Overview

overview

10

Static

static

10

02042025_0...DF.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/04/2025, 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02042025_0151_2025.1AdobeReaderPDF.msi

  • Size

    2.9MB

  • MD5

    8570a2dc7b26b6a69b4ee3bb3c5a0c0f

  • SHA1

    a5780fa5fdd9deb29e701b22860f04c8c961d090

  • SHA256

    b283c5d9f50a5d59325b3fdf56043d0d656e2d3d78ef7c27c62d68f38998786c

  • SHA512

    81b9ef38f469fff4284b3aaf669392445d2963da21db4634d08d7ee389f9047d3b0b13b1973a0e9b42f90e34561a018b2f5c99a4a782a2ccfc285630f52661be

  • SSDEEP

    49152:9+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:9+lUlz9FKbsodq0YaH7ZPxMb8tT

Score
10/10
ateraagentbootkitdiscoveryexecutionpersistenceprivilege_escalationratupx

Malware Config

Signatures

  • AteraAgent

    AteraAgent is a remote monitoring and management tool.

    ratateraagent
  • Ateraagent family
    ateraagent
  • Detects AteraAgent 1 IoCs
  • Blocklisted process makes network request 7 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Downloads MZ/PE file 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Launches sc.exe 5 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 25 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 13 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\02042025_0151_2025.1AdobeReaderPDF.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1756
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1804
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding DE37B4CA7E97016ADCD382C6DD595ED4
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIAFA9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240627968 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1016
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIB547.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240629093 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
        3⤵
        • Blocklisted process makes network request
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2700
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIBA69.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240630390 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
        3⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1116
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIC5E7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240633359 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        PID:1548
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding BB39F41C53F301E5783C93C67D5E8877 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Windows\SysWOW64\NET.exe
        "NET" STOP AteraAgent
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3284
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 STOP AteraAgent
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2476
      • C:\Windows\SysWOW64\TaskKill.exe
        "TaskKill.exe" /f /im AteraAgent.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:5852
    • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
      "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="[email protected]" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000RQmpbIAD" /AgentId="fc76599c-9c1a-408c-bfcc-b08e651d49cb"
      2⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      PID:4868
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 40B6FAA48739539D5F54805C2C9A8279 E Global\MSI0000
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      • Modifies registry class
      PID:3852
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AFDBB163-0AF0-451E-8FE8-2A2290190D70}
        3⤵
        • Executes dropped EXE
        PID:2192
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4CB6B778-A8F3-4757-B276-65D9571B1DB8}
        3⤵
        • Executes dropped EXE
        PID:408
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D016D0D-BEF4-4D76-B8B8-9E27ED31E4C6}
        3⤵
        • Executes dropped EXE
        PID:4080
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C91FD065-AA29-4436-8AD6-F8371535B73D}
        3⤵
        • Executes dropped EXE
        PID:5876
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8B93F1C0-3CDC-4172-A15F-D5FA40686147}
        3⤵
        • Executes dropped EXE
        PID:1144
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D6D69BD7-F585-4317-8529-30250C658D06}
        3⤵
        • Executes dropped EXE
        PID:920
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B48E184-F424-467E-8346-8D87A90CDCC1}
        3⤵
        • Executes dropped EXE
        PID:4060
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8F422DC2-FFCB-4FB8-8E17-1DE69319E198}
        3⤵
        • Executes dropped EXE
        PID:1720
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E193D993-5C2D-4C30-864C-8C1B6069B19B}
        3⤵
        • Executes dropped EXE
        PID:2612
      • C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe
        C:\Windows\TEMP\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isFC23.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2F87BE6A-0984-4868-8175-DF4FFD178BDB}
        3⤵
        • Executes dropped EXE
        PID:3160
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3464
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRServer.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:4568
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3548
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRApp.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2364
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAppPB.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:372
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAppPB.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:2740
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeature.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5644
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeature.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3240
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5500
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRFeatMini.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:916
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3252
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRManager.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:3364
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAgent.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3268
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAgent.exe /T
          4⤵
          • Kills process with taskkill
          PID:4556
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4868
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:6076
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRAudioChat.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1812
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRAudioChat.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5876
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRVirtualDisplay.exe /T"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:648
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill.exe /F /IM SRVirtualDisplay.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          PID:5400
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0EFB94B-4001-46A8-8A86-F91627F55CF6}
        3⤵
        • Executes dropped EXE
        PID:1028
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7717C70B-0DB0-4E4B-A421-752E3E32F603}
        3⤵
        • Executes dropped EXE
        PID:5488
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2422C755-C1EA-4986-852C-538A4C4DCA80}
        3⤵
        • Executes dropped EXE
        PID:3972
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{09491A60-A498-4375-98B4-F27A9C0CFABA}
        3⤵
        • Executes dropped EXE
        PID:1480
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{559B1BA5-443F-43A4-86AC-B69D698CF9A2}
        3⤵
        • Executes dropped EXE
        PID:2256
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{469A94B7-6E0A-48ED-A844-A25A2BA9194D}
        3⤵
        • Executes dropped EXE
        PID:1016
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2A2170EF-1CF1-4450-B23E-4AB4C3A28396}
        3⤵
        • Executes dropped EXE
        PID:1112
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{343A5E83-A258-43AD-A44E-F5048614508D}
        3⤵
        • Executes dropped EXE
        PID:3068
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AAD3EB3A-89FF-4A0E-A7C5-49584DE48409}
        3⤵
        • Executes dropped EXE
        PID:5692
      • C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
        C:\Windows\TEMP\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{378264E2-122E-4972-A6AB-D9F5549A94C3}
        3⤵
        • Executes dropped EXE
        PID:5904
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{98E1B518-2974-4337-AAD1-D22CD78DFFA9}
        3⤵
        • Executes dropped EXE
        PID:1968
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{39540D62-6B4A-40F2-A841-2A8883550973}
        3⤵
        • Executes dropped EXE
        PID:1892
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F6564F47-5EF1-4182-ACDE-1B46549FA0DC}
        3⤵
        • Executes dropped EXE
        PID:4284
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{66C72AE2-67A7-4BF6-AFBE-15EBD2043CA3}
        3⤵
        • Executes dropped EXE
        PID:3180
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10B2B055-9E05-48F7-A663-5E1C191F12B6}
        3⤵
        • Executes dropped EXE
        PID:1428
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4EDB74DB-F103-4CED-B3FA-44641925FED1}
        3⤵
        • Executes dropped EXE
        PID:2084
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01B34E25-EB8D-4F3C-B8BE-4D8474A797B0}
        3⤵
        • Executes dropped EXE
        PID:2036
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{979582C7-1CE6-4925-98D4-D796B494A99B}
        3⤵
        • Executes dropped EXE
        PID:5872
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3DEB9F14-69E1-4E09-BE92-0CFA44CCFAB7}
        3⤵
        • Executes dropped EXE
        PID:3304
      • C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe
        C:\Windows\TEMP\{515BF227-1DDF-4BE9-A5F1-F814AB648545}\_is18B5.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0F9F3F21-9E98-448C-BA60-12878225DEC9}
        3⤵
        • Executes dropped EXE
        PID:1392
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ADDUSERINFO /V "sec_opt=0,confirm_d=0,hidewindow=1"
        3⤵
        • Executes dropped EXE
        PID:3372
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P USERSESSIONID
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3200
      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe
        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe" /P ST_EVENT
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2624
        • C:\Windows\system32\cmd.exe
          "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" um "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
          4⤵
            PID:2244
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /C "C:\Windows\system32\wevtutil.exe" im "C:\ProgramData\Splashtop\Common\Event\stevt_srs_provider.man"
            4⤵
              PID:884
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe" -g
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:2616
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BE213A5A-6323-4380-A02E-5EBA0FFC667B}
            3⤵
            • Executes dropped EXE
            PID:5924
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D3D68E-41A4-4944-8651-DFE4725F8696}
            3⤵
            • Executes dropped EXE
            PID:5748
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{916A05AE-4944-43FD-A1E1-93C29BE54C7C}
            3⤵
            • Executes dropped EXE
            PID:2396
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{39C42CFF-52F6-443C-93D5-7EA0DA4CE2E1}
            3⤵
            • Executes dropped EXE
            PID:4816
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3CF6E9DB-F352-4AA1-8D9D-B73FFC65EB4A}
            3⤵
            • Executes dropped EXE
            PID:3096
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{91AC0EEF-529B-4EF1-96CF-64D07BB2D1D8}
            3⤵
            • Executes dropped EXE
            PID:3048
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{929984FB-A56B-4E0F-B1EF-0A4E555A515D}
            3⤵
            • Executes dropped EXE
            PID:4764
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FE0189FE-90E4-4B21-AE23-A961B503BB65}
            3⤵
            • Executes dropped EXE
            PID:4204
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EC186090-AF49-41A9-AA88-0AEB17ECDB68}
            3⤵
            • Executes dropped EXE
            PID:4992
          • C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe
            C:\Windows\TEMP\{1FA71989-5840-4DCB-B44A-63AF3CE4F3FB}\_is2AD8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{66F9D624-64B5-4ECC-AD26-20B97825A73C}
            3⤵
            • Executes dropped EXE
            PID:5812
          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
            "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -i
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:1028
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7E949A16-182D-4670-BB8E-0214916A308F}
            3⤵
            • Executes dropped EXE
            PID:2436
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{348CD9AA-00E5-4D2D-B587-C378EB123EBF}
            3⤵
            • Executes dropped EXE
            PID:536
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{745D05A9-9AB1-427F-B702-C7E08193B20D}
            3⤵
            • Executes dropped EXE
            PID:5604
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A33C262-D730-4930-A638-3D7875C0E618}
            3⤵
            • Executes dropped EXE
            PID:4996
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2900B08B-AF3B-422B-BA37-3E96E3EFFEA5}
            3⤵
            • Executes dropped EXE
            PID:2584
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AD9C9EA9-AE40-4835-9D97-FE3D6CD14747}
            3⤵
            • Executes dropped EXE
            PID:3960
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4648E84D-FE39-4F68-A87F-840F3CCBBAC1}
            3⤵
            • Executes dropped EXE
            PID:2160
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{61A9F08E-2275-4D4B-A39D-ACA4C1F84704}
            3⤵
            • Executes dropped EXE
            PID:4176
          • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
            C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6C47805A-0F9A-47D3-B417-3AC3C88F41A6}
            3⤵
              PID:2604
            • C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe
              C:\Windows\TEMP\{4C079F0B-E414-4E3E-BFBD-EE74ACBFE583}\_is2D3A.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{94478D29-BEC8-48E1-B3E4-31B75D74EC70}
              3⤵
                PID:944
              • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -r
                3⤵
                • System Location Discovery: System Language Discovery
                PID:5204
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding EFA84E5493D094C427B1DED0CA7B24C7 E Global\MSI0000
              2⤵
              • System Location Discovery: System Language Discovery
              PID:3736
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI6EA6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240676718 468 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                3⤵
                • Drops file in System32 directory
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:4668
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI7156.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240677187 472 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                3⤵
                • Blocklisted process makes network request
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:4284
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe "C:\Windows\Installer\MSI83F5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240683421 477 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                3⤵
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:4176
              • C:\Windows\SysWOW64\NET.exe
                "NET" STOP AteraAgent
                3⤵
                  PID:4792
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:5896
                • C:\Windows\SysWOW64\TaskKill.exe
                  "TaskKill.exe" /f /im AteraAgent.exe
                  3⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  PID:5684
                • C:\Windows\syswow64\NET.exe
                  "NET" STOP AteraAgent
                  3⤵
                  • System Location Discovery: System Language Discovery
                  PID:5624
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 STOP AteraAgent
                    4⤵
                      PID:5324
                  • C:\Windows\syswow64\TaskKill.exe
                    "TaskKill.exe" /f /im AteraAgent.exe
                    3⤵
                    • System Location Discovery: System Language Discovery
                    • Kills process with taskkill
                    PID:4180
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe "C:\Windows\Installer\MSIB203.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240693750 515 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                    3⤵
                    • Blocklisted process makes network request
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:5052
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /u
                  2⤵
                  • Drops file in System32 directory
                  PID:4604
                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="" /CompanyId="" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="" /AgentId="b0e6b6cd-5249-420a-a23f-aa47b345c5cc"
                  2⤵
                  • Modifies data under HKEY_USERS
                  PID:3592
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 2F57C2AEAA431FEAF9402010E2E9CADC E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:4312
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 1D2CBFCEE45F9E0C8DA7F4174968FAE2
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:3736
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding E933007EF5FCCE2338111C4B1CD60290 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:4300
                • C:\Windows\syswow64\MsiExec.exe
                  C:\Windows\syswow64\MsiExec.exe -Embedding 2A04A42DF9AA8BD89058DFB648075314 E Global\MSI0000
                  2⤵
                  • System Location Discovery: System Language Discovery
                  PID:708
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                • Checks SCSI registry key(s)
                • Suspicious use of AdjustPrivilegeToken
                PID:4548
              • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                1⤵
                • Drops file in System32 directory
                • Drops file in Program Files directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                • Modifies system certificate store
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4688
                • C:\Windows\System32\sc.exe
                  "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                  2⤵
                  • Launches sc.exe
                  PID:512
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "78f1933a-9965-4b97-a813-6a483e608968" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000RQmpbIAD
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5808
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "0d0407e7-cc5f-4507-ab72-4e0255c8438d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000RQmpbIAD
                  2⤵
                  • Drops file in System32 directory
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  PID:884
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "b4c921ff-62de-4361-8b09-cc0e9f780efa" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000RQmpbIAD
                  2⤵
                  • Executes dropped EXE
                  PID:6020
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "e7bca897-3cd2-44e4-99aa-7c9300119cea" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000RQmpbIAD
                  2⤵
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:3316
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                    3⤵
                    • Drops file in System32 directory
                    • Command and Scripting Interpreter: PowerShell
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5384
                  • C:\Windows\System32\cmd.exe
                    "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                    3⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4408
                    • C:\Windows\system32\cscript.exe
                      cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      4⤵
                        PID:3288
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "228027f6-93cc-4e90-97e3-d20d6ad0e132" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOjMsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000RQmpbIAD
                    2⤵
                    • Downloads MZ/PE file
                    • Drops file in System32 directory
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:4304
                    • C:\Windows\TEMP\SplashtopStreamer.exe
                      "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                      3⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:5324
                      • C:\Windows\Temp\unpack\PreVerCheck.exe
                        "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                        4⤵
                        • Executes dropped EXE
                        • Suspicious use of WriteProcessMemory
                        PID:736
                        • C:\Windows\SysWOW64\msiexec.exe
                          msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:6040
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "92435566-1898-46a5-8992-bd8f41aec35b" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000RQmpbIAD
                    2⤵
                    • Drops file in System32 directory
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:4452
                • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                  1⤵
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  • Suspicious use of WriteProcessMemory
                  PID:2484
                  • C:\Windows\System32\sc.exe
                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                    2⤵
                    • Launches sc.exe
                    PID:2476
                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "782ef5e7-7c2a-4a7f-a04e-5cdff39c6a84" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000RQmpbIAD
                    2⤵
                    • Drops file in Program Files directory
                    • Modifies data under HKEY_USERS
                    PID:1968
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                      3⤵
                      • Drops file in System32 directory
                      • Command and Scripting Interpreter: PowerShell
                      • Modifies data under HKEY_USERS
                      PID:60
                    • C:\Windows\System32\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                      3⤵
                        PID:3888
                        • C:\Windows\system32\cscript.exe
                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                          4⤵
                          • Modifies data under HKEY_USERS
                          PID:3420
                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "039fba3c-37da-40e4-8896-31759ddf3cfa" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000RQmpbIAD
                      2⤵
                        PID:1740
                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=d1f1cedb31607f43ac73aa1b354f7c7d&rmm_session_pwd_ttl=86400"
                          3⤵
                          • System Location Discovery: System Language Discovery
                          PID:5656
                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "baa32dc2-8339-46dc-9dda-4ba1e394d741" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000RQmpbIAD
                        2⤵
                          PID:3600
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "fa60a6ed-6e53-49ff-8f66-945a0749e54b" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RQmpbIAD
                          2⤵
                          • Drops file in System32 directory
                          PID:5984
                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                          "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "706e31a8-c7c1-49ea-a741-e51a601f288a" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000RQmpbIAD
                          2⤵
                            PID:1856
                          • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                            "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "6685f341-5ade-42e5-8f4c-fdefd3acc252" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000RQmpbIAD
                            2⤵
                              PID:3924
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "12a7de54-9ae3-4297-a062-586b58312fd9" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000RQmpbIAD
                              2⤵
                              • Modifies data under HKEY_USERS
                              • Modifies registry class
                              PID:1440
                            • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                              "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "a179867f-3483-46d1-8713-f946965e321e" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000RQmpbIAD
                              2⤵
                                PID:408
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "ef8d3bf1-e286-4027-87a5-2c8d3235cd51" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000RQmpbIAD
                                2⤵
                                • Drops file in System32 directory
                                PID:5688
                              • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "1727ab97-ea4b-47af-a431-1792a7016469" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000RQmpbIAD
                                2⤵
                                  PID:1308
                                • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                  "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "f8b895ea-dedd-44d9-a3a7-b5428ff24027" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000RQmpbIAD
                                  2⤵
                                  • Drops file in System32 directory
                                  • Drops file in Program Files directory
                                  PID:660
                                  • C:\Windows\SYSTEM32\msiexec.exe
                                    "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
                                    3⤵
                                      PID:4440
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "e6816f17-7940-4e7f-b8a0-96f5b2c740fb" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjQubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC40In0=" 001Q300000RQmpbIAD
                                    2⤵
                                    • Drops file in System32 directory
                                    PID:2404
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "3b621480-1b2f-4da8-bfd9-ce5f0c668213" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000RQmpbIAD
                                    2⤵
                                    • Drops file in System32 directory
                                    PID:1748
                                  • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                    "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "706f7b05-0dc0-4869-85aa-b2b0f82854b5" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000RQmpbIAD
                                    2⤵
                                    • Downloads MZ/PE file
                                    • Drops file in System32 directory
                                    PID:4304
                                    • C:\Windows\SYSTEM32\cmd.exe
                                      "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                      3⤵
                                      • System Time Discovery
                                      PID:5900
                                      • C:\Program Files\dotnet\dotnet.exe
                                        dotnet --list-runtimes
                                        4⤵
                                        • System Time Discovery
                                        PID:1932
                                    • C:\Program Files\dotnet\dotnet.exe
                                      "C:\Program Files\dotnet\dotnet" --list-runtimes
                                      3⤵
                                      • System Time Discovery
                                      PID:1620
                                      • C:\Windows\System32\Conhost.exe
                                        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        4⤵
                                          PID:5984
                                      • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe
                                        "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" /repair /quiet /norestart
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:5276
                                        • C:\Windows\Temp\{4FB32004-C527-4DFB-A3FD-5171261BECA3}\.cr\8-0-11.exe
                                          "C:\Windows\Temp\{4FB32004-C527-4DFB-A3FD-5171261BECA3}\.cr\8-0-11.exe" -burn.clean.room="C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\8-0-11.exe" -burn.filehandle.attached=584 -burn.filehandle.self=724 /repair /quiet /norestart
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          • System Time Discovery
                                          PID:436
                                          • C:\Windows\Temp\{B3D6AB3A-12E7-42F2-8E25-F452459F1852}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                            "C:\Windows\Temp\{B3D6AB3A-12E7-42F2-8E25-F452459F1852}\.be\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{67EC8E5A-5113-4F18-8E3D-32E3C91B1D1E} {6BC8308F-C230-489A-A569-146FAF75B384} 436
                                            5⤵
                                            • Adds Run key to start application
                                            • System Time Discovery
                                            • Modifies registry class
                                            PID:1472
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                        3⤵
                                        • System Time Discovery
                                        PID:1388
                                        • C:\Program Files\dotnet\dotnet.exe
                                          dotnet --list-runtimes
                                          4⤵
                                          • System Time Discovery
                                          PID:3600
                                      • C:\Windows\SYSTEM32\cmd.exe
                                        "cmd.exe" /K "cd /d C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                        3⤵
                                        • System Time Discovery
                                        PID:3984
                                        • C:\Program Files\dotnet\dotnet.exe
                                          dotnet --list-runtimes
                                          4⤵
                                          • System Time Discovery
                                          PID:4632
                                    • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                      "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "9bbbb516-f19a-4c1b-a3f9-862ee577102b" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000RQmpbIAD
                                      2⤵
                                      • Writes to the Master Boot Record (MBR)
                                      PID:4868
                                  • C:\Windows\system32\BackgroundTransferHost.exe
                                    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
                                    1⤵
                                      PID:6076
                                    • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
                                      "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
                                      1⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3352
                                      • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
                                        "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"
                                        2⤵
                                        • Drops file in System32 directory
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        • Modifies data under HKEY_USERS
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5400
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
                                          -h -t
                                          3⤵
                                          • Loads dropped DLL
                                          • Suspicious use of SetWindowsHookEx
                                          PID:6092
                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"
                                          3⤵
                                          • Loads dropped DLL
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2648
                                          • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\osqueryi.exe
                                            osqueryi.exe --logger_min_status=2 --json
                                            4⤵
                                              PID:4136
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe" -v
                                              4⤵
                                                PID:2272
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe"
                                              3⤵
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of SetWindowsHookEx
                                              PID:3316
                                            • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
                                              "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe"
                                              3⤵
                                                PID:5600
                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                  SRUtility.exe -r
                                                  4⤵
                                                    PID:3144
                                                • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe
                                                  "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe"
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:4528
                                                  • C:\Windows\System32\cmd.exe
                                                    "C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat" nosetkey
                                                    4⤵
                                                      PID:5896
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c ver
                                                        5⤵
                                                          PID:1660
                                                        • C:\Windows\system32\sc.exe
                                                          sc query ddmgr
                                                          5⤵
                                                          • Launches sc.exe
                                                          PID:1388
                                                        • C:\Windows\system32\sc.exe
                                                          sc query lci_proxykmd
                                                          5⤵
                                                          • Launches sc.exe
                                                          PID:4220
                                                        • C:\Windows\system32\rundll32.exe
                                                          rundll32 x64\my_setup.dll do_install_lci_proxywddm
                                                          5⤵
                                                          • Drops file in System32 directory
                                                          • Checks SCSI registry key(s)
                                                          • Modifies data under HKEY_USERS
                                                          PID:2856
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                  1⤵
                                                  • System Time Discovery
                                                  PID:5936
                                                  • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                    "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                    2⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • System Time Discovery
                                                    PID:4388
                                                    • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                      "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250402015310.log"
                                                      3⤵
                                                      • System Location Discovery: System Language Discovery
                                                      • System Time Discovery
                                                      PID:4828
                                                      • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                        "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250402015310.log"
                                                        4⤵
                                                        • Checks computer location settings
                                                        • System Location Discovery: System Language Discovery
                                                        • System Time Discovery
                                                        PID:4428
                                                        • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                          "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{CAC1CAA6-E72E-4A2E-B7A9-4D1AB11310E7} {B9305AB4-7B51-4715-B1AB-1C8EBA483D9B} 4428
                                                          5⤵
                                                          • Adds Run key to start application
                                                          • System Location Discovery: System Language Discovery
                                                          • System Time Discovery
                                                          • Modifies registry class
                                                          PID:3432
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 968
                                                          5⤵
                                                          • Program crash
                                                          PID:4988
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  PID:1812
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "4" "1" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf" "9" "4804066df" "00000000000000BC" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10"
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Checks SCSI registry key(s)
                                                    • Modifies data under HKEY_USERS
                                                    PID:4140
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "4" "1" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10\lci_proxywddm.inf" "9" "4a8a251e7" "0000000000000134" "WinSta0\Default" "000000000000015C" "208" "c:\program files (x86)\splashtop\splashtop remote\server\driver\lcidisplay\win10"
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Checks SCSI registry key(s)
                                                    • Modifies data under HKEY_USERS
                                                    PID:5908
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:c276d4b8d1e66062:lci_proxywddm.Install:1.0.2018.1204:root\lci_proxywddm," "4a8a251e7" "0000000000000150"
                                                    2⤵
                                                    • Drops file in Drivers directory
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Checks SCSI registry key(s)
                                                    PID:216
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "1" "0" "LCI\IDDCX\1&79f5d87&0&WHO_CARE" "" "" "48ef22a9f" "0000000000000000"
                                                    2⤵
                                                    • Drops file in Drivers directory
                                                    • Checks SCSI registry key(s)
                                                    PID:4584
                                                • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
                                                  "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                  1⤵
                                                  • Drops file in Program Files directory
                                                  • Modifies data under HKEY_USERS
                                                  PID:5692
                                                  • C:\Windows\System32\sc.exe
                                                    "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                    2⤵
                                                    • Launches sc.exe
                                                    PID:4376
                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "6034297e-d130-4cb4-a3a5-5c0baff48081" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000RQmpbIAD
                                                    2⤵
                                                    • Drops file in Program Files directory
                                                    • Modifies data under HKEY_USERS
                                                    PID:3752
                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      "powershell.exe" -NoProfile -File "C:\Windows\TEMP\Windows 11 Readiness.ps1"
                                                      3⤵
                                                      • Drops file in System32 directory
                                                      • Command and Scripting Interpreter: PowerShell
                                                      • Modifies data under HKEY_USERS
                                                      PID:3736
                                                    • C:\Windows\System32\cmd.exe
                                                      "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                      3⤵
                                                        PID:1836
                                                        • C:\Windows\system32\cscript.exe
                                                          cscript "C:\Program Files\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                          4⤵
                                                          • Modifies data under HKEY_USERS
                                                          PID:5096
                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "ed841ba3-f7ee-4d11-a7f2-9569d9cfdee2" agent-api.atera.com/Production 443 or8ixLi90Mf "connect" 001Q300000RQmpbIAD
                                                      2⤵
                                                        PID:4304
                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "0cd58875-57f0-466b-89c9-44a1ea0dfba6" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9wYWNrYWdlc3N0b3JlLmJsb2IuY29yZS53aW5kb3dzLm5ldC9pbnN0YWxsZXJzL0FueURlc2svV2luZG93cy9BZ2VudF9BbnlEZXNrX0N1c3RvbV9DbGllbnRfOS4wLjQubXNpIiwiRm9yY2VJbnN0YWxsIjpmYWxzZSwiVGFyZ2V0VmVyc2lvbiI6IjkuMC40In0=" 001Q300000RQmpbIAD
                                                        2⤵
                                                          PID:844
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "c8742097-1e7b-4676-9d31-5240486f796d" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000RQmpbIAD
                                                          2⤵
                                                          • Drops file in Program Files directory
                                                          PID:2004
                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                          "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "28f87a02-855e-4eb9-a8bd-bf3165b7e05d" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000RQmpbIAD
                                                          2⤵
                                                            PID:5896
                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "f79e3af4-007e-452c-8b24-dde9c03053ba" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIyZ2V0LWluc3RhbGxlZC1zb2Z0d2FyZVx1MDAyMixcdTAwMjJDYWNoZVR0bEhvdXJzXHUwMDIyOjEyfSJ9" 001Q300000RQmpbIAD
                                                            2⤵
                                                              PID:2272
                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "7e589bb1-c07d-4bbc-b272-9579326d10e0" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RQmpbIAD
                                                              2⤵
                                                                PID:3400
                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "a2a4e751-54ba-4297-9da1-0e5e6454bc6d" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJDb21tYW5kTmFtZSI6Imluc3RhbGxkb3RuZXQiLCJEb3ROZXRWZXJzaW9uIjoiOC4wLjExIiwiTWFjQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzU1