                                                                  bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                  SHA512

                                                                  00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                  Filesize

                                                                  50KB

                                                                  MD5

                                                                  5bb0687e2384644ea48f688d7e75377b

                                                                  SHA1

                                                                  44e4651a52517570894cfec764ec790263b88c4a

                                                                  SHA256

                                                                  963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                  SHA512

                                                                  260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                  Filesize

                                                                  32KB

                                                                  MD5

                                                                  653e24836cca87a61fdc0443842d02f9

                                                                  SHA1

                                                                  d3419ee871b4f18a2cf690208a4ac9917aa133eb

                                                                  SHA256

                                                                  e3dff2e33ebf10fd7364e01401894f8ed1216c3d10e85483f0d16004812da19c

                                                                  SHA512

                                                                  a76dd7572b2a12256039c6fd537d440146d3c3c0a02d91af9378239c5380bf907528018b4cb02031352ee025deb83f333e950f1517b1c17b49739e0186dfdc62

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                  Filesize

                                                                  60KB

                                                                  MD5

                                                                  5c5c5f5be28276fb9a808d93eef71267

                                                                  SHA1

                                                                  e89938944bdf0cf7d91bc37ff1f129749f2989f9

                                                                  SHA256

                                                                  6ee89d62bde6c8656a70dfeb3665e96288dc3c77ea67e955ff041c6bef8065dc

                                                                  SHA512

                                                                  ee568509ba54c90c82423f36d7bf34407a34fd748df38871f53d4e35b28502d50fb2f6dddaf1e55c427c4ad99142a9e1e9b9763abbc2a8cee457af349df23f7b

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                  Filesize

                                                                  588KB

                                                                  MD5

                                                                  17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                  SHA1

                                                                  bc0316e11c119806907c058d62513eb8ce32288c

                                                                  SHA256

                                                                  13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                  SHA512

                                                                  f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                  Download Submit

                                                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                  Filesize

                                                                  214B

                                                                  MD5

                                                                  17832b0f91e36220fd32cfcec662245e

                                                                  SHA1

                                                                  874ae75bc4749135abc9e09f32a86fb8aa0f6b8a

                                                                  SHA256

                                                                  8982450303246146bd35fee343443e17a132b1a5b339614bf2bb0d7715a1d452

                                                                  SHA512

                                                                  5e384285aff5a9026ee9ebf5893bd9a20dd3694093cab24d31e91d000bcb3704a41e8b92f69a6d35f34a6453bb2564f2118874ffb3b6b7da1aa6b4e861871673

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  1ef7574bc4d8b6034935d99ad884f15b

                                                                  SHA1

                                                                  110709ab33f893737f4b0567f9495ac60c37667c

                                                                  SHA256

                                                                  0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                  SHA512

                                                                  947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  f512536173e386121b3ebd22aac41a4e

                                                                  SHA1

                                                                  74ae133215345beaebb7a95f969f34a40dda922a

                                                                  SHA256

                                                                  a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                  SHA512

                                                                  1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                  Filesize

                                                                  76KB

                                                                  MD5

                                                                  b40fe65431b18a52e6452279b88954af

                                                                  SHA1

                                                                  c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                  SHA256

                                                                  800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                  SHA512

                                                                  e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                  Filesize

                                                                  80KB

                                                                  MD5

                                                                  3904d0698962e09da946046020cbcb17

                                                                  SHA1

                                                                  edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                  SHA256

                                                                  a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                  SHA512

                                                                  c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                  Filesize

                                                                  287B

                                                                  MD5

                                                                  fcad4da5d24f95ebf38031673ddbcdb8

                                                                  SHA1

                                                                  3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                                  SHA256

                                                                  7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                                  SHA512

                                                                  1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                  Filesize

                                                                  717B

                                                                  MD5

                                                                  ef0a07aec4367a64c16c581da2657aa9

                                                                  SHA1

                                                                  13011a5abcbadb3424fb6ecee560665556bb1d24

                                                                  SHA256

                                                                  f8c02541eba2fde1b29b3ce428cbb0f1913110d4bba9b52f7252f728e9fce987

                                                                  SHA512

                                                                  35cfaedb4e5f754dde69f4cef508bbd6127408c405baa5ee2e20104f9aaa1ff2a228f0bfa42d51dcd1006e026ce238bd7042906e449ca78ef91e4d00b08c5c46

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  362ce475f5d1e84641bad999c16727a0

                                                                  SHA1

                                                                  6b613c73acb58d259c6379bd820cca6f785cc812

                                                                  SHA256

                                                                  1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                  SHA512

                                                                  7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                  Filesize

                                                                  1.3MB

                                                                  MD5

                                                                  40df7f2a02cdfa70ae76d70d21473428

                                                                  SHA1

                                                                  4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                  SHA256

                                                                  f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                  SHA512

                                                                  2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.runtimeconfig.json
                                                                  Filesize

                                                                  375B

                                                                  MD5

                                                                  e8d9109bd15637b1fbf349f9c7ff776f

                                                                  SHA1

                                                                  19762daa20afc8085ba6417a7215f1fe2d619f60

                                                                  SHA256

                                                                  c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                                  SHA512

                                                                  5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software.zip
                                                                  Filesize

                                                                  1.6MB

                                                                  MD5

                                                                  a200756f60c7f437127e6883f72ed609

                                                                  SHA1

                                                                  b882102b7a418d034bd857fa4878c2a219f2f5e2

                                                                  SHA256

                                                                  8a67a2ba74c799da7e45ebe63add46dfdd5fcfa4218e30a77b72f47c79dc84f2

                                                                  SHA512

                                                                  a076ee7ac35e8db305955f918a439c0861f0fa4a1846904a8acae1a20fc1e7ad5551fe9e38b29f97428b6680128377f96e325c874f47c5b7b4e2f840d7630803

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                  Filesize

                                                                  1.8MB

                                                                  MD5

                                                                  5ed9543e9f5826ead203316ef0a8863d

                                                                  SHA1

                                                                  8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                  SHA256

                                                                  33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                  SHA512

                                                                  5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                  Filesize

                                                                  1.1MB

                                                                  MD5

                                                                  9a9b1fd85b5f1dcd568a521399a0d057

                                                                  SHA1

                                                                  34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                  SHA256

                                                                  88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                  SHA512

                                                                  7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                  Filesize

                                                                  673KB

                                                                  MD5

                                                                  63a422ae6bf3e855a6ad03e38fd9227d

                                                                  SHA1

                                                                  bd2b4d36fd46ee68210df03834b49efa3d92fe0c

                                                                  SHA256

                                                                  96914b93e416796b415cf63210345f0c5a806aeafb9a6c61bf2a2acfef756b34

                                                                  SHA512

                                                                  40cbde0a05c73509c8f1f55c13e720ca91016fbbe5eca688dcc2af71a12049680502ed7062994b3c26a22924b41b1c1cc11a6a463446b0d27c7293298b243793

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                  Filesize

                                                                  321KB

                                                                  MD5

                                                                  d3901e62166e9c42864fe3062cb4d8d5

                                                                  SHA1

                                                                  c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                  SHA256

                                                                  dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                  SHA512

                                                                  ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                  Filesize

                                                                  814KB

                                                                  MD5

                                                                  9b1f97a41bfb95f148868b49460d9d04

                                                                  SHA1

                                                                  768031d5e877e347a249dfdeab7c725df941324b

                                                                  SHA256

                                                                  09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                  SHA512

                                                                  9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                  Filesize

                                                                  1.2MB

                                                                  MD5

                                                                  e74d2a16da1ddb7f9c54f72b8a25897c

                                                                  SHA1

                                                                  32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                  SHA256

                                                                  a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                  SHA512

                                                                  52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                                  Filesize

                                                                  11B

                                                                  MD5

                                                                  5eda46a55c61b07029e7202f8cf1781c

                                                                  SHA1

                                                                  862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                                  SHA256

                                                                  12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                                  SHA512

                                                                  4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                  Filesize

                                                                  12B

                                                                  MD5

                                                                  b2d5d511002960697118598e9233b21d

                                                                  SHA1

                                                                  9f0c9252594d590e47027d9fb6afc34abbd3d6f1

                                                                  SHA256

                                                                  a7a70e5be36672e698230c01904255958bf3e5d81bb5655ffc8dc9221b6134be

                                                                  SHA512

                                                                  d773d1c77c59c51270ec4f1357ae227e81ca599a98798001ad2c587f1b54877501128a9895ebdc47a5d0a0372a2804ecdc9fb9b47f1ea53607c54eb74a4a7dd7

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                  Filesize

                                                                  48KB

                                                                  MD5

                                                                  b4a865268d5aca5f93bab91d7d83c800

                                                                  SHA1

                                                                  95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                  SHA256

                                                                  5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                  SHA512

                                                                  c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                  Filesize

                                                                  48KB

                                                                  MD5

                                                                  3bffa4d05902f5abf6885804d9113e86

                                                                  SHA1

                                                                  84af3d3b555e1a3e84696b1648e496be05046ce6

                                                                  SHA256

                                                                  d680ad284cd62f02c5e66570c50af81fcb394c7f7bf38cdfb2e9c346db0e96eb

                                                                  SHA512

                                                                  b466fc58fd2d1e6649bb1f2f1f567fd0f7b6b60f4dd255643cfbff20cbb48210b2688ade306939eb634e205fa0fdb59938af18e061a23285ca7ccf9060e03de1

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                  Filesize

                                                                  48KB

                                                                  MD5

                                                                  c568f485d4429e4f796845560c556259

                                                                  SHA1

                                                                  2909917d6e21d404c7e5de846d02fb0ab8a06c1d

                                                                  SHA256

                                                                  e1131aa1b145718046f62975834a79a7fd7fb973cf7284494afaccbb3c8a7a14

                                                                  SHA512

                                                                  0d3a7b75de930f7941ac9bc28a325e1d8cf0230093cb8eb35a9eadb23a23089622a232368e85d85dc252eb4ee4e89711ace8e23e6437c4dae7ba01d03382341c

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                  Filesize

                                                                  1.1MB

                                                                  MD5

                                                                  6c6f85e896655a6eb726482f04c49086

                                                                  SHA1

                                                                  2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                                  SHA256

                                                                  e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                                  SHA512

                                                                  b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                  Filesize

                                                                  541B

                                                                  MD5

                                                                  d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                  SHA1

                                                                  e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                  SHA256

                                                                  7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                  SHA512

                                                                  a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                  Filesize

                                                                  12B

                                                                  MD5

                                                                  880d31390a25de6a9cd34463b46c75e6

                                                                  SHA1

                                                                  837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                  SHA256

                                                                  425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                  SHA512

                                                                  8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                  Filesize

                                                                  670KB

                                                                  MD5

                                                                  96e50bbca30d75af7b8b40acf8dda817

                                                                  SHA1

                                                                  4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                  SHA256

                                                                  a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                  SHA512

                                                                  0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                  Filesize

                                                                  3.1MB

                                                                  MD5

                                                                  8521aaed55b11624c6ecfbf96f9c7075

                                                                  SHA1

                                                                  49e5dd2c3c7bced8f133aa84c903b3770a70ee37

                                                                  SHA256

                                                                  e946b42b249411a89660252ea65e760a6b3c22ac95f4122a405bce04d511820e

                                                                  SHA512

                                                                  080fc4392d5f2eb9bb88ca853347d2bac51a936c38df7cef7eedbd206dac0d51c262ed13095eaca62251730197d5353b7abee5c57f6421308aaabd9ac69622b8

