Overview

overview

10

Static

static

10

RQ-5218.msi

windows7-x64

10

RQ-5218.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2025, 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RQ-5218.msi

  • Size

    2.9MB

  • MD5

    33e1da237802bdc69ea7326799ec8c44

  • SHA1

    a8f2348282fc248a334783484c57fc48c195f8cd

  • SHA256

    cf13f22012ec3a6f27a878c417a4ca60fbe56a90069748d2ffc59f264e5451cd

  • SHA512

    1e87d57b25bbb934aa9570577f778a370ce6b340514792de5015d2c00eca56848b707481fc234d508d8b4c2cdcd3f62e03f1d0c933feba0dedbc7278ded823b0

  • SSDEEP

    49152:2+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:2+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 11 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 7 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\RQ-5218.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4868
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4020
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 6CBF0DB2D31AECE5F2BBCA00F386A49A
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:880
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIE9D3.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240642718 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:5048
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIED5E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240643437 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2852
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIFF32.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240648000 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3972
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSID12.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240651546 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2280
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 043C68B94DC8D8BD9F2B4AA63A9BD1BF E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:736
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1600
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4184
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000QWCvNIAX" /AgentId="62b5595c-df35-448c-b909-6882d8f81349"
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:4748
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 75E94E215479B66174E643F2D776ECD1 E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:5820
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F61A04B2-10D8-4C72-85ED-F22529E7576A}
        3⤵
        • Executes dropped EXE
        PID:5240
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D0ADC39-6456-4ED0-8D57-5EBCFD117038}
        3⤵
        • Executes dropped EXE
        PID:5288
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AA1D4458-B3AC-41BB-A3C0-4873D9842AB2}
        3⤵
        • Executes dropped EXE
        PID:5304
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5ABCFDD9-22DB-40FF-89F8-E7A3DA0DDE20}
        3⤵
        • Executes dropped EXE
        PID:5324
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4C293CF1-4539-42A1-9565-DC492CE83FC3}
        3⤵
        • Executes dropped EXE
        PID:5388
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{771E707A-2313-463A-9C02-8D341226C2D5}
        3⤵
        • Executes dropped EXE
        PID:5484
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{26329D97-E0B1-4DA3-A348-65C0CDFB50EE}
        3⤵
        • Executes dropped EXE
        PID:5528
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1333ACE5-1564-481D-971E-A9DED9BFDCC9}
        3⤵
        • Executes dropped EXE
        PID:5572
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8A110A09-F195-4B38-8FF9-8D0014DDE20D}
        3⤵
        • Executes dropped EXE
        PID:5620
      • C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe
        C:\Windows\TEMP\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_is5995.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E651DBEC-B58B-4389-A295-D45FA6235193}
        3⤵
        • Executes dropped EXE
        PID:5652
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5724
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2808
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2212
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3984
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5868
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5916
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5948
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:6004
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:6032
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5768
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:6140
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5432
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5680
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5224
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5284
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5352
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5304
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5392
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5436
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5480
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D3C2613F-0FCB-4F1F-9445-B071AE36467F}
        3⤵
        • Executes dropped EXE
        PID:5704
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ACBBD8F5-B20F-4B9E-8E13-9B05EB4A52A1}
        3⤵
        • Executes dropped EXE
        PID:5848
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C1F31F7B-C460-49BD-AB43-AAC47D94D953}
        3⤵
        • Executes dropped EXE
        PID:5140
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C59CBB68-157C-4506-BE44-201D4C72A632}
        3⤵
        • Executes dropped EXE
        PID:3984
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DB8285D1-5D58-4D94-8AF4-494D4277D342}
        3⤵
        • Executes dropped EXE
        PID:5180
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9FFD8688-D357-4F4F-99CC-D4CE98AD3E01}
        3⤵
        • Executes dropped EXE
        PID:5900
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A1200754-9F99-4687-A5C3-5F38E52C86CB}
        3⤵
        • Executes dropped EXE
        PID:184
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2639720E-3041-47E2-912F-05A5D91213F3}
        3⤵
        • Executes dropped EXE
        PID:6000
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6CD56D89-D332-4A0A-B66B-E898A17A03DC}
        3⤵
        • Executes dropped EXE
        PID:6044
      • C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
        C:\Windows\TEMP\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{756CA26C-E354-4665-AAB8-C18251FD3997}
        3⤵
        • Executes dropped EXE
        PID:3140
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28FF3B8B-D9BB-4FF7-8C95-D3E91C3976D1}
        3⤵
        • Executes dropped EXE
        PID:1412
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9C558844-8877-4AFD-8637-96E6C6ADDECE}
        3⤵
        • Executes dropped EXE
        PID:1964
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{042EC4E0-24F5-4E4C-ACA6-B385A2E938C4}
        3⤵
        • Executes dropped EXE
        PID:5928
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{527C7E9D-65C7-4D01-9396-C29E058D5801}
        3⤵
        • Executes dropped EXE
        PID:6004
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{03446F6B-6090-4AE9-9702-AF1DFF3F80B1}
        3⤵
        • Executes dropped EXE
        PID:5988
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{11F0E112-6F8B-4FE5-92D5-5FE1ABCEF0CE}
        3⤵
        • Executes dropped EXE
        PID:5768
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{06FAA234-0DBA-44F6-B00E-74A4EC5DBFAB}
        3⤵
        • Executes dropped EXE
        PID:6072
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0099269C-6418-42C2-A8AB-96B006CF5E94}
        3⤵
        • Executes dropped EXE
        PID:6108
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DDD41EF6-75A4-41D0-AE79-4D5B7C75F476}
        3⤵
        • Executes dropped EXE
        PID:5656
      • C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe
        C:\Windows\TEMP\{B48E18A3-B38A-454C-A9A1-A6D43DFC38A4}\_is7C03.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B261C3B-E212-4CBC-85BF-E990E59939C0}
        3⤵
        • Executes dropped EXE
        PID:6124
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:5744
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:5380
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:5624
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:5652
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:1656
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:6128
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A4D704FB-BA52-4910-AC92-14BFF3B85BB5}
            3⤵
            • Executes dropped EXE
            PID:2496
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E18D86EC-45F7-4921-B79F-94008DBEBB6D}
            3⤵
            • Executes dropped EXE
            PID:6116
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A758A21B-FAF1-4884-B747-161A3FBE8405}
            3⤵
            • Executes dropped EXE
            PID:1492
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AE2A5DF0-60EC-490D-BDD6-3E27887E5FC6}
            3⤵
            • Executes dropped EXE
            PID:5332
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{36C302B2-67DE-47A9-AFEC-406FAC2FB2F3}
            3⤵
            • Executes dropped EXE
            PID:5996
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8CAC7918-5E87-4EA2-B34A-218EBEE4BF61}
            3⤵
            • Executes dropped EXE
            PID:5460
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AED42BCC-A8C2-4DDE-9F6E-0A53CAA6A98E}
            3⤵
            • Executes dropped EXE
            PID:5532
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4DC4CD50-5CA3-4117-A9C8-151CE9592462}
            3⤵
            • Executes dropped EXE
            PID:5504
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{00893E9F-2E1B-4E69-973A-CDE069AC80AD}
            3⤵
            • Executes dropped EXE
            PID:5596
          • C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe
            C:\Windows\TEMP\{C16EE345-6F14-47A7-A64F-4B48C14559C9}\_is91B0.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3A40EA84-B6A1-44E7-A0C2-BBEC4526CCD1}
            3⤵
            • Executes dropped EXE
            PID:5732
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:1996
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5CB96C06-963E-4E66-91CE-9D87941D7194}
            3⤵
            • Executes dropped EXE
            PID:2148
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AB19939E-FD34-4877-9CBA-D73A164BCF76}
            3⤵
            • Executes dropped EXE
            PID:5972
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{53FC3614-84BE-41E5-8178-4161AA1672EC}
            3⤵
            • Executes dropped EXE
            PID:4512
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55764A33-B900-47E6-A803-E86E3AF11701}
            3⤵
            • Executes dropped EXE
            PID:2956
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D136F08-8269-4491-8127-620AB1D7E264}
            3⤵
            • Executes dropped EXE
            PID:4472
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8A06CEF0-2DF3-4071-B6A3-CF4AC457E43C}
            3⤵
            • Executes dropped EXE
            PID:5152
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C77CEC83-230D-4AE3-8A1F-7E60E499CAC0}
            3⤵
            • Executes dropped EXE
            PID:5224
          • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
            C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{459F91D2-34B1-444F-AAC5-C674CABA814F}
            3⤵
              PID:5876
            • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
              C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4E3F25C3-9975-43EB-8F54-6A532BD2A766}
              3⤵
                PID:5940
              • C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe
                C:\Windows\TEMP\{693BE35A-4D67-4215-8CF1-3D959E06C335}\_is9981.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0C3A14C0-84D3-4B6D-9B12-68046638B70C}
                3⤵
                  PID:5352
                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:5440
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding E75CF30A9F342636CF4C0898F945CB9B E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5344
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 1AD3A6E74855ADE0A3386BE224ADBEB2 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:2280
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding B64619BA15D140C455EB382FE00874DC E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:5276
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding F5623ED4760A5BB2B0CCBAE174C353F0 E Global\MSI0000
                2⤵
                • System Location Discovery: System Language Discovery
                PID:7132
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSID53.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240717156 484 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                  3⤵
                  • Drops file in System32 directory
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:4980
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSIDE1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240717265 488 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:400
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI10B0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240717968 493 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                  3⤵
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:4692
                • C:\Windows\SysWOW64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:6600
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:6512
                • C:\Windows\SysWOW64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:6284
                • C:\Windows\syswow64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:3240
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:4608
                • C:\Windows\syswow64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:4956
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Windows\Installer\MSI349D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240727156 531 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                  3⤵
                  • Blocklisted process makes network request
                  • Drops file in Windows directory
                  • System Location Discovery: System Language Discovery
                  PID:3896
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                2⤵
                • Drops file in System32 directory
                PID:6260
              • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="2f2d225b-5e35-449d-b2c5-09d5a9ea88f6"
                2⤵
                • Drops file in System32 directory
                • Modifies data under HKEY_USERS
                PID:6576
            • C:\Windows\system32\vssvc.exe
              C:\Windows\system32\vssvc.exe
              1⤵
              • Checks SCSI registry key(s)
              • Suspicious use of AdjustPrivilegeToken
              PID:836
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in System32 directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Modifies system certificate store
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2932
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:3656
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62b5595c-df35-448c-b909-6882d8f81349 "b0d752a2-e95c-498b-8350-958587f18e0b" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QWCvNIAX
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:2424
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62b5595c-df35-448c-b909-6882d8f81349 "150f7da7-6d38-45b7-9b20-683d6dc178b9" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000QWCvNIAX
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:2272
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62b5595c-df35-448c-b909-6882d8f81349 "98d7cdde-dd5d-44b0-add1-f0275ac6776e" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000QWCvNIAX
                2⤵
                • Executes dropped EXE
                PID:2984
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62b5595c-df35-448c-b909-6882d8f81349 "13461064-bd10-4980-a70a-5838c1c31f50" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000QWCvNIAX
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4908
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                  3⤵
                  • Drops file in System32 directory
                  • Command and Scripting Interpreter: PowerShell
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1760
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  3⤵
                  • Suspicious use of WriteProcessMemory
                  PID:1644
                  • C:\Windows\system32\cscript.exe
                    cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    4⤵
                    • Modifies data under HKEY_USERS
                    PID:5048
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 62b5595c-df35-448c-b909-6882d8f81349 "b394e0bc-160b-4717-a9c1-977c1a158c32" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000QWCvNIAX
                2⤵
                • Downloads MZ/PE file
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4476
                • C:\Windows\TEMP\SplashtopStreamer.exe
                  "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                  3⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Modifies data under HKEY_USERS
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:5216
                  • C:\Windows\Temp\unpack\PreVerCheck.exe
                    "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                    4⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:5636
                    • C:\Windows\SysWOW64\msiexec.exe
                      msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                      5⤵
                      • System Location Discovery: System Language Discovery
                      PID:5748
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 62b5595c-df35-448c-b909-6882d8f81349 "5cb848c8-2e85-484d-bff8-560e730c5792" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000QWCvNIAX
                2⤵
                • Executes dropped EXE
                PID:4956
            • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
              "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
              1⤵
              • Drops file in Program Files directory
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2656
              • C:\Windows\System32\sc.exe
                "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                2⤵
                • Launches sc.exe
                PID:4432
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 62b5595c-df35-448c-b909-6882d8f81349 "5cb848c8-2e85-484d-bff8-560e730c5792" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000QWCvNIAX
                2⤵
                • Drops file in System32 directory
                • Executes dropped EXE
                • Loads dropped DLL
                PID:5428
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62b5595c-df35-448c-b909-6882d8f81349 "d241217e-95fb-4a39-8f97-7531a83e2494" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000QWCvNIAX
                2⤵
                • Drops file in Program Files directory
                • Suspicious behavior: EnumeratesProcesses
                PID:448
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                  3⤵
                  • Drops file in System32 directory
                  • Command and Scripting Interpreter: PowerShell
                  • Modifies data under HKEY_USERS
                  PID:3360
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                  3⤵
                    PID:6404
                    • C:\Windows\system32\cscript.exe
                      cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      4⤵
                      • Modifies data under HKEY_USERS
                      PID:6468
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 62b5595c-df35-448c-b909-6882d8f81349 "bbc6f456-2c69-4fd6-a531-8a0746028c6c" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000QWCvNIAX
                  2⤵
                  • Writes to the Master Boot Record (MBR)
                  • Loads dropped DLL
                  • Modifies data under HKEY_USERS
                  PID:3984
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 62b5595c-df35-448c-b909-6882d8f81349 "0fc76f56-cc18-4587-b841-12ab7be96798" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QWCvNIAX
                  2⤵
                    PID:2776
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 62b5595c-df35-448c-b909-6882d8f81349 "7b80e41f-385f-4b20-b70a-6c1c04ad0f23" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000QWCvNIAX
                    2⤵
                    • Drops file in System32 directory
                    • Modifies data under HKEY_USERS
                    • Modifies registry class
                    PID:1364
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 62b5595c-df35-448c-b909-6882d8f81349 "48e53766-4420-41b9-98bf-3e48b76cdf81" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjMubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC4zIn0=" 001Q300000QWCvNIAX
                    2⤵
                    • Drops file in System32 directory
                    PID:5468
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 62b5595c-df35-448c-b909-6882d8f81349 "e21d17a6-53c0-46e6-b1b5-9732494b6a93" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000QWCvNIAX
                    2⤵
                      PID:5716
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 62b5595c-df35-448c-b909-6882d8f81349 "67c292d1-41ae-460f-94c6-46354c16b4f0" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000QWCvNIAX
                      2⤵
                      • Drops file in System32 directory
                      • Modifies data under HKEY_USERS
                      PID:2904
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 62b5595c-df35-448c-b909-6882d8f81349 "4c4f974a-610f-4d66-8ed6-f365c68569df" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000QWCvNIAX
                      2⤵
                      • Drops file in System32 directory
                      PID:5568
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 62b5595c-df35-448c-b909-6882d8f81349 "35da6cfa-545e-48b7-8395-415b39956889" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000QWCvNIAX
                      2⤵
                      • Drops file in System32 directory
                      PID:2644
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 62b5595c-df35-448c-b909-6882d8f81349 "db9edd96-a8e5-405b-8d41-b9fca7f88200" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000QWCvNIAX
                      2⤵
                        PID:5512
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 62b5595c-df35-448c-b909-6882d8f81349 "260d8c8f-007f-4816-974f-4dd258646417" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000QWCvNIAX
                        2⤵
                          PID:4576
                          • C:\Windows\SYSTEM32\msiexec.exe
                            "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                            3⤵
                              PID:6872
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 62b5595c-df35-448c-b909-6882d8f81349 "da0fb324-7eb4-425e-9184-0903bd158337" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000QWCvNIAX
                            2⤵
                            • Downloads MZ/PE file
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            PID:5640
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:5868
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:6360
                            • C:\Program Files\dotnet\dotnet.exe
                              "C:\Program Files\dotnet\dotnet" --list-runtimes
                              3⤵
                              • System Time Discovery
                              PID:6540
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:7008
                              • C:\Windows\Temp\{037AD863-AD84-4078-A93C-FE99C56AA3A5}\.cr\8-0-11.exe
                                "C:\Windows\Temp\{037AD863-AD84-4078-A93C-FE99C56AA3A5}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=720 -burn.filehandle.self=724 /repair /quiet /norestart
                                4⤵
                                • System Time Discovery
                                PID:7100
                                • C:\Windows\Temp\{4B8F85D9-5290-4B3E-83F2-798FBEF61832}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                  "C:\Windows\Temp\{4B8F85D9-5290-4B3E-83F2-798FBEF61832}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{0C546386-5219-400D-8A4F-3AC8144AA16A} {70173D63-957B-4CD1-9698-EE6E70168EC1} 7100
                                  5⤵
                                  • Adds Run key to start application
                                  • System Location Discovery: System Language Discovery
                                  • System Time Discovery
                                  • Modifies registry class
                                  PID:6324
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:7036
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:7068
                            • C:\Windows\SYSTEM32\cmd.exe
                              "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                              3⤵
                              • System Time Discovery
                              PID:1372
                              • C:\Program Files\dotnet\dotnet.exe
                                dotnet --list-runtimes
                                4⤵
                                • System Time Discovery
                                PID:5696
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 62b5595c-df35-448c-b909-6882d8f81349 "c35da2f0-e1f1-40db-b00e-de3ad72e8020" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000QWCvNIAX
                            2⤵
                              PID:5344
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 62b5595c-df35-448c-b909-6882d8f81349 "90996a48-137e-4e9a-938c-4b56962a1edd" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000QWCvNIAX
                              2⤵
                                PID:5352
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 62b5595c-df35-448c-b909-6882d8f81349 "822060b2-6a89-43b3-83ff-32911726a918" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000QWCvNIAX
                                2⤵
                                  PID:6820
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=919993ea773983306ccaf7e5e16ceda7&rmm_session_pwd_ttl=86400"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:6968
                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                1⤵
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5500
                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                  2⤵
                                  • Drops file in Program Files directory
                                  • Loads dropped DLL
                                  • System Location Discovery: System Language Discovery
                                  • Modifies data under HKEY_USERS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5728
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                    -h
                                    3⤵
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SetWindowsHookEx
                                    PID:6096
                                  • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                    "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:5748
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                      4⤵
                                        PID:6064
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:5732
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:5556
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                        SRUtility.exe -r
                                        4⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:4728
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Modifies data under HKEY_USERS
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4000
                                      • C:\Windows\System32\cmd.exe
                                        "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                        4⤵
                                          PID:924
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c ver
                                            5⤵
                                              PID:6248
                                            • C:\Windows\system32\sc.exe
                                              sc query ddmgr
                                              5⤵
                                              • Launches sc.exe
                                              PID:6172
                                            • C:\Windows\system32\sc.exe
                                              sc query lci_proxykmd
                                              5⤵
                                              • Launches sc.exe
                                              PID:6412
                                            • C:\Windows\system32\rundll32.exe
                                              rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                              5⤵
                                              • Drops file in System32 directory
                                              • Drops file in Windows directory
                                              • Checks SCSI registry key(s)
                                              • Modifies data under HKEY_USERS
                                              PID:6476
                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                      "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                      1⤵
                                      • Drops file in Program Files directory
                                      • Modifies data under HKEY_USERS
                                      PID:5536
                                      • C:\Windows\System32\sc.exe
                                        "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                        2⤵
                                        • Launches sc.exe
                                        PID:6388
                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" 62b5595c-df35-448c-b909-6882d8f81349 "a0999ff9-8666-4a37-a703-c33f116eb345" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjMubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC4zIn0=" 001Q300000QWCvNIAX
                                        2⤵
                                          PID:3196
                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" 62b5595c-df35-448c-b909-6882d8f81349 "67c96516-3fe5-413c-875e-ff8b1e7fef02" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000QWCvNIAX
                                          2⤵
                                            PID:5756
                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" 62b5595c-df35-448c-b909-6882d8f81349 "fb071619-8495-4956-a196-7ebbecc90b3b" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000QWCvNIAX
                                            2⤵
                                              PID:5660
                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" 62b5595c-df35-448c-b909-6882d8f81349 "14a334fb-a1f8-4ace-a1c5-da39cc1d92e5" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000QWCvNIAX
                                              2⤵
                                                PID:3092
                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 62b5595c-df35-448c-b909-6882d8f81349 "0465c8b3-4134-454e-a65e-66d1ef3f1d0f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000QWCvNIAX
                                                2⤵
                                                  PID:7144
                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                    3⤵
                                                    • Command and Scripting Interpreter: PowerShell
                                                    • Modifies data under HKEY_USERS
                                                    PID:4608
                                                  • C:\Windows\System32\cmd.exe
                                                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                    3⤵
                                                      PID:1116
                                                      • C:\Windows\system32\cscript.exe
                                                        cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                        4⤵
                                                          PID:4828
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" 62b5595c-df35-448c-b909-6882d8f81349 "75b7b400-8ad1-4a8d-8d25-89b8ea247ed4" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000QWCvNIAX
                                                      2⤵
                                                        PID:4908
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" 62b5595c-df35-448c-b909-6882d8f81349 "4a5b5e3d-5950-4dea-92aa-2dd97206cf58" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000QWCvNIAX
                                                        2⤵
                                                          PID:3400
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" 62b5595c-df35-448c-b909-6882d8f81349 "81014ad2-a961-46da-9939-5e59703e12e9" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000QWCvNIAX
                                                          2⤵
                                                            PID:5004
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 62b5595c-df35-448c-b909-6882d8f81349 "911cd393-969a-40cc-8e5f-97d704377714" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000QWCvNIAX
                                                            2⤵
                                                              PID:1092
                                                              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=919993ea773983306ccaf7e5e16ceda7&rmm_session_pwd_ttl=86400"
                                                                3⤵
                                                                • System Location Discovery: System Language Discovery
                                                                PID:4344
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" 62b5595c-df35-448c-b909-6882d8f81349 "a13eb0cd-1366-4ed6-8c69-79e3f020ad9d" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000QWCvNIAX
                                                              2⤵
                                                                PID:6708
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" 62b5595c-df35-448c-b909-6882d8f81349 "92444c33-e2d4-4e45-800e-0ea186f15f6e" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000QWCvNIAX
                                                                2⤵
                                                                  PID:6176
                                                                  • C:\Windows\SYSTEM32\cmd.exe
                                                                    "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                    3⤵
                                                                    • System Time Discovery
                                                                    PID:7164
                                                                    • C:\Program Files\dotnet\dotnet.exe
                                                                      dotnet --list-runtimes
                                                                      4⤵
                                                                      • System Time Discovery
                                                                      PID:6468
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" 62b5595c-df35-448c-b909-6882d8f81349 "6fa5dc0d-c9f7-43d6-9971-a0808b937ce0" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000QWCvNIAX
                                                                  2⤵
                                                                    PID:3348
                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 62b5595c-df35-448c-b909-6882d8f81349 "2d5a0880-7e46-4a63-94fe-fa03d1ab896e" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000QWCvNIAX
                                                                    2⤵
                                                                      PID:6232
                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" 62b5595c-df35-448c-b909-6882d8f81349 "84af759c-4bc2-4071-a952-011dafeb011f" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000QWCvNIAX
                                                                      2⤵
                                                                        PID:7104
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                      1⤵
                                                                      • Drops file in Windows directory
                                                                      • Checks SCSI registry key(s)
                                                                      PID:6492
                                                                      • C:\Windows\system32\DrvInst.exe
                                                                        DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "0000000000000160" "WinSta0\Default" "0000000000000170" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                                        2⤵
                                                                        • Drops file in System32 directory
                                                                        • Checks SCSI registry key(s)
                                                                        • Modifies data under HKEY_USERS
                                                                        PID:1504
                                                                      • C:\Windows\system32\DrvInst.exe
                                                                        DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000170" "WinSta0\Default" "00000000000000EC" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                                        2⤵
                                                                        • Drops file in System32 directory
                                                                        • Drops file in Windows directory
                                                                        • Checks SCSI registry key(s)
                                                                        • Modifies data under HKEY_USERS
                                                                        PID:4812
                                                                      • C:\Windows\system32\DrvInst.exe
                                                                        DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000104"
                                                                        2⤵
                                                                        • Drops file in Drivers directory
                                                                        • Drops file in System32 directory
                                                                        • Checks SCSI registry key(s)
                                                                        PID:2244
                                                                      • C:\Windows\system32\DrvInst.exe
                                                                        DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                                        2⤵
                                                                        • Drops file in Drivers directory
                                                                        • Checks SCSI registry key(s)
                                                                        PID:4184

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v15

                                                                    Reconnaissance

                                                                    Resource Development

                                                                    Initial Access

                                                                    Execution

                                                                    Command and Scripting Interpreter

                                                                    1
                                                                    T1059

                                                                    PowerShell

                                                                    1
                                                                    T1059.001

                                                                    Persistence

                                                                    Boot or Logon Autostart Execution

                                                                    1
                                                                    T1547

                                                                    Registry Run Keys / Startup Folder

                                                                    1
                                                                    T1547.001

                                                                    Event Triggered Execution

                                                                    2
                                                                    T1546

                                                                    Component Object Model Hijacking

                                                                    1
                                                                    T1546.015

                                                                    Installer Packages

                                                                    1
                                                                    T1546.016

                                                                    Pre-OS Boot

                                                                    1
                                                                    T1542

                                                                    Bootkit

                                                                    1
                                                                    T1542.003

                                                                    Privilege Escalation

                                                                    Boot or Logon Autostart Execution

                                                                    1
                                                                    T1547

                                                                    Registry Run Keys / Startup Folder

                                                                    1
                                                                    T1547.001

                                                                    Event Triggered Execution

                                                                    2
                                                                    T1546

                                                                    Component Object Model Hijacking

                                                                    1
                                                                    T1546.015

                                                                    Installer Packages

                                                                    1
                                                                    T1546.016

                                                                    Defense Evasion

                                                                    Modify Registry

                                                                    2
                                                                    T1112

                                                                    Pre-OS Boot

                                                                    1
                                                                    T1542

                                                                    Bootkit

                                                                    1
                                                                    T1542.003

                                                                    Subvert Trust Controls

                                                                    1
                                                                    T1553

                                                                    Install Root Certificate

                                                                    1
                                                                    T1553.004

                                                                    System Binary Proxy Execution

                                                                    1
                                                                    T1218

                                                                    Msiexec

                                                                    1
                                                                    T1218.007

                                                                    Credential Access

                                                                    Discovery

                                                                    Peripheral Device Discovery

                                                                    2
                                                                    T1120

                                                                    Query Registry

                                                                    4
                                                                    T1012

                                                                    System Information Discovery

                                                                    3
                                                                    T1082

                                                                    System Location Discovery

                                                                    1
                                                                    T1614

                                                                    System Language Discovery

                                                                    1
                                                                    T1614.001

                                                                    System Time Discovery

                                                                    1
                                                                    T1124

                                                                    Lateral Movement

                                                                    Collection

                                                                    Command and Control

                                                                    Exfiltration

                                                                    Impact

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Config.Msi\e57e948.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      874190b8ab05c23d4f497b68e9e0c35a

                                                                      SHA1

                                                                      26b52c62ee99a562b7bffb0636ff3fef5ea022ea

                                                                      SHA256

                                                                      9c37a18ec7b7aaaedbb8e53fc0ee568cee2481233231ad926b345cd7ce4589e3

                                                                      SHA512

                                                                      e46354c0a64f1d6782a78a29e6478533f5f433c9c58925a9cbe9ef33737b7a10fa408a921b82f57bdfd4e97836a015e77bbc15ac617dae2e54f4dfd2480f1400

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e94d.rbs
                                                                      Filesize

                                                                      74KB

                                                                      MD5

                                                                      a39f2974d1622ed4498a658decae97f4

                                                                      SHA1

                                                                      a876366e60244511834c4c5e012d0832462c29ab

                                                                      SHA256

                                                                      90c4e61e31ca3a69d1050631e93c154d1d948717d2e279b43cb39e1103a32b55

                                                                      SHA512

                                                                      d43e3fe27107eb09e9c1477a7aa94b3939da3ccdea8251b12325f615f0fd3ebe84cb978442e5373431b9dc26e88944f366383ac66ef6b203b5e9087280ed97e6

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e94f.rbs
                                                                      Filesize

                                                                      464B

                                                                      MD5

                                                                      c1a8dfdeb386eda14818a951a61536de

                                                                      SHA1

                                                                      6932da36fcd9fb95e2c9a4ac3e3c06c4840533f0

                                                                      SHA256

                                                                      6af7808590bc7027a625cde321ecac696777738585cb4c005135f2a4fa1209a1

                                                                      SHA512

                                                                      e588f223c1420714d50755fd964a2dfdf847540ec7ab940431a1d197c6550d4bbf6cdb9b833e7adba3ea6eb8f8d535a494c64a5ece4cd8237c10552b08ecc376

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e953.rbs
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      b4ac6c6da633d2b4dd6e8c36e3d077f6

                                                                      SHA1

                                                                      de2e674ed144828cecdf5d3a9cc2a1de62649e19

                                                                      SHA256

                                                                      5fbd97bbf99c0c1d565cc2b93d8ca820b65bbf436f08d0b9245ebe074d36ba43

                                                                      SHA512

                                                                      d1767cefa8aee26a51b1d1d40dffc0b73212c6bc286906a68fe263d9bffb382bf4a9bbd674fd777df96b6f1683beeb0beb1e67b2afbffe83ccc942843fa7b694

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e958.rbs
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      f8a59c95bdbc905b2091b77ecbba98c4

                                                                      SHA1

                                                                      5a2d2e1bd1121150ee168ceb86af7f1a6157517c

                                                                      SHA256

                                                                      26adb43d142c9621019b5175c5fe42a8ea445a466ed6b1b29d30d0e468b875fb

                                                                      SHA512

                                                                      69b66e6c0ad0c14a223d3e74cda9ea3699d3969fb3b89203c004f533866d7eb200922dd047067b52a1a4ab10c618b432bea1d54896abee0bd5a01e7650c4fff9

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e95d.rbs
                                                                      Filesize

                                                                      11KB

                                                                      MD5

                                                                      2f4153cb945235e0edd5149e89d789d6

                                                                      SHA1

                                                                      24e97f0d8e7d0cbf04990fcbd0b9a33d2cd81ea8

                                                                      SHA256

                                                                      d0a9728ea2897919bcdf7e8e7d5c970dd8774bfcbca4117280edea7eebf0d89f

                                                                      SHA512

                                                                      b0710d91aab5658a263e3c657996e83416809072ad854329bb74530bca46b8f0e8c3d5f7de585ee3260118999cb480b601f3c99373991990e5eeea7787033430

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e962.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      1635a7ba185da65b11eff8715bb1ec58

                                                                      SHA1

                                                                      8e7cab12604a851173a586f98533c9439f9009dd

                                                                      SHA256

                                                                      f80d698eb272646d7bae9fca1e350b3db238e97f387b1d019f1ade2e6d9eea3c

                                                                      SHA512

                                                                      41622c4a0942b3ca9172b9a9ce29a31e4f1a2ef7f0eefe80eb44771cc4bbe6659981cc7e7352cb9c510133921e13738af6a9f42352f52e3fe677b42fcd206f25

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e963.rbf
                                                                      Filesize

                                                                      143KB

                                                                      MD5

                                                                      33b4c87f18b4c49114d7a8980241657a

                                                                      SHA1

                                                                      254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                      SHA256

                                                                      587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                      SHA512

                                                                      42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e964.rbf
                                                                      Filesize

                                                                      3B

                                                                      MD5

                                                                      21438ef4b9ad4fc266b6129a2f60de29

                                                                      SHA1

                                                                      5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                      SHA256

                                                                      13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                      SHA512

                                                                      37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e96a.rbs
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      22bbbb88f90898cc7a25853548299b58

                                                                      SHA1

                                                                      4e1336f0e0efad5d5060304e0b3bcf6c4ce6187b

                                                                      SHA256

                                                                      fc5433ece4d857ec97b40757142cc1e5cb2409640281cf68421fc466f9f3e34b

                                                                      SHA512

                                                                      5480e36cde465b45a608d39110de3da7a0eb62aa40c7d7f7132ba237dabc4cea7788536ce343847f67619dada4bf9cd866a6a1bc0bd64f5927f80e313cf01be2

                                                                      Download Submit

                                                                    • C:\Config.Msi\e57e972.rbs
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      6f1886c5ef024fe2726994b2b050d4a5

                                                                      SHA1

                                                                      a6ba953424ddfac40658529b1b26b5d67d04fc9f

                                                                      SHA256

                                                                      3ae27cf9972f2655fd15903cbed3260183394285f6a48b63cde5e46c06da9c01

                                                                      SHA512

                                                                      04ba60ffd84ac63e00f687a45d96fdca4ea5ab89b76298074d35c3b5b22a054a27c7cd225cd72f470c2d7e17a2647cd897163dcd569ed4b3bd69a399d38ee517

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      337079222a6f6c6edf58f3f981ff20ae

                                                                      SHA1

                                                                      1f705fc0faa84c69e1fe936b34783b301323e255

                                                                      SHA256

                                                                      ae56a6c4f6622b5485c46d9fde5d3db468c1bfb573b34c9f199007b5eedcbda5

                                                                      SHA512

                                                                      ae9cd225f7327da6eeea63c661b9e159d6608dff4897fb6b9651a1756d69282e8051b058a2473d9153fc87c0b54aa59b9a1a865871df693adcb267f8b0157b61

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                      Filesize

                                                                      142KB

                                                                      MD5

                                                                      477293f80461713d51a98a24023d45e8

                                                                      SHA1

                                                                      e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                      SHA256

                                                                      a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                      SHA512

                                                                      23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      b3bb71f9bb4de4236c26578a8fae2dcd

                                                                      SHA1

                                                                      1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                      SHA256

                                                                      e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                      SHA512

                                                                      fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                      Filesize

                                                                      210KB

                                                                      MD5

                                                                      c106df1b5b43af3b937ace19d92b42f3

                                                                      SHA1

                                                                      7670fc4b6369e3fb705200050618acaa5213637f

                                                                      SHA256

                                                                      2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                      SHA512

                                                                      616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      693KB

                                                                      MD5

                                                                      2c4d25b7fbd1adfd4471052fa482af72

                                                                      SHA1

                                                                      fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                      SHA256

                                                                      2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                      SHA512

                                                                      f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                      Filesize

                                                                      146KB

                                                                      MD5

                                                                      8d477b63bc5a56ae15314bda8dea7a3a

                                                                      SHA1

                                                                      3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                      SHA256

                                                                      9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                      SHA512

                                                                      44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                                      Filesize

                                                                      145KB

                                                                      MD5

                                                                      0953b0a835501eede2761d0021d7f814

                                                                      SHA1

                                                                      14bf854aafb9594304cf2d66930a1efbd50e110b

                                                                      SHA256

                                                                      f87117e19652d814a8f4126696a16e83902ac733beee3b00b24eeb555a07df1b

                                                                      SHA512

                                                                      fe32059af2cd0c2dfc3dd8ec6b7a60d565efcbe61b24603245eb0618e0664212065d1b052d2f0d7d31f2c298fed75f5d22be38e88d6d85d0a8d5189a2820b387

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                      Filesize

                                                                      145KB

                                                                      MD5

                                                                      2b9beb2fdbc41afc48d68d32ef41dd08

                                                                      SHA1

                                                                      4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                      SHA256

                                                                      977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                      SHA512

                                                                      3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                      Filesize

                                                                      51KB

                                                                      MD5

                                                                      3180c705182447f4bcc7ce8e2820b25d

                                                                      SHA1

                                                                      ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                      SHA256

                                                                      5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                      SHA512

                                                                      228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      cfce02553c4af9a201345d31962187fc

                                                                      SHA1

                                                                      16f0da42cf874c9c4a84d434eebd2dcf5031b553

                                                                      SHA256

                                                                      ed104ab4d69e5d34ccdebe12d317c4c8cbb7ddfd60b36f0461db0032a11d288f

                                                                      SHA512

                                                                      ece94642b88011429e106aa1b4cea75a606a03647e5dace481969946ba9a0d3b23162c9cb81200d12445fd4910ddc30135866c80b645a82df08e7e374c60a4cc

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                      Filesize

                                                                      248KB

                                                                      MD5

                                                                      bf7f46a78bba38717dc1ccd5a48c9aa2

                                                                      SHA1

                                                                      30382066798876dc4e689bfcfad098910a213cda

                                                                      SHA256

                                                                      0f0425430b83a340883c9c4318cda20e91c8db1febcf0f1b731ae93f2d119020

                                                                      SHA512

                                                                      bbae0e9ce97d5db855799960778425bcd652d7e1507089211be8413fd56698845dc00c19bb4adafe6ea3ff3c00b0ad0a9a111bb00f7f57b1d59ea79b236163ab

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                      Filesize

                                                                      1021B

                                                                      MD5

                                                                      51a41966b950af62998eee5043f543b0

                                                                      SHA1

                                                                      d4ce80134834a1f10d50a6cac3ca3a3e80ff1dc2

                                                                      SHA256

                                                                      f1461b023e02fac832979ebf9bfa59ee7043885c90fc8ee6f8077f07a1cb7097

                                                                      SHA512

                                                                      9c4ba08451116f92036ce24075a641eb5973b740bb876cb8ec7229dae10308364404f175b8abd1f0d6eefa73b9123fa857bf2c3b39577d767831444f99435936

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                      Filesize

                                                                      109KB

                                                                      MD5

                                                                      f38140dca6604bb2fa225120ab64f1f9

                                                                      SHA1

                                                                      fb051bd98580efaa446af16dc45fbd296e2c6c5c

                                                                      SHA256

                                                                      e02d6383678b394db45f11dcd06f309745b30f9e94ffbc33c9c9433a6b211cca

                                                                      SHA512

                                                                      eb6310d2a02a642c634bdf1f0f6c74c530e995a125b1641732f086efd25c4ced0836562579a22445e5e1582b72707ccf3b22f1fdb50b970ebcb5a694c2f79ab5

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      693KB

                                                                      MD5

                                                                      a336fba63cbca9d841cd3188f59be1cb

                                                                      SHA1

                                                                      d486c67f142f8683bca8d5f487602bff599403ee

                                                                      SHA256

                                                                      e4ccf5985d2f5006d42cfe002b39651ef0c9f1b8db60453d0f682d6d62cac23f

                                                                      SHA512

                                                                      9f0c65170a7105bbbafe1ba69bbbc965c41bd009f8d8642542cc54af7520252307f4be9e09c8a7d0ccb6fee42370d80338ac6e83f993b5dc8a6275777e3cafe9

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                      Filesize

                                                                      27KB

                                                                      MD5

                                                                      797c9554ec56fd72ebb3f6f6bef67fb5

                                                                      SHA1

                                                                      40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                      SHA256

                                                                      7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                      SHA512

                                                                      4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                      Filesize

                                                                      214KB

                                                                      MD5

                                                                      01807774f043028ec29982a62fa75941

                                                                      SHA1

                                                                      afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                      SHA256

                                                                      9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                      SHA512

                                                                      33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                      Filesize

                                                                      37KB

                                                                      MD5

                                                                      efb4712c8713cb05eb7fe7d87a83a55a

                                                                      SHA1

                                                                      c94d106bba77aecf88540807da89349b50ea5ae7

                                                                      SHA256

                                                                      30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                      SHA512

                                                                      3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                      Filesize

                                                                      3.5MB

                                                                      MD5

                                                                      723a7f489fb1861821fee5f5de0acba0

                                                                      SHA1

                                                                      ad76a8ec8cd52346c575894e08c458e1adf620b7

                                                                      SHA256

                                                                      0b1afe081f2e2aefdcf40cada67e79e287536999e99145748aeeb4f0010730f5

                                                                      SHA512

                                                                      b3ea87dd52d79b73b443154b71ea44da1ce86032bb4646d2a2813218e55113b3c1b854dc638229ecda370fa49863228dea1e86b6d455457095a9de865e25b0e1

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                      Filesize

                                                                      396KB

                                                                      MD5

                                                                      b5929e2ca0e402a373b633bb78d0414a

                                                                      SHA1

                                                                      38146d4f3ddca1b1e854bf638b7722356e5e2195

                                                                      SHA256

                                                                      d7b43a4807e1841b94353656fcfd45b69f7550adf137c56aefb85104883fb821

                                                                      SHA512

                                                                      65e02019656d61238b8fc784496eb6ccf238a5f6eff9b101893641cb45d9c63058cf67abb2bc75007e9e2726458115eb8e9ad9a4cf34a86435ea637dc78c3ea6

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      025657c7ee0ced028809206c410cd9be

                                                                      SHA1

                                                                      56e15a79f01700e99ac7fcc3da43b8ebf0957347

                                                                      SHA256

                                                                      680ed1cb6d044b07bf5407da31a77a534d96a0a3157c56c46c7eb1bbc10943eb

                                                                      SHA512

                                                                      45b08019378a1ab11a4fc4445da60e861560f6ccb8ed60c40418d32cc1c18884d910dbe462711d1161679bc36d35e59461f693f48a74c4261393f65dbeb4a909

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                      Filesize

                                                                      214KB

                                                                      MD5

                                                                      6111e4d451e8c83bb84c77e7adc7d3e6

                                                                      SHA1

                                                                      fb6c4702d8142ac52262cf7fd804a2a100154ca5

                                                                      SHA256

                                                                      f820a82e28b7db8c8af494d8d14f83d79a3446e3d52d27713b1ad13e5fd18a99

                                                                      SHA512

                                                                      d44cc7daba8f93c15854bf1467209f659ba074034ea27a4988b5d8f68a240d5c220ff5062848a355d4f3f6e96c714a0cf055a5e65c4cf4672b9d3070a76412ca

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                      Filesize

                                                                      54KB

                                                                      MD5

                                                                      77c613ffadf1f4b2f50d31eeec83af30

                                                                      SHA1

                                                                      76a6bfd488e73630632cc7bd0c9f51d5d0b71b4c

                                                                      SHA256

                                                                      2a0ead6e9f424cbc26ef8a27c1eed1a3d0e2df6419e7f5f10aa787377a28d7cf

                                                                      SHA512

                                                                      29c8ae60d195d525650574933bad59b98cf8438d47f33edf80bbdf0c79b32d78f0c0febe69c9c98c156f52219ecd58d7e5e669ae39d912abe53638092ed8b6c3

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                      Filesize

                                                                      333KB

                                                                      MD5

                                                                      745714d838c4d4f88c6e0db6a434f444

                                                                      SHA1

                                                                      90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                      SHA256

                                                                      e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                      SHA512

                                                                      08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                      Filesize

                                                                      70KB

                                                                      MD5

                                                                      e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                      SHA1

                                                                      22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                      SHA256

                                                                      bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                      SHA512

                                                                      00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                      Filesize

                                                                      50KB

                                                                      MD5

                                                                      5bb0687e2384644ea48f688d7e75377b

                                                                      SHA1

                                                                      44e4651a52517570894cfec764ec790263b88c4a

                                                                      SHA256

                                                                      963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                      SHA512

                                                                      260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                      Filesize

                                                                      32KB

                                                                      MD5

                                                                      1a35c822b4e574c039dd81b1ab095097

                                                                      SHA1

                                                                      87d051da2e26366f5aae9ae4567082282ceced7f

                                                                      SHA256

                                                                      e3da2a27ea6767c32e181f850dd2dfb14cac8a679f42f2b5e42d6bf1255e2e81

                                                                      SHA512

                                                                      f06b796e11c10d547b7906a01b18197ed4a5ca177037c3a2bd65ac0e83568a84abe52a03590ff21b2f69424b7a24bfa5004a776a27af0afc24c9362f9835b209

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                      Filesize

                                                                      60KB

                                                                      MD5

                                                                      99c72ae773f0e16818bc628e6c30272a

                                                                      SHA1

                                                                      901b18faa2eeb35946746bcf80a3ed7a67f6daab

                                                                      SHA256

                                                                      9159d0f626aebaca406d0ff9abfe19d6153f3d6eefbc1f831a48c17f4aea7a81

                                                                      SHA512

                                                                      f05b5884ab3f8b2c0960c2ccbb982555948d293fd37bd29df1157d40c138f1eed6fc94ac5a7d7a4fd098755e9d242d4da992d073ddffcc8f0c543e538b322633

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                      Filesize

                                                                      588KB

                                                                      MD5

                                                                      17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                      SHA1

                                                                      bc0316e11c119806907c058d62513eb8ce32288c

                                                                      SHA256

                                                                      13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                      SHA512

                                                                      f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
                                                                      Filesize

                                                                      753B

                                                                      MD5

                                                                      8298451e4dee214334dd2e22b8996bdc

                                                                      SHA1

                                                                      bc429029cc6b42c59c417773ea5df8ae54dbb971

                                                                      SHA256

                                                                      6fbf5845a6738e2dc2aa67dd5f78da2c8f8cb41d866bbba10e5336787c731b25

                                                                      SHA512

                                                                      cda4ffd7d6c6dff90521c6a67a3dba27bf172cc87cee2986ae46dccd02f771d7e784dcad8aea0ad10decf46a1c8ae1041c184206ec2796e54756e49b9217d7ba

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                      Filesize

                                                                      218B

                                                                      MD5

                                                                      b03b1d441556e8d05a077c0bb64c217a

                                                                      SHA1

                                                                      6b61a272e7dbd2e98469c6378e810fc9a32d1355

                                                                      SHA256

                                                                      9c45a90e8443b1441d5e290914f8c63c99e410255936a9f3c9f6f13b5f62e981

                                                                      SHA512

                                                                      768337b35bba76e8de0ddb33e2412d214f038b642e53a0985cfdd0cd8f7d19b3e797ddefaace6450fe416d964e5eadd1f1961a103d09807926523d39760144f2

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      1ef7574bc4d8b6034935d99ad884f15b

                                                                      SHA1

                                                                      110709ab33f893737f4b0567f9495ac60c37667c

                                                                      SHA256

                                                                      0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                      SHA512

                                                                      947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      f512536173e386121b3ebd22aac41a4e

                                                                      SHA1

                                                                      74ae133215345beaebb7a95f969f34a40dda922a

                                                                      SHA256

                                                                      a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                      SHA512

                                                                      1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                      Filesize

                                                                      76KB

                                                                      MD5

                                                                      b40fe65431b18a52e6452279b88954af

                                                                      SHA1

                                                                      c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                      SHA256

                                                                      800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                      SHA512

                                                                      e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                      Filesize

                                                                      80KB

                                                                      MD5

                                                                      3904d0698962e09da946046020cbcb17

                                                                      SHA1

                                                                      edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                      SHA256

                                                                      a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                      SHA512

                                                                      c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                      Download Submit

                                                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                      Filesize

                                                                      92KB

                                                                      MD5

                                                                      767aa0577501734b83551bfd66b3f567

                                                                      SHA1

                                                                      cbc39e7de46c0173169de216b31a2e3436250ff2

                                                                      SHA256

                                                                      8514f5ee530a0f33cfa5464f2154269280ae813f87aeefe26401eac72ad3167e

                                                                      SHA512

                                                                      07ab5551f51270c5b4c444c142d72c192142fce728e225a159ad6523b3f70568a6f4a223613e4ef2e9ab9b78af39e811f2d2769562459c662d571f02b972b406

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                      Filesize

                                                                      287B

                                                                      MD5

                                                                      fcad4da5d24f95ebf38031673ddbcdb8

                                                                      SHA1

                                                                      3f68c81b47e6b4aebd08100c97de739c98f57deb

                                                                      SHA256

                                                                      7e1def23e5ab80fea0688c3f9dbe81c0ab4ec9e7bdbcc0a4f9cd413832755e63

                                                                      SHA512

                                                                      1694957720b7a2137f5c96874b1eb814725bdba1f60b0106073fa921da00038a532764ec9a5501b6ffb9904ee485ce42ff2a61c41f88b5ff9b0afde93d6f7f3d

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      362ce475f5d1e84641bad999c16727a0

                                                                      SHA1

                                                                      6b613c73acb58d259c6379bd820cca6f785cc812

                                                                      SHA256

                                                                      1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                      SHA512

                                                                      7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                      Filesize

                                                                      1.3MB

                                                                      MD5

                                                                      40df7f2a02cdfa70ae76d70d21473428

                                                                      SHA1

                                                                      4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                      SHA256

                                                                      f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                      SHA512

                                                                      2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software.zip
                                                                      Filesize

                                                                      1.6MB

                                                                      MD5

                                                                      68a52d3ec57a7fedf808624beca83db3

                                                                      SHA1

                                                                      d5a43e0e0baf2a3e4e8da2d7e1c797fb01167b6a

                                                                      SHA256

                                                                      de34a5193566b7dcb3365c283dbe3e2644e2fe65fb3915f20e0a9a60424f8d62

                                                                      SHA512

                                                                      34bc3b475062219e1ef67c7fd56acf6dcc9f28262ccc4e49701a592a6d228bc5fc61ac25908e798b96b3d16f591c4800dcaeb334508fe70137f2d75577328a29

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                      Filesize

                                                                      1.8MB

                                                                      MD5

                                                                      5ed9543e9f5826ead203316ef0a8863d

                                                                      SHA1

                                                                      8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                      SHA256

                                                                      33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                      SHA512

                                                                      5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.runtimeconfig.json
                                                                      Filesize

                                                                      375B

                                                                      MD5

                                                                      e8d9109bd15637b1fbf349f9c7ff776f

                                                                      SHA1

                                                                      19762daa20afc8085ba6417a7215f1fe2d619f60

                                                                      SHA256

                                                                      c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                                      SHA512

                                                                      5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      9a9b1fd85b5f1dcd568a521399a0d057

                                                                      SHA1

                                                                      34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                      SHA256

                                                                      88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                      SHA512

                                                                      7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                      Filesize

                                                                      673KB

                                                                      MD5

                                                                      8a190dfd824e864942a13b01e100ee1d

                                                                      SHA1

                                                                      0938bc28ad8b133a7c27635f6eebb268b116bc0c

                                                                      SHA256

                                                                      66c414c255ef75c6ffe9955b4d27cb84704e187b1997a8d6cb3734c94967190a

                                                                      SHA512

                                                                      53c03e3f525211e93c3b0b86aa6ee0c49e7c6162b7c830519a4dd4073495f08fb148dcadb7ee08634dc72505c4cdce65228e480262e2e527e9bf29a35ab31aa4

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                      Filesize

                                                                      321KB

                                                                      MD5

                                                                      d3901e62166e9c42864fe3062cb4d8d5

                                                                      SHA1

                                                                      c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                      SHA256

                                                                      dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                      SHA512

                                                                      ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                      Filesize

                                                                      814KB

                                                                      MD5

                                                                      9b1f97a41bfb95f148868b49460d9d04

                                                                      SHA1

                                                                      768031d5e877e347a249dfdeab7c725df941324b

                                                                      SHA256

                                                                      09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                      SHA512

                                                                      9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                      Filesize

                                                                      1.2MB

                                                                      MD5

                                                                      e74d2a16da1ddb7f9c54f72b8a25897c

                                                                      SHA1

                                                                      32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                      SHA256

                                                                      a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                      SHA512

                                                                      52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini
                                                                      Filesize

                                                                      11B

                                                                      MD5

                                                                      5eda46a55c61b07029e7202f8cf1781c

                                                                      SHA1

                                                                      862ee76fc1e20a9cc7bc1920309aa67de42f22d0

                                                                      SHA256

                                                                      12bf7eb46cb4cb90fae054c798b8fd527f42a5efc8d7833bb4f68414e2383442

                                                                      SHA512

                                                                      4cf17d20064be9475e45d5f46b4a3400cdb8180e5e375ecac8145d18b34c8fca24432a06aeec937f5bedc7c176f4ee29f4978530be20edbd7fed38966fe989d6

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      b2d5d511002960697118598e9233b21d

                                                                      SHA1

                                                                      9f0c9252594d590e47027d9fb6afc34abbd3d6f1

                                                                      SHA256

                                                                      a7a70e5be36672e698230c01904255958bf3e5d81bb5655ffc8dc9221b6134be

                                                                      SHA512

                                                                      d773d1c77c59c51270ec4f1357ae227e81ca599a98798001ad2c587f1b54877501128a9895ebdc47a5d0a0372a2804ecdc9fb9b47f1ea53607c54eb74a4a7dd7

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      b4a865268d5aca5f93bab91d7d83c800

                                                                      SHA1

                                                                      95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                      SHA256

                                                                      5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                      SHA512

                                                                      c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      c926b097427f9f14a29ad4974d0682d0

                                                                      SHA1

                                                                      0a772e5544a76531f53c5c6913d797aa9125c12e

                                                                      SHA256

                                                                      ed9b0dfb8dc6fc028df2b6a828d8a51e0da88d979427eb4e65af282d4e08b0e7

                                                                      SHA512

                                                                      0bd7f2a7cc8e309963936a722a70c3aa0a97da3f5496162ddc0adc2631ad31eae7a8a052e0adbffc5aa4b1145652b2ed27e86cd32635bfe9e834d10dcb0544c0

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                      Filesize

                                                                      48KB

                                                                      MD5

                                                                      37bc9a22d380750f77f5ce39b45cbc46

                                                                      SHA1

                                                                      4478cb1a656316dd69a1cd85c3930af52efbb69b

                                                                      SHA256

                                                                      5dc35d29c45aa8df2e87a3b1ad79fad8bc24c02299f5034d3282cfda702b7283

                                                                      SHA512

                                                                      6073892dfa352700683665f1486b6159d8651a1027d9847efd451f5a4f6cc03e25c946b338af75556be07854d19e0ae324c50e4c8acc42428d80aef888df74c6

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                      Filesize

                                                                      2.8MB

                                                                      MD5

                                                                      187159336928067bbcaf950ed41ddd7e

                                                                      SHA1

                                                                      d308976d326a639233ddee6ff5a0d6804926ebe2

                                                                      SHA256

                                                                      925ad251788435923e07523736f1f3908d3c84a5ced6699d7f8a940c255f617d

                                                                      SHA512

                                                                      27b4adb10a31f14155d402e423b6147bb9a6b06ebceaa73ddc9cce174a87783b1ba71f16db027d08133270978af3f9a4db5764f264b7c70101c5a49132accc70

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      6c6f85e896655a6eb726482f04c49086

                                                                      SHA1

                                                                      2e0c55cd4894117428b34d21a1d53738fce4b02c

                                                                      SHA256

                                                                      e109400a93fede90201bbf37c1868c789888bce9d03a4ae5b46c48599939c34e

                                                                      SHA512

                                                                      b58303c149deffc9e374d5ba42a8a73b7ce890d35f9589fe0b09acec541a21d589d49fa5086b965277fa22dfe308357505124f13a6ff1e0de415ebc40ce61e15

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                      Filesize

                                                                      541B

                                                                      MD5

                                                                      d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                      SHA1

                                                                      e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                      SHA256

                                                                      7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                      SHA512

                                                                      a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                      Filesize

                                                                      12B

                                                                      MD5

                                                                      880d31390a25de6a9cd34463b46c75e6

                                                                      SHA1

                                                                      837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                      SHA256

                                                                      425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                      SHA512

                                                                      8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                      Filesize

                                                                      670KB

                                                                      MD5

                                                                      96e50bbca30d75af7b8b40acf8dda817

                                                                      SHA1

                                                                      4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                      SHA256

                                                                      a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                      SHA512

                                                                      0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                      Download Submit

                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                      Filesize

                                                                      3.1MB

                                                                      MD5

                                                                      c9845d8fd278289e92a84a29427ddd2b

                                                                      SHA1

                                                                      f9f086aedfc7434e2290423cd99deded01d7d77c

                                                                      SHA256

                                                                      1bb7671a2ccd6505183f60d33b53eeb9f36ede0a3c4af92dfcf30fa7fa25dae4

                                                                      SHA512

                                                                      9c0337b19fb0c763b64b0ef39a181055e0619e7c59e25799ff34c1afb880ca384c8388f85a46b7aed93f925500376af981647d34a3e745d9d71d231585bf6717

                                                                      Download Submit

                                                                    • C:\Program Files\dotnet\dotnet.exe
                                                                      Filesize

                                                                      143KB

                                                                      MD5

                                                                      71026b098f8fb39c88b003df746d9fa0

                                                                      SHA1

                                                                      013ca259f551ad6f33db53fff0e121e74408e20e

                                                                      SHA256

                                                                      11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                      SHA512

                                                                      9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                      Download Submit

                                                                    • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\c05142d8e8096dc76d37759fb5cd8625
                                                                      Filesize

                                                                      16KB

                                                                      MD5

                                                                      b2e89027a140a89b6e3eb4e504e93d96

                                                                      SHA1

                                                                      f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                      SHA256

                                                                      5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                      SHA512

                                                                      93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                      Filesize

                                                                      471B

                                                                      MD5

                                                                      7698355a7e9e36e88e73d16701e321ae

                                                                      SHA1

                                                                      da642632f6b74ee2422309f3a2bfc326c2e2e2e3

                                                                      SHA256

                                                                      87cb1cf084c4cc7ed934f98a7681f6826f16b4913f62126adbe4af6606b25f14

                                                                      SHA512

                                                                      fcc322f012862409ba6acb20a88ad2fb6bf6df93b19f16ef5924e33c6556d222ca824ff18beed8fd78b02505cce508dca72f993ca1a01a2657eb92653b8f22eb

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                      Filesize

                                                                      727B

                                                                      MD5

                                                                      e22c500ac9dc5b818b05e60d9263fca5

                                                                      SHA1

                                                                      38b34fdbd3a261ea569f0db574d8c5d34c0436d9

                                                                      SHA256

                                                                      24bd916bf9f9413d4e527659e56b953fe1a396cdf2c664e0798c3f520ec348ac

                                                                      SHA512

                                                                      17e752f4b5ae3f16455f5b6d0238cec9701e77e61e98c365056af9f52a9ebb2cdf9dc1e5c513858fe02af73a1573eb5270125a116b63d29ba768cc131c6135d3

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      727B

                                                                      MD5

                                                                      16d40e6fe7dbda24e4c0011e68de557b

                                                                      SHA1

                                                                      ad6ee6b3e37a5769230755269ea7eb79c3ff468e

                                                                      SHA256

                                                                      b9e9bad95aee50d6e2ff0c7a88fe83dd97ddda6d9bc63324749721b0a0abaa39

                                                                      SHA512

                                                                      ebf04e008422ddc6869c9ade3f6c2c9668818d1f644582aed3b744051cf8480f6654929dfe823f378498b4ec942b705af9756c0b27eb25b047c590f5de9aeb11

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                      Filesize

                                                                      400B

                                                                      MD5

                                                                      f96f14637079c9e7229ebece5173bbfc

                                                                      SHA1

                                                                      86ebf57908754eb19fdd9c2f9564fee359bda3c8

                                                                      SHA256

                                                                      64f5b44e826bd27aa5cd5fd8f9116bd5a6e00f2f0dfbe5d5a1302ddee117d3f3

                                                                      SHA512

                                                                      891d2db27ca2951f28dcb4ca3a63a7ff6df5a1209e6ebedb80223221b0c1b4e234261dad2613733cf28deeea6707bc61bbf58e72698ca41cdc1022e2ee51a103

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                      Filesize

                                                                      412B

                                                                      MD5

                                                                      2c55c6236c85d64da62d3b5958f27442

                                                                      SHA1

                                                                      90166b00baf47391457cb4b78201244d623200b2

                                                                      SHA256

                                                                      6ed86c660d42a2f395d3a10543445dbc0d650d3f9218fb5e3b9b0e476cf9b056

                                                                      SHA512

                                                                      f4cf1fa1a8ac698cc1fce31a04b5932eb4d575fb9d5d2fc0f405b473673901a30b5fc401b35bb542ddc5a9e5dc93ae2fd3b7b61039c66f276626d4b6f4ee4568

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      412B

                                                                      MD5

                                                                      4e91c3a41ad4ee96834670d84a05ba93

                                                                      SHA1

                                                                      ca06ab11133d811c74c906a4338f427e9848d5af

                                                                      SHA256

                                                                      37f6803e6023bdc981fab832e04a2015162726c91efadfd05a4f4645ce8df3f6

                                                                      SHA512

                                                                      7f71a79d7d34ee8d01d1a615868f62690f95905d3bf354f936afb9c045372feaca734fed4672822ff770817d77ae6b12d3c327aa6c69fef25327c347a3068195

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                      Filesize

                                                                      651B

                                                                      MD5

                                                                      9bbfe11735bac43a2ed1be18d0655fe2

                                                                      SHA1

                                                                      61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                      SHA256

                                                                      549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                      SHA512

                                                                      a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI166.tmp
                                                                      Filesize

                                                                      211KB

                                                                      MD5

                                                                      a3ae5d86ecf38db9427359ea37a5f646

                                                                      SHA1

                                                                      eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                      SHA256

                                                                      c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                      SHA512

                                                                      96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSI7B25.tmp
                                                                      Filesize

                                                                      4.5MB

                                                                      MD5

                                                                      08211c29e0d617a579ffa2c41bde1317

                                                                      SHA1

                                                                      4991dae22d8cdc6ca172ad1846010e3d9e35c301

                                                                      SHA256

                                                                      3334a7025ff6cd58d38155a8f9b9867f1a2d872964c72776c9bf4c50f51f9621

                                                                      SHA512

                                                                      d6ae36a09745fdd6d0d508b18eb9f3499a06a7eeafa0834bb47a7004f4b7d54f15fec0d0a45b7e6347a85c8091ca52fe4c679f6f23c3668efe75a660a8ce917f

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSID53.tmp-\System.Management.dll
                                                                      Filesize

                                                                      60KB

                                                                      MD5

                                                                      878e361c41c05c0519bfc72c7d6e141c

                                                                      SHA1

                                                                      432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                      SHA256

                                                                      24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                      SHA512

                                                                      59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIE9D3.tmp
                                                                      Filesize

                                                                      509KB

                                                                      MD5

                                                                      88d29734f37bdcffd202eafcdd082f9d

                                                                      SHA1

                                                                      823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                      SHA256

                                                                      87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                      SHA512

                                                                      1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIE9D3.tmp-\AlphaControlAgentInstallation.dll
                                                                      Filesize

                                                                      25KB

                                                                      MD5

                                                                      aa1b9c5c685173fad2dabebeb3171f01

                                                                      SHA1

                                                                      ed756b1760e563ce888276ff248c734b7dd851fb

                                                                      SHA256

                                                                      e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                      SHA512

                                                                      d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIE9D3.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      1a5caea6734fdd07caa514c3f3fb75da

                                                                      SHA1

                                                                      f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                      SHA256

                                                                      cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                      SHA512

                                                                      a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIED5E.tmp-\CustomAction.config
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      bc17e956cde8dd5425f2b2a68ed919f8

                                                                      SHA1

                                                                      5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                      SHA256

                                                                      e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                      SHA512

                                                                      02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIED5E.tmp-\Newtonsoft.Json.dll
                                                                      Filesize

                                                                      695KB

                                                                      MD5

                                                                      715a1fbee4665e99e859eda667fe8034

                                                                      SHA1

                                                                      e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                      SHA256

                                                                      c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                      SHA512

                                                                      bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                      Download Submit

                                                                    • C:\Windows\Installer\MSIFEC3.tmp
                                                                      Filesize

                                                                      219KB

                                                                      MD5

                                                                      928f4b0fc68501395f93ad524a36148c

                                                                      SHA1

                                                                      084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                      SHA256

                                                                      2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                      SHA512

                                                                      7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e57e947.msi
                                                                      Filesize

                                                                      2.9MB

                                                                      MD5

                                                                      33e1da237802bdc69ea7326799ec8c44

                                                                      SHA1

                                                                      a8f2348282fc248a334783484c57fc48c195f8cd

                                                                      SHA256

                                                                      cf13f22012ec3a6f27a878c417a4ca60fbe56a90069748d2ffc59f264e5451cd

                                                                      SHA512

                                                                      1e87d57b25bbb934aa9570577f778a370ce6b340514792de5015d2c00eca56848b707481fc234d508d8b4c2cdcd3f62e03f1d0c933feba0dedbc7278ded823b0

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e57e954.msi
                                                                      Filesize

                                                                      26.3MB

                                                                      MD5

                                                                      b9c6d23462adef092b8a5b7880531b03

                                                                      SHA1

                                                                      9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                      SHA256

                                                                      2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                      SHA512

                                                                      18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                      Download Submit

                                                                    • C:\Windows\Installer\e57e955.msi
                                                                      Filesize

                                                                      772KB

                                                                      MD5

                                                                      d73de5788ab129f16afdd990d8e6bfa9

                                                                      SHA1

                                                                      88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                      SHA256

                                                                      4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                      SHA512

                                                                      bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{03bfe7c1-e760-0543-b7eb-3c8c9069c8b9}\lci_proxywddm.cat
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      8e16d54f986dbe98812fd5ec04d434e8

                                                                      SHA1

                                                                      8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                      SHA256

                                                                      7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                      SHA512

                                                                      e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{03bfe7c1-e760-0543-b7eb-3c8c9069c8b9}\lci_proxywddm.inf
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      0315a579f5afe989154cb7c6a6376b05

                                                                      SHA1

                                                                      e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                      SHA256

                                                                      d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                      SHA512

                                                                      c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{03bfe7c1-e760-0543-b7eb-3c8c9069c8b9}\x64\lci_proxyumd.dll
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      4dc11547a5fc28ca8f6965fa21573481

                                                                      SHA1

                                                                      d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                      SHA256

                                                                      e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                      SHA512

                                                                      bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{03bfe7c1-e760-0543-b7eb-3c8c9069c8b9}\x64\lci_proxyumd32.dll
                                                                      Filesize

                                                                      135KB

                                                                      MD5

                                                                      67ae7b2c36c9c70086b9d41b4515b0a8

                                                                      SHA1

                                                                      ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                      SHA256

                                                                      79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                      SHA512

                                                                      4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{03bfe7c1-e760-0543-b7eb-3c8c9069c8b9}\x64\lci_proxywddm.sys
                                                                      Filesize

                                                                      119KB

                                                                      MD5

                                                                      b9b0e9b4d93b18b99ece31a819d71d00

                                                                      SHA1

                                                                      2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                      SHA256

                                                                      0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                      SHA512

                                                                      465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{217efda6-0332-8c49-847d-a9dfa2199f2e}\lci_iddcx.cat
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      62458e58313475c9a3642a392363e359

                                                                      SHA1

                                                                      e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                      SHA256

                                                                      85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                      SHA512

                                                                      49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{217efda6-0332-8c49-847d-a9dfa2199f2e}\lci_iddcx.inf
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      1cec22ca85e1b5a8615774fca59a420b

                                                                      SHA1

                                                                      049a651751ef38321a1088af6a47c4380f9293fc

                                                                      SHA256

                                                                      60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                      SHA512

                                                                      0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                      Download Submit

                                                                    • C:\Windows\System32\DriverStore\Temp\{217efda6-0332-8c49-847d-a9dfa2199f2e}\x64\lci_iddcx.dll
                                                                      Filesize

                                                                      52KB

                                                                      MD5

                                                                      01e8bc64139d6b74467330b11331858d

                                                                      SHA1

                                                                      b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                      SHA256

                                                                      148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                      SHA512

                                                                      4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                      Download Submit

                                                                    • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-03-24-55.dat
                                                                      Filesize

                                                                      602B

                                                                      MD5

                                                                      64bc51945f52ec938e4ff953e2c1e6f0

                                                                      SHA1

                                                                      38596b54f4b5ae36558f9f7c2fbead6e5e1f3e67

                                                                      SHA256

                                                                      d69e8e9b98c22440c8f16dcd8bc71a53ddfdf018a82090d5336392c11a929ceb

                                                                      SHA512

                                                                      457a6bd2254e89901a172625283baa53acced25e327fd20b460a0e5a994e1c8869a230234b3b7d771c2db3bb6076bafd30db1da37e1cc16bf032d813e8eabb66

                                                                      Download Submit

                                                                    • C:\Windows\Temp\InstallUtil.log
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      8f86a2085b58c5be0e3b099672a3fa45

                                                                      SHA1

                                                                      3f26b42aa284cf7af4ee5241b20105183cc97fae

                                                                      SHA256

                                                                      f05e84ed06a4c6d185cf1cdff958d3d79e6ee6e9041f5e2b5caaf299564d80f5

                                                                      SHA512

                                                                      c5dac07dbf5cb09d0eb8dba410527a7cbf713099b7b45c798c231ed1b3d2ac65097751321d0014a923436c489d60239f546de9598c995aa273140fa399fb1afe

                                                                      Download Submit

                                                                    • C:\Windows\Temp\InstallUtil.log
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      894f465d02bb2cde23bb3a7b375c7e0f

                                                                      SHA1

                                                                      5ebf908cf68eff34791393477b146bff5253ba35

                                                                      SHA256

                                                                      61d56df5dffbeb64049c183befaea70333989f28fdb487f69e8ba49a721017d9

                                                                      SHA512

                                                                      841d69d2449a3fcabd8846002ca2fbd3e2951bccd81696bb600f9d0d5839697a0c1462abab6718d95f1283aa0643f5ef8c11c33b9d29351d4c41d851fbcdc7c6

                                                                      Download Submit

                                                                    • C:\Windows\Temp\PreVer.log
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      2f121b5c1d768f4c5588e29cef0fefc4

                                                                      SHA1

                                                                      13c4572faf180ea584ff15ad9ff92450a7fa27f1

                                                                      SHA256

                                                                      47e004d9f42ce9a534bfe110f90b2525af45e7842553e5cd30ae24e1e6f14952

                                                                      SHA512

                                                                      2564620111b044929cfa658ce9e1545caa0c2accf0bbbf5d127d64b57f242b1054acb634a275872bd91e8cf08656c9b8e7bffe818a37b40bd8684e88f8203663

                                                                      Download Submit

                                                                    • C:\Windows\Temp\__PSScriptPolicyTest_1apat2sl.szt.ps1
                                                                      Filesize

                                                                      60B

                                                                      MD5

                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                      SHA1

                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                      SHA256

                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                      SHA512

                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                      Download Submit

                                                                    • C:\Windows\Temp\unpack.log
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      a9a5757a536b0b3eba2b87a2d4e1dca3

                                                                      SHA1

                                                                      3e375fdadbbfdc7edd7514fca32ebc03047829ae

                                                                      SHA256

                                                                      5114ee6382b52e288b417d5dff7e183d8412f41682981cfd552cc1f965a9230e

                                                                      SHA512

                                                                      6fceb1ee01812dabb29b06323c993b537a88ddd80700d97ee41b0d6ea68eecf643e7cf9b959f4b487e99f33bb5eeb651fe9fbf1ebdacb1e85c4e8cee0e94aedf

                                                                      Download Submit

                                                                    • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                      Filesize

                                                                      3.2MB

                                                                      MD5

                                                                      2c18826adf72365827f780b2a1d5ea75

                                                                      SHA1

                                                                      a85b5eae6eba4af001d03996f48d97f7791e36eb

                                                                      SHA256

                                                                      ae06a5a23b6c61d250e8c28534ed0ffa8cc0c69b891c670ffaf54a43a9bf43be

                                                                      SHA512

                                                                      474fce1ec243b9f63ea3d427eb1117ad2ebc5a122f64853c5015193e6727ffc8083c5938117b66e572da3739fd0a86cd5bc118f374c690fa7a5fe9f0c071c167

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{4B8F85D9-5290-4B3E-83F2-798FBEF61832}\.ba\bg.png
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                      SHA1

                                                                      eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                      SHA256

                                                                      9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                      SHA512

                                                                      9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{4B8F85D9-5290-4B3E-83F2-798FBEF61832}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                      Filesize

                                                                      607KB

                                                                      MD5

                                                                      669de3ab32955e69decfe13a3c89891e

                                                                      SHA1

                                                                      ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                      SHA256

                                                                      2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                      SHA512

                                                                      be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{FC5642D6-348B-4D09-8FBD-3050296241FB}\IsConfig.ini
                                                                      Filesize

                                                                      571B

                                                                      MD5

                                                                      d239b8964e37974225ad69d78a0a8275

                                                                      SHA1

                                                                      cf208e98a6f11d1807cd84ca61504ad783471679

                                                                      SHA256

                                                                      0ce4b4c69344a2d099dd6ca99e44801542fa2011b5505dd9760f023570049b73

                                                                      SHA512

                                                                      88eb06ae80070203cb7303a790ba0e8a63c503740ca6e7d70002a1071c89b640f9b43f376ddc3c9d6ee29bae0881f736fa71e677591416980b0a526b27ee41e8

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{FC5642D6-348B-4D09-8FBD-3050296241FB}\String1033.txt
                                                                      Filesize

                                                                      182KB

                                                                      MD5

                                                                      99bbffd900115fe8672c73fb1a48a604

                                                                      SHA1

                                                                      8f587395fa6b954affef337c70781ce00913950e

                                                                      SHA256

                                                                      57ceff2d980d9224c53a910a6f9e06475dc170f42a0070ae4934868ccd13d2dc

                                                                      SHA512

                                                                      d578b1931a8daa1ef0f0238639a0c1509255480b5dbd464c639b4031832e2e7537f003c646d7bd65b75e721a7ad584254b4dfa7efc41cf6c8fbd6b72d679eeff

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{FC5642D6-348B-4D09-8FBD-3050296241FB}\_is6EB4.exe
                                                                      Filesize

                                                                      179KB

                                                                      MD5

                                                                      7a1c100df8065815dc34c05abc0c13de

                                                                      SHA1

                                                                      3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                      SHA256

                                                                      e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                      SHA512

                                                                      bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{FC5642D6-348B-4D09-8FBD-3050296241FB}\setup.inx
                                                                      Filesize

                                                                      345KB

                                                                      MD5

                                                                      0376dd5b7e37985ea50e693dc212094c

                                                                      SHA1

                                                                      02859394164c33924907b85ab0aaddc628c31bf1

                                                                      SHA256

                                                                      c9e6af6fb0bdbeb532e297436a80eb92a2ff7675f9c777c109208ee227f73415

                                                                      SHA512

                                                                      69d79d44908f6305eee5d8e6f815a0fee0c6d913f4f40f0c2c9f2f2e50f24bf7859ebe12c85138d971e5db95047f159f077ae687989b8588f76517cab7d3e0d5

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{FFB26694-1855-44FD-84DC-C7875D0DF971}\ISRT.dll
                                                                      Filesize

                                                                      427KB

                                                                      MD5

                                                                      85315ad538fa5af8162f1cd2fce1c99d

                                                                      SHA1

                                                                      31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                      SHA256

                                                                      70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                      SHA512

                                                                      877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                      Download Submit

                                                                    • C:\Windows\Temp\{FFB26694-1855-44FD-84DC-C7875D0DF971}\_isres_0x0409.dll
                                                                      Filesize

                                                                      1.8MB

                                                                      MD5

                                                                      befe2ef369d12f83c72c5f2f7069dd87

                                                                      SHA1

                                                                      b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                      SHA256

                                                                      9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                      SHA512

                                                                      760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                      Download Submit

                                                                    • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                      Filesize

                                                                      412B

                                                                      MD5

                                                                      64d054cf2dbc2bcd2ef42f983c912b32

                                                                      SHA1

                                                                      5124177371b7a61a07e92e174b355e443d90e2b1

                                                                      SHA256

                                                                      6c7fc9ff3ac92f017ff715b92baa3f81cc7413791316f54114ddf5aa0019e34b

                                                                      SHA512

                                                                      d908d196f0e672ef56d46e548d16e2f10d56e0701cda067e604e9ced64d03eb8720beeb4287d8a3f2fdd1467d07fce60afb98f9ba2c558c44ce3066d3856f295

                                                                      Download Submit

                                                                    • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      9cad061ddf5ad182cfe7879190aeed71

                                                                      SHA1

                                                                      cfd292d16d937f95b642527464403b7e5ef6af96

                                                                      SHA256

                                                                      b2d273fa926ebf6946e69e8808ad332db42bc65f449748082e088aa732e408ca

                                                                      SHA512

                                                                      df517d66358f441a7c4c690cd90e214f18d490e3de767dd76164effaa179b1dd865a0056d68ce3ab6aee55917465c7f39146e7694b1ac475fcc95c280fb29e92

                                                                      Download Submit

                                                                    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                      Filesize

                                                                      24.1MB

                                                                      MD5

                                                                      77421434ca6e847b8881dbf72b966621

                                                                      SHA1

                                                                      1b6c6454ad424f58182fd4f96f93882ccce432ea

                                                                      SHA256

                                                                      718b1255b76d1fb6fad822425297e2e5bcd4c3749c9f1bc2f3591b1440f7a596

                                                                      SHA512

                                                                      4daab265b17befb2a516d62c324d34b6139d11e13fd637d61b9d3f13754a541868f97931d8d28cf355c73938be381f712ae1f956c39cf95903de50934851b0dc

                                                                      Download Submit

                                                                    • \??\Volume{25f6f61f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{4b946eca-80b8-4891-8450-f81d4df1c902}_OnDiskSnapshotProp
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      88aad68bf41b5d3302ef5b965cf66dce

                                                                      SHA1

                                                                      0198c8e092b359d1e87952f2d29e91cdb6e7d833

                                                                      SHA256

                                                                      00cc6627b01582275fdd8d353034d3f0869440a2ee063329b8eefa15b2778dd8

                                                                      SHA512

                                                                      f7db9e46a88003d08aad51b2aff048122ca9c41c41125c0cd376807e10115b5ab5da25c04b903ef5379e41c527cea1c6c9ab4cef3e6fcc18ccad2478830c4b93

                                                                      Download Submit

                                                                    • memory/1364-1843-0x0000015D85E20000-0x0000015D85E38000-memory.dmp

                                                                      Filesize

                                                                      96KB

                                                                      Download

                                                                    • memory/1364-1849-0x0000015D9E770000-0x0000015D9E822000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/1364-1840-0x0000015D855E0000-0x0000015D855EC000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/1364-1852-0x0000015D85E40000-0x0000015D85E60000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/2272-298-0x0000018D430C0000-0x0000018D430E0000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/2424-296-0x0000029035310000-0x00000290353C2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/2424-293-0x0000029034810000-0x0000029034852000-memory.dmp

                                                                      Filesize

                                                                      264KB

                                                                      Download

                                                                    • memory/2644-1891-0x000001A0A9BD0000-0x000001A0A9C36000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/2644-1889-0x000001A0A99D0000-0x000001A0A9A82000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/2644-1875-0x000001A090840000-0x000001A090850000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/2644-1893-0x000001A0910A0000-0x000001A0910B4000-memory.dmp

                                                                      Filesize

                                                                      80KB

                                                                      Download

                                                                    • memory/2644-1884-0x000001A091080000-0x000001A0910A0000-memory.dmp

                                                                      Filesize

                                                                      128KB

                                                                      Download

                                                                    • memory/2776-1803-0x000001FA44E50000-0x000001FA44E6A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                      Download

                                                                    • memory/2776-1887-0x000001FA5DD90000-0x000001FA5E2B8000-memory.dmp

                                                                      Filesize

                                                                      5.2MB

                                                                      Download

                                                                    • memory/2776-1844-0x000001FA5D650000-0x000001FA5D702000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/2776-1787-0x000001FA44500000-0x000001FA4450A000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/2852-81-0x0000000004D50000-0x00000000050A4000-memory.dmp

                                                                      Filesize

                                                                      3.3MB

                                                                      Download

                                                                    • memory/2852-80-0x0000000002830000-0x0000000002852000-memory.dmp

                                                                      Filesize

                                                                      136KB

                                                                      Download

                                                                    • memory/2852-77-0x0000000004C90000-0x0000000004D42000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/2904-1865-0x000001A7341F0000-0x000001A7341FC000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/2904-1896-0x000001A74D500000-0x000001A74D5B0000-memory.dmp

                                                                      Filesize

                                                                      704KB

                                                                      Download

                                                                    • memory/2904-1912-0x000001A74D450000-0x000001A74D46C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/2904-1910-0x000001A74D690000-0x000001A74D76C000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/2904-1866-0x000001A734A70000-0x000001A734ABA000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2904-1868-0x000001A734A40000-0x000001A734A5C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/2932-200-0x0000020C299D0000-0x0000020C299F2000-memory.dmp

                                                                      Filesize

                                                                      136KB

                                                                      Download

                                                                    • memory/2932-191-0x0000020C298D0000-0x0000020C29982000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/2932-239-0x0000020C29EE0000-0x0000020C29F18000-memory.dmp

                                                                      Filesize

                                                                      224KB

                                                                      Download

                                                                    • memory/3972-110-0x0000000004730000-0x0000000004796000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/3984-1244-0x0000026948F70000-0x0000026948F96000-memory.dmp

                                                                      Filesize

                                                                      152KB

                                                                      Download

                                                                    • memory/4476-322-0x000001C7AB030000-0x000001C7AB0E2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/4476-321-0x000001C791DB0000-0x000001C791DC6000-memory.dmp

                                                                      Filesize

                                                                      88KB

                                                                      Download

                                                                    • memory/4476-323-0x000001C792190000-0x000001C7921AC000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/4576-1892-0x000001EDB8D20000-0x000001EDB8DD2000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/4576-1909-0x000001EDB8F20000-0x000001EDB8F74000-memory.dmp

                                                                      Filesize

                                                                      336KB

                                                                      Download

                                                                    • memory/4576-1890-0x000001EDA0500000-0x000001EDA051C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/4576-1888-0x000001ED9FBB0000-0x000001ED9FBC2000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/4748-159-0x00000272F94F0000-0x00000272F9588000-memory.dmp

                                                                      Filesize

                                                                      608KB

                                                                      Download

                                                                    • memory/4748-147-0x00000272F6EC0000-0x00000272F6EE8000-memory.dmp

                                                                      Filesize

                                                                      160KB

                                                                      Download

                                                                    • memory/4748-163-0x00000272F8B90000-0x00000272F8BA2000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/4748-164-0x00000272F92D0000-0x00000272F930C000-memory.dmp

                                                                      Filesize

                                                                      240KB

                                                                      Download

                                                                    • memory/5048-41-0x0000000002EF0000-0x0000000002F1E000-memory.dmp

                                                                      Filesize

                                                                      184KB

                                                                      Download

                                                                    • memory/5048-45-0x0000000002F30000-0x0000000002F3C000-memory.dmp

                                                                      Filesize

                                                                      48KB

                                                                      Download

                                                                    • memory/5428-451-0x0000025958CC0000-0x0000025958CDC000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5428-491-0x0000025958E60000-0x0000025958E68000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5428-445-0x0000025958420000-0x0000025958486000-memory.dmp

                                                                      Filesize

                                                                      408KB

                                                                      Download

                                                                    • memory/5428-450-0x0000025971550000-0x000002597159A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/5428-452-0x0000025971640000-0x000002597168C000-memory.dmp

                                                                      Filesize

                                                                      304KB

                                                                      Download

                                                                    • memory/5428-459-0x0000025971690000-0x00000259716D8000-memory.dmp

                                                                      Filesize

                                                                      288KB

                                                                      Download

                                                                    • memory/5428-460-0x0000025958CB0000-0x0000025958CB8000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5428-461-0x0000025958CE0000-0x0000025958CEA000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/5428-480-0x00000259718C0000-0x000002597199C000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/5428-488-0x00000259719A0000-0x0000025971A52000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5428-490-0x0000025958E50000-0x0000025958E58000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5428-498-0x0000025971810000-0x0000025971836000-memory.dmp

                                                                      Filesize

                                                                      152KB

                                                                      Download

                                                                    • memory/5428-493-0x0000025971850000-0x00000259718B8000-memory.dmp

                                                                      Filesize

                                                                      416KB

                                                                      Download

                                                                    • memory/5428-492-0x0000025958E70000-0x0000025958E78000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5428-494-0x00000259717E0000-0x000002597180A000-memory.dmp

                                                                      Filesize

                                                                      168KB

                                                                      Download

                                                                    • memory/5428-497-0x0000025971A60000-0x0000025971A9A000-memory.dmp

                                                                      Filesize

                                                                      232KB

                                                                      Download

                                                                    • memory/5468-1838-0x0000024905210000-0x0000024905220000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/5468-1841-0x000002491E2C0000-0x000002491E30A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/5468-1894-0x0000024905A80000-0x0000024905A88000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/5468-1854-0x0000024905A40000-0x0000024905A5C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5468-1876-0x000002491E580000-0x000002491E65C000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/5468-1886-0x000002491E660000-0x000002491E712000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5568-1881-0x000001F33BAA0000-0x000001F33BADA000-memory.dmp

                                                                      Filesize

                                                                      232KB

                                                                      Download

                                                                    • memory/5568-1902-0x000001F33C450000-0x000001F33C46C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5568-1907-0x000001F354C50000-0x000001F354C98000-memory.dmp

                                                                      Filesize

                                                                      288KB

                                                                      Download

                                                                    • memory/5568-1899-0x000001F354CC0000-0x000001F354D72000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5640-1878-0x000001D23BCB0000-0x000001D23BCCC000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5640-1874-0x000001D23BE20000-0x000001D23BE6A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/5640-1873-0x000001D23B450000-0x000001D23B462000-memory.dmp

                                                                      Filesize

                                                                      72KB

                                                                      Download

                                                                    • memory/5640-1911-0x000001D254710000-0x000001D25472A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                      Download

                                                                    • memory/5640-1897-0x000001D254770000-0x000001D254822000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5640-1898-0x000001D254910000-0x000001D2549EC000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/5716-1872-0x000002771AB60000-0x000002771AB78000-memory.dmp

                                                                      Filesize

                                                                      96KB

                                                                      Download

                                                                    • memory/5716-1846-0x000002771A210000-0x000002771A24A000-memory.dmp

                                                                      Filesize

                                                                      232KB

                                                                      Download

                                                                    • memory/5716-1867-0x000002771A5F0000-0x000002771A60C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5716-1851-0x000002771AB10000-0x000002771AB5A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/5716-1903-0x0000027733570000-0x00000277335D2000-memory.dmp

                                                                      Filesize

                                                                      392KB

                                                                      Download

                                                                    • memory/5716-1904-0x0000027733520000-0x000002773353C000-memory.dmp

                                                                      Filesize

                                                                      112KB

                                                                      Download

                                                                    • memory/5716-1900-0x00000277336C0000-0x0000027733772000-memory.dmp

                                                                      Filesize

                                                                      712KB

                                                                      Download

                                                                    • memory/5716-1885-0x00000277333B0000-0x00000277333FA000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/5716-1895-0x00000277335E0000-0x00000277336BC000-memory.dmp

                                                                      Filesize

                                                                      880KB

                                                                      Download

                                                                    • memory/5716-1877-0x000002771A620000-0x000002771A62A000-memory.dmp

                                                                      Filesize

                                                                      40KB

                                                                      Download

                                                                    • memory/5728-1209-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5728-2162-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5728-2578-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5728-1915-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5728-1942-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/5728-1941-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5728-2579-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/5728-2163-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/5728-1210-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/5748-1784-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5748-1785-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/5820-974-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5820-1155-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5820-553-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5820-556-0x00000000035A0000-0x0000000003767000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/5820-1117-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/5820-977-0x00000000035E0000-0x00000000037A7000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/5820-1029-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/6096-2597-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/6096-2596-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/6096-2856-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/6096-1429-0x0000000072DB0000-0x000000007317D000-memory.dmp

                                                                      Filesize

                                                                      3.8MB

                                                                      Download

                                                                    • memory/6096-1428-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download

                                                                    • memory/6096-2855-0x0000000073180000-0x000000007329C000-memory.dmp

                                                                      Filesize

                                                                      1.1MB

                                                                      Download