                                                                  Download Submit

                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                                  Filesize

                                                                  571KB

                                                                  MD5

                                                                  f41e9ef0f54bfc3ea79f7637d4ed1231

                                                                  SHA1

                                                                  41dff80bb43f29b1a417fa99238db2bb6ac7a29e

                                                                  SHA256

                                                                  b2be0b6ade2ccb3fc0b93cf226c08664f71c7dc55d7ca6d334ee4e77610585f1

                                                                  SHA512

                                                                  3ee90a0c459185cceaf1456dbba2d1504067ceb15ed656c9f579d13b3e1e1171415c837ad37ab77f030a91e106a01066ac212f83d7449ef403ad3702ad25dba5

                                                                  Download Submit

                                                                • C:\Program Files\dotnet\dotnet.exe
                                                                  Filesize

                                                                  143KB

                                                                  MD5

                                                                  71026b098f8fb39c88b003df746d9fa0

                                                                  SHA1

                                                                  013ca259f551ad6f33db53fff0e121e74408e20e

                                                                  SHA256

                                                                  11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                  SHA512

                                                                  9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                  Download Submit

                                                                • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\80da06d98b42d153baa0bd3ed8925925
                                                                  Filesize

                                                                  16KB

                                                                  MD5

                                                                  b2e89027a140a89b6e3eb4e504e93d96

                                                                  SHA1

                                                                  f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                  SHA256

                                                                  5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                  SHA512

                                                                  93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                  Filesize

                                                                  471B

                                                                  MD5

                                                                  b566a3ddfec71ee36c539ab7f82b7ef6

                                                                  SHA1

                                                                  301b43ddaf0e35389aae474c7d6996ac9def9457

                                                                  SHA256

                                                                  6e3c60fb4060a66f84ddd789315557b2a8d5d86794c838ca7a56bd77a171ce20

                                                                  SHA512

                                                                  f38bb1d6f1e86e0417996f6a5d55380fe599c74c9fba7a4746280ebe5aeb9a549b4b24e7ad345235cc9c3ab9a3f552f309ee0bf8fa4eb4cb296804a0eb9f2b2e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                  Filesize

                                                                  727B

                                                                  MD5

                                                                  fec190a6d09c2973070f1c7bbc40e741

                                                                  SHA1

                                                                  7a88d823c78c17827af186be3842a0e24589ce2a

                                                                  SHA256

                                                                  e618aa334ec2b6089cc83976bf2078c7c1db5508529c620dff4d302ca047697f

                                                                  SHA512

                                                                  0d9ecb17b4663dd4ead39275f3105fe4214f06192d885deb0749e6c97f66c773817ae4daba95e92a1fd9fff93c094108efb09b7b79e2cc3f0c6ba29422912b0e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                  Filesize

                                                                  727B

                                                                  MD5

                                                                  9864170acad2c8eb1c365473a4842b2f

                                                                  SHA1

                                                                  04b2ed10bb1236fab447ae37af9d51fa554138cf

                                                                  SHA256

                                                                  c2fce6225070376541b4122ed8cc62caf95e58649b6c56af04d0fb637dab7837

                                                                  SHA512

                                                                  78ec628533390b4074478208f3723f690c5ba953aef70dc4163ae2fdaf551d68d440d5d3e54910ba2f0a6da5d01da7d9adbb39b7168f114dc1e522569ab555ec

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                  Filesize

                                                                  400B

                                                                  MD5

                                                                  d322f483a162f1b46a8d7b2247084f83

                                                                  SHA1

                                                                  abdee9bb4e266468246ed8d6a5bfdf37efb28ab4

                                                                  SHA256

                                                                  0e2a0aa97ce1e61d989a78558c7bfe2bde618378bb05e3855cd41cdad5ba990f

                                                                  SHA512

                                                                  066c2feba86f077576e051d9a637b4aad6d27a906ea89f74eaee321df5a530991d2b6a77190029e9909b44eee3064cb23043ce81394181d3bea57e731eeb1cd1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                  Filesize

                                                                  412B

                                                                  MD5

                                                                  d97f23b7aad06d2e72c9f38584210869

                                                                  SHA1

                                                                  f1dfbb62c2088c0ad775bc87472b26a5b6d3d977

                                                                  SHA256

                                                                  69572e8207f8a6cde1b42eb09d37cab1804a48268096af3eff0cd6dc55ad6530

                                                                  SHA512

                                                                  49d3a0e8c096e5823d45d29f2f591e68a5a98f38c47f11d6c4b24cf72398552032ddef7769fa5ef2aed3061fe4f35c3e75771907e623fdb9a79369ba644afc5c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                  Filesize

                                                                  412B

                                                                  MD5

                                                                  8debc754cfa42c3293dc27892edfe456

                                                                  SHA1

                                                                  386fda0842ee77510424c850b2ab9e9e27418673

                                                                  SHA256

                                                                  9fc449a9ae8fc3cd677a963f9a95a7c5e5c43b6d05e8e83bc685865844254c51

                                                                  SHA512

                                                                  2052b077e63d8937fbfffa97d71d86ce224871466d005c5aff718bad518e8d7af5096c5cb9fa687f02ccc61148b07246c3ecd80499b262d0e2c3b3feb74aa524

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                  Filesize

                                                                  651B

                                                                  MD5

                                                                  9bbfe11735bac43a2ed1be18d0655fe2

                                                                  SHA1

                                                                  61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                  SHA256

                                                                  549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                  SHA512

                                                                  a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI10A5.tmp
                                                                  Filesize

                                                                  509KB

                                                                  MD5

                                                                  88d29734f37bdcffd202eafcdd082f9d

                                                                  SHA1

                                                                  823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                  SHA256

                                                                  87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                  SHA512

                                                                  1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI10A5.tmp-\AlphaControlAgentInstallation.dll
                                                                  Filesize

                                                                  25KB

                                                                  MD5

                                                                  aa1b9c5c685173fad2dabebeb3171f01

                                                                  SHA1

                                                                  ed756b1760e563ce888276ff248c734b7dd851fb

                                                                  SHA256

                                                                  e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                  SHA512

                                                                  d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI10A5.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                  Filesize

                                                                  179KB

                                                                  MD5

                                                                  1a5caea6734fdd07caa514c3f3fb75da

                                                                  SHA1

                                                                  f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                  SHA256

                                                                  cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                  SHA512

                                                                  a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI1317.tmp-\CustomAction.config
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  bc17e956cde8dd5425f2b2a68ed919f8

                                                                  SHA1

                                                                  5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                  SHA256

                                                                  e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                  SHA512

                                                                  02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI1317.tmp-\Newtonsoft.Json.dll
                                                                  Filesize

                                                                  695KB

                                                                  MD5

                                                                  715a1fbee4665e99e859eda667fe8034

                                                                  SHA1

                                                                  e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                  SHA256

                                                                  c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                  SHA512

                                                                  bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI1ADA.tmp
                                                                  Filesize

                                                                  211KB

                                                                  MD5

                                                                  a3ae5d86ecf38db9427359ea37a5f646

                                                                  SHA1

                                                                  eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                  SHA256

                                                                  c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                  SHA512

                                                                  96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI555B.tmp
                                                                  Filesize

                                                                  219KB

                                                                  MD5

                                                                  928f4b0fc68501395f93ad524a36148c

                                                                  SHA1

                                                                  084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                  SHA256

                                                                  2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                  SHA512

                                                                  7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSI73D2.tmp
                                                                  Filesize

                                                                  4.5MB

                                                                  MD5

                                                                  08211c29e0d617a579ffa2c41bde1317

                                                                  SHA1

                                                                  4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                  SHA256

                                                                  3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                  SHA512

                                                                  d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                  Download Submit

                                                                • C:\Windows\Installer\MSICFFF.tmp-\System.Management.dll
                                                                  Filesize

                                                                  60KB

                                                                  MD5

                                                                  878e361c41c05c0519bfc72c7d6e141c

                                                                  SHA1

                                                                  432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                  SHA256

                                                                  24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                  SHA512

                                                                  59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                  Download Submit

                                                                • C:\Windows\Installer\e581018.msi
                                                                  Filesize

                                                                  2.9MB

                                                                  MD5

                                                                  fff3cfda9152e4ea7d2a9524b8e8f9d0

                                                                  SHA1

                                                                  666f0e0a551a32f7ce0a6e660f0e1b1089fd7f7b

                                                                  SHA256

                                                                  4adf98b6c55cc8574e15d338e0f0d0a9ad1ef25e8a968f7b260047245429ba09

                                                                  SHA512

                                                                  62f1c207f9355d4308b8e2af7f2f8f539a371738fb08449691e045c569a1c760c3b1138e642646b5a148b3e9ba2a02aa49dc186be665da35739ad9ada0421dc0

                                                                  Download Submit

                                                                • C:\Windows\Installer\e581030.msi
                                                                  Filesize

                                                                  26.3MB

                                                                  MD5

                                                                  b9c6d23462adef092b8a5b7880531b03

                                                                  SHA1

                                                                  9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                  SHA256

                                                                  2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                  SHA512

                                                                  18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                  Download Submit

                                                                • C:\Windows\Installer\e581035.msi
                                                                  Filesize

                                                                  772KB

                                                                  MD5

                                                                  d73de5788ab129f16afdd990d8e6bfa9

                                                                  SHA1

                                                                  88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                  SHA256

                                                                  4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                  SHA512

                                                                  bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{11c5bda0-43f1-8241-9c93-97ff8765f3cd}\lci_iddcx.cat
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  62458e58313475c9a3642a392363e359

                                                                  SHA1

                                                                  e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                  SHA256

                                                                  85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                  SHA512

                                                                  49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{11c5bda0-43f1-8241-9c93-97ff8765f3cd}\lci_iddcx.inf
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  1cec22ca85e1b5a8615774fca59a420b

                                                                  SHA1

                                                                  049a651751ef38321a1088af6a47c4380f9293fc

                                                                  SHA256

                                                                  60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                  SHA512

                                                                  0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{11c5bda0-43f1-8241-9c93-97ff8765f3cd}\x64\lci_iddcx.dll
                                                                  Filesize

                                                                  52KB

                                                                  MD5

                                                                  01e8bc64139d6b74467330b11331858d

                                                                  SHA1

                                                                  b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                  SHA256

                                                                  148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                  SHA512

                                                                  4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{cf0c7305-3510-2246-bd77-28c7d107ceef}\lci_proxywddm.cat
                                                                  Filesize

                                                                  12KB

                                                                  MD5

                                                                  8e16d54f986dbe98812fd5ec04d434e8

                                                                  SHA1

                                                                  8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                  SHA256

                                                                  7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                  SHA512

                                                                  e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{cf0c7305-3510-2246-bd77-28c7d107ceef}\lci_proxywddm.inf
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  0315a579f5afe989154cb7c6a6376b05

                                                                  SHA1

                                                                  e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                  SHA256

                                                                  d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                  SHA512

                                                                  c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{cf0c7305-3510-2246-bd77-28c7d107ceef}\x64\lci_proxyumd.dll
                                                                  Filesize

                                                                  179KB

                                                                  MD5

                                                                  4dc11547a5fc28ca8f6965fa21573481

                                                                  SHA1

                                                                  d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                  SHA256

                                                                  e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                  SHA512

                                                                  bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{cf0c7305-3510-2246-bd77-28c7d107ceef}\x64\lci_proxyumd32.dll
                                                                  Filesize

                                                                  135KB

                                                                  MD5

                                                                  67ae7b2c36c9c70086b9d41b4515b0a8

                                                                  SHA1

                                                                  ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                  SHA256

                                                                  79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                  SHA512

                                                                  4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                  Download Submit

                                                                • C:\Windows\System32\DriverStore\Temp\{cf0c7305-3510-2246-bd77-28c7d107ceef}\x64\lci_proxywddm.sys
                                                                  Filesize

                                                                  119KB

                                                                  MD5

                                                                  b9b0e9b4d93b18b99ece31a819d71d00

                                                                  SHA1

                                                                  2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                  SHA256

                                                                  0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                  SHA512

                                                                  465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                  Download Submit

                                                                • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-08-27-30.dat
                                                                  Filesize

                                                                  602B

                                                                  MD5

                                                                  54ee2de1bf8893dd1528b5ef33e80ca8

                                                                  SHA1

                                                                  987d044f4b179d409e3066a762ef7dca572411a5

                                                                  SHA256

                                                                  4c0539b89bf0613bf24d96ad92f8fba74e7106860a682b0415c0055d15be3edf

                                                                  SHA512

                                                                  f46851a628765ae086a90044aa05d4748c99b67374ffff49cda109f4a84fc4da11183ea696c7f94b885127a37aee7b742e337b9efbd26ca0926a2477b5b4a5e2

                                                                  Download Submit

                                                                • C:\Windows\Temp\InstallUtil.log
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  67a9d307e676ec067345f0b4cbdcf62b

                                                                  SHA1

                                                                  19473bae69c24e02a0f9d82d3e0163153247aa25

                                                                  SHA256

                                                                  94cbbc48bed5406eb5572de7fb9d7c3abd7d48740741fe52cf164d195849efc9

                                                                  SHA512

                                                                  7ad178f1526f9805b92cfae97a8b2117021b0a376fe8b3664f082b9d7897c83466e222a0dc76f07e2385d26180f5bb0719d5e9cc3a8e8706ca79fdfc8c250454

                                                                  Download Submit

                                                                • C:\Windows\Temp\InstallUtil.log
                                                                  Filesize

                                                                  976B

                                                                  MD5

                                                                  edcf2d404e178f54c2e1c98cb7c591f2

                                                                  SHA1

                                                                  848af94556956597cb9e31cf2026478ae3b6ef92

                                                                  SHA256

                                                                  1390a54aa72054b7606b69682a747e269b2637d2d63f76b9bca0b591dc7fd125

                                                                  SHA512

                                                                  6edb2495e6670e711414a24b8ba0ed7a11d2c3a0605c851b3b516b2efb22ee42e13579204acdd129a8b1abe0ee4383f6e01340f3493becf2c1f6f479402b667d

                                                                  Download Submit

                                                                • C:\Windows\Temp\InstallUtil.log
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  4547b5a15975af7eef08521cf0e0443d

                                                                  SHA1

                                                                  84dae0b2423f0777a4bed6b889446f7ad7e3215d

                                                                  SHA256

                                                                  6144270b17daabe708bdc1e1abfad00817badea4fa6a78a5a926fafe799b22a9

                                                                  SHA512

                                                                  8b35b40851154685ac17d758ca69fc4b67b4edb1b9da6020212bfd2333201642e090c9fc87f836a40060c99de7e795fcc78dfe03d56e1a09b82dd2ae23202d18

                                                                  Download Submit

                                                                • C:\Windows\Temp\__PSScriptPolicyTest_xl3oekel.dgv.ps1
                                                                  Filesize

                                                                  60B

                                                                  MD5

                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                  SHA1

                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                  SHA256

                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                  SHA512

                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                  Download Submit

                                                                • C:\Windows\Temp\unpack.log
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  c31b947132bb04d5d55292aa8b3ce7fa

                                                                  SHA1

                                                                  e9e2174760e6fa1379b7e59dd782b38284f08afa

                                                                  SHA256

                                                                  ce18b5c9a4fb5e12077044a7aaf05df11c00282a62a0894dd866da55d9ca7f44

                                                                  SHA512

                                                                  67f96ced6219266e8827d2cf8fbd8cacf2f0ceb78bb1819d1553d68b8f50f701b1ee70f173985e5595923f8fab27983e7fe92d87cfabf471abff874ab9329f6f

                                                                  Download Submit

                                                                • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                  Filesize

                                                                  3.2MB

                                                                  MD5

                                                                  2c18826adf72365827f780b2a1d5ea75

                                                                  SHA1

                                                                  a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                  SHA256

                                                                  ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                  SHA512

                                                                  474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                  Download Submit

                                                                • C:\Windows\Temp\{08073E56-4772-48DB-AAC9-A6C43DB79FBB}\.ba\bg.png
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                  SHA1

                                                                  eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                  SHA256

                                                                  9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                  SHA512

                                                                  9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                  Download Submit

                                                                • C:\Windows\Temp\{08073E56-4772-48DB-AAC9-A6C43DB79FBB}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                  Filesize

                                                                  607KB

                                                                  MD5

                                                                  669de3ab32955e69decfe13a3c89891e

                                                                  SHA1

                                                                  ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                  SHA256

                                                                  2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                  SHA512

                                                                  be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                  Download Submit

                                                                • C:\Windows\Temp\{5423116A-96A3-438A-8DF7-735158157FFA}\ISRT.dll
                                                                  Filesize

                                                                  427KB

                                                                  MD5

                                                                  85315ad538fa5af8162f1cd2fce1c99d

                                                                  SHA1

                                                                  31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                  SHA256

                                                                  70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                  SHA512

                                                                  877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                  Download Submit

                                                                • C:\Windows\Temp\{5423116A-96A3-438A-8DF7-735158157FFA}\_isres_0x0409.dll
                                                                  Filesize

                                                                  1.8MB

                                                                  MD5

                                                                  befe2ef369d12f83c72c5f2f7069dd87

                                                                  SHA1

                                                                  b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                  SHA256

                                                                  9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                  SHA512

                                                                  760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                  Download Submit

                                                                • C:\Windows\Temp\{C20E03CE-B353-4196-83C3-344CCA53483C}\IsConfig.ini
                                                                  Filesize

                                                                  571B

                                                                  MD5

                                                                  d239b8964e37974225ad69d78a0a8275

                                                                  SHA1

                                                                  cf208e98a6f11d1807cd84ca61504ad783471679

                                                                  SHA256

                                                                  0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                  SHA512

                                                                  88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                  Download Submit

                                                                • C:\Windows\Temp\{C20E03CE-B353-4196-83C3-344CCA53483C}\String1033.txt
                                                                  Filesize

                                                                  182KB

                                                                  MD5

                                                                  99bbffd900115fe8672c73fb1a48a604

                                                                  SHA1

                                                                  8f587395fa6b954affef337c70781ce00913950e

                                                                  SHA256

                                                                  57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                  SHA512

                                                                  d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                  Download Submit

                                                                • C:\Windows\Temp\{C20E03CE-B353-4196-83C3-344CCA53483C}\_is66B5.exe
                                                                  Filesize

                                                                  179KB

                                                                  MD5

                                                                  7a1c100df8065815dc34c05abc0c13de

                                                                  SHA1

                                                                  3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                  SHA256

                                                                  e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                  SHA512

                                                                  bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                  Download Submit

                                                                • C:\Windows\Temp\{C20E03CE-B353-4196-83C3-344CCA53483C}\setup.inx
                                                                  Filesize

                                                                  345KB

                                                                  MD5

                                                                  0376dd5b7e37985ea50e693dc212094c

                                                                  SHA1

                                                                  02859394164c33924907b85ab0aaddc628c31bf1

                                                                  SHA256

                                                                  c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                  SHA512

                                                                  69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                  Download Submit

                                                                • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                  Filesize

                                                                  412B

                                                                  MD5

                                                                  b8cc1cd5112dc1e932153cbaa0d18876

                                                                  SHA1

                                                                  1472f44373493810384b82f0e4716c0b2b9b08e0

                                                                  SHA256

                                                                  cd0beb60edd2effda099552213239e43291f4498e4e85d356e50a23e74f09ec6

                                                                  SHA512

                                                                  b53b51c978a3f7523e52ecac141fb4f01a0b4df71bcbfc4f142e8c7639308cbedceb95c93fbde87ba2c5a42997947db61d5529b07b39758ca32a0d932377d001

                                                                  Download Submit

                                                                • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                  Filesize

                                                                  24.1MB

                                                                  MD5

                                                                  5728574f15c2f6cc1b80527d5b5a97db

                                                                  SHA1

                                                                  71249a77bc64bb6ae73ee550e40722b676e04c32

                                                                  SHA256

                                                                  08f869ecb2fe5187f4d9e264a887d63ed32d2eb7cbbbf8cdf96e833c4c18796b

                                                                  SHA512

                                                                  dd056a193ff5d028ff9d0b39f7a2b70c8d105d613dcb0af2bfb8576f2da16132f109ba36ff43415241a57ad9c9d30f3a5690b6b9e2e5906b09b2705cedeb0b97

                                                                  Download Submit

                                                                • \??\Volume{24b92e62-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{57aef8f3-2aec-42e7-a10b-5d755b1774af}_OnDiskSnapshotProp
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  f74b1e064cdcffd1ac334bf851ae0817

                                                                  SHA1

                                                                  68cc5b29938930750208fb158b497b9849954b22

                                                                  SHA256

                                                                  2d43c8c305f3db0e2d1ccaa3576091c563a1f7ef2deebfbf90bf093ee0c571d5

                                                                  SHA512

                                                                  e60bd4cf6f17a8afca6721ee2885e1c51338ec08513c55862cc82559bfd63067e9fed5e52d0714af2f717090d91a47af05480c661974f63612f9db9851079928

                                                                  Download Submit

                                                                • memory/412-376-0x00000197ABB40000-0x00000197ABB4A000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                  Download

                                                                • memory/412-374-0x00000197C4430000-0x00000197C4478000-memory.dmp

                                                                  Filesize

                                                                  288KB

                                                                  Download

                                                                • memory/412-370-0x00000197AB230000-0x00000197AB296000-memory.dmp

                                                                  Filesize

                                                                  408KB

                                                                  Download

                                                                • memory/412-371-0x00000197ABAF0000-0x00000197ABB3A000-memory.dmp

                                                                  Filesize

                                                                  296KB

                                                                  Download

                                                                • memory/412-372-0x00000197AB640000-0x00000197AB65C000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/412-373-0x00000197C43E0000-0x00000197C442C000-memory.dmp

                                                                  Filesize

                                                                  304KB

                                                                  Download

                                                                • memory/412-379-0x00000197ABBF0000-0x00000197ABBF8000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/412-375-0x00000197AB660000-0x00000197AB668000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/412-378-0x00000197C4760000-0x00000197C4812000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/412-380-0x00000197C4480000-0x00000197C4488000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/412-377-0x00000197C4680000-0x00000197C475C000-memory.dmp

                                                                  Filesize

                                                                  880KB

                                                                  Download

                                                                • memory/2012-44-0x0000000004840000-0x000000000484C000-memory.dmp

                                                                  Filesize

                                                                  48KB

                                                                  Download

                                                                • memory/2012-39-0x0000000004800000-0x000000000482E000-memory.dmp

                                                                  Filesize

                                                                  184KB

                                                                  Download

                                                                • memory/2904-1467-0x00000284799E0000-0x00000284799EC000-memory.dmp

                                                                  Filesize

                                                                  48KB

                                                                  Download

                                                                • memory/2904-1552-0x000002847A220000-0x000002847A238000-memory.dmp

                                                                  Filesize

                                                                  96KB

                                                                  Download

                                                                • memory/2904-1594-0x000002847A240000-0x000002847A260000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/2904-1593-0x000002847ABC0000-0x000002847AC72000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/3144-207-0x000002062BC10000-0x000002062BC32000-memory.dmp

                                                                  Filesize

                                                                  136KB

                                                                  Download

                                                                • memory/3144-195-0x0000020644650000-0x0000020644702000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/3144-243-0x0000020644B50000-0x0000020644B88000-memory.dmp

                                                                  Filesize

                                                                  224KB

                                                                  Download

                                                                • memory/3212-1923-0x0000029718040000-0x0000029718066000-memory.dmp

                                                                  Filesize

                                                                  152KB

                                                                  Download

                                                                • memory/3392-288-0x0000013044750000-0x0000013044802000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/3392-290-0x000001302B980000-0x000001302B9A0000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/3392-285-0x000001302B550000-0x000001302B592000-memory.dmp

                                                                  Filesize

                                                                  264KB

                                                                  Download

                                                                • memory/3572-889-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/3572-892-0x0000000002E00000-0x0000000002FC7000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3572-467-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/3572-501-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/3572-1074-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/3572-1146-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/3572-470-0x0000000002DC0000-0x0000000002F87000-memory.dmp

                                                                  Filesize

                                                                  1.8MB

                                                                  Download

                                                                • memory/3584-112-0x00000000046B0000-0x0000000004716000-memory.dmp

                                                                  Filesize

                                                                  408KB

                                                                  Download

                                                                • memory/3748-1879-0x00000164E0D10000-0x00000164E0D2C000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/3748-1871-0x00000164E0950000-0x00000164E0962000-memory.dmp

                                                                  Filesize

                                                                  72KB

                                                                  Download

                                                                • memory/3748-1912-0x00000164F9BB0000-0x00000164F9C62000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/3948-1591-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/3948-1215-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/3948-1589-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/3948-1214-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/4168-1590-0x0000026C9E3D0000-0x0000026C9E3E0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/4168-1592-0x0000026C9EC60000-0x0000026C9ECAA000-memory.dmp

                                                                  Filesize

                                                                  296KB

                                                                  Download

                                                                • memory/4168-1831-0x0000026CB77B0000-0x0000026CB788C000-memory.dmp

                                                                  Filesize

                                                                  880KB

                                                                  Download

                                                                • memory/4168-1672-0x0000026C9EC10000-0x0000026C9EC2C000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/4168-1900-0x0000026CB7890000-0x0000026CB7942000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/4168-1918-0x0000026C9EC40000-0x0000026C9EC48000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/4568-1019-0x000002A744760000-0x000002A744786000-memory.dmp

                                                                  Filesize

                                                                  152KB

                                                                  Download

                                                                • memory/4568-1018-0x000002A744A70000-0x000002A744AAA000-memory.dmp

                                                                  Filesize

                                                                  232KB

                                                                  Download

                                                                • memory/4568-1015-0x000002A744790000-0x000002A7447BA000-memory.dmp

                                                                  Filesize

                                                                  168KB

                                                                  Download

                                                                • memory/4568-1010-0x000002A744750000-0x000002A744758000-memory.dmp

                                                                  Filesize

                                                                  32KB

                                                                  Download

                                                                • memory/4568-1011-0x000002A7449C0000-0x000002A744A28000-memory.dmp

                                                                  Filesize

                                                                  416KB

                                                                  Download

                                                                • memory/4604-313-0x0000024A94580000-0x0000024A94596000-memory.dmp

                                                                  Filesize

                                                                  88KB

                                                                  Download

                                                                • memory/4604-315-0x0000024A94DE0000-0x0000024A94DFC000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/4604-314-0x0000024AAD760000-0x0000024AAD812000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/4708-78-0x00000000047B0000-0x0000000004862000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/4708-81-0x0000000004720000-0x0000000004742000-memory.dmp

                                                                  Filesize

                                                                  136KB

                                                                  Download

                                                                • memory/4708-82-0x00000000048A0000-0x0000000004BF4000-memory.dmp

                                                                  Filesize

                                                                  3.3MB

                                                                  Download

                                                                • memory/4748-167-0x000001D041530000-0x000001D04156C000-memory.dmp

                                                                  Filesize

                                                                  240KB

                                                                  Download

                                                                • memory/4748-166-0x000001D028CB0000-0x000001D028CC2000-memory.dmp

                                                                  Filesize

                                                                  72KB

                                                                  Download

                                                                • memory/4748-150-0x000001D026FB0000-0x000001D026FD8000-memory.dmp

                                                                  Filesize

                                                                  160KB

                                                                  Download

                                                                • memory/4748-162-0x000001D0415D0000-0x000001D041668000-memory.dmp

                                                                  Filesize

                                                                  608KB

                                                                  Download

                                                                • memory/5340-1926-0x0000027F9AF30000-0x0000027F9AF48000-memory.dmp

                                                                  Filesize

                                                                  96KB

                                                                  Download

                                                                • memory/5340-1917-0x0000027F9A690000-0x0000027F9A6C8000-memory.dmp

                                                                  Filesize

                                                                  224KB

                                                                  Download

                                                                • memory/5340-1920-0x0000027F9B090000-0x0000027F9B0DA000-memory.dmp

                                                                  Filesize

                                                                  296KB

                                                                  Download

                                                                • memory/5340-1928-0x0000027FB3830000-0x0000027FB387A000-memory.dmp

                                                                  Filesize

                                                                  296KB

                                                                  Download

                                                                • memory/5340-1927-0x0000027F9AF10000-0x0000027F9AF1A000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                  Download

                                                                • memory/5340-1925-0x0000027F9AEF0000-0x0000027F9AF0C000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/5340-1935-0x0000027FB3B00000-0x0000027FB3BDC000-memory.dmp

                                                                  Filesize

                                                                  880KB

                                                                  Download

                                                                • memory/5504-1932-0x000002A075930000-0x000002A075A0C000-memory.dmp

                                                                  Filesize

                                                                  880KB

                                                                  Download

                                                                • memory/5504-1931-0x000002A075790000-0x000002A075842000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/5504-1919-0x000002A05CCA0000-0x000002A05CCBC000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/5504-1936-0x000002A05CD70000-0x000002A05CD8A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                  Download

                                                                • memory/5504-1909-0x000002A05C450000-0x000002A05C462000-memory.dmp

                                                                  Filesize

                                                                  72KB

                                                                  Download

                                                                • memory/5504-1915-0x000002A05CD00000-0x000002A05CD4A000-memory.dmp

                                                                  Filesize

                                                                  296KB

                                                                  Download

                                                                • memory/5572-1212-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/5572-1211-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/5572-2433-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/5572-3370-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/5572-1286-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/5572-1285-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/5572-3369-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/5572-2434-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/5752-1632-0x00000244BB7A0000-0x00000244BB806000-memory.dmp

                                                                  Filesize

                                                                  408KB

                                                                  Download

                                                                • memory/5752-1457-0x00000244BAE30000-0x00000244BAEE2000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/5752-1447-0x00000244A2050000-0x00000244A2070000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/5752-1735-0x00000244A2070000-0x00000244A2084000-memory.dmp

                                                                  Filesize

                                                                  80KB

                                                                  Download

                                                                • memory/5752-1446-0x00000244A1C80000-0x00000244A1C90000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/5968-1913-0x0000025E69FF0000-0x0000025E69FFA000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                  Download

                                                                • memory/5968-1914-0x0000025E6A940000-0x0000025E6A95A000-memory.dmp

                                                                  Filesize

                                                                  104KB

                                                                  Download

                                                                • memory/5968-1924-0x0000025E6B1C0000-0x0000025E6B272000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/5968-1933-0x0000025E6B7B0000-0x0000025E6BCD8000-memory.dmp

                                                                  Filesize

                                                                  5.2MB

                                                                  Download

                                                                • memory/6008-1498-0x0000014A12380000-0x0000014A123BA000-memory.dmp

                                                                  Filesize

                                                                  232KB

                                                                  Download

                                                                • memory/6008-1902-0x0000014A12C70000-0x0000014A12C8C000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/6008-1910-0x0000014A2B4C0000-0x0000014A2B508000-memory.dmp

                                                                  Filesize

                                                                  288KB

                                                                  Download

                                                                • memory/6008-1901-0x0000014A2B5E0000-0x0000014A2B692000-memory.dmp

                                                                  Filesize

                                                                  712KB

                                                                  Download

                                                                • memory/6040-1934-0x000001CA7E880000-0x000001CA7E95C000-memory.dmp

                                                                  Filesize

                                                                  880KB

                                                                  Download

                                                                • memory/6040-1916-0x000001CA65730000-0x000001CA6577A000-memory.dmp

                                                                  Filesize

                                                                  296KB

                                                                  Download

                                                                • memory/6040-1930-0x000001CA7E6F0000-0x000001CA7E7A0000-memory.dmp

                                                                  Filesize

                                                                  704KB

                                                                  Download

                                                                • memory/6040-1921-0x000001CA65700000-0x000001CA6571C000-memory.dmp

                                                                  Filesize

                                                                  112KB

                                                                  Download

                                                                • memory/6040-1911-0x000001CA65330000-0x000001CA6533C000-memory.dmp

                                                                  Filesize

                                                                  48KB

                                                                  Download

                                                                • memory/6112-2090-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/6112-2089-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/6112-1277-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/6112-1588-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/6112-1200-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/6112-1278-0x0000000072300000-0x00000000726CD000-memory.dmp

                                                                  Filesize

                                                                  3.8MB

                                                                  Download

                                                                • memory/6112-1587-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download

                                                                • memory/6112-1199-0x00000000726D0000-0x00000000727EC000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                  Download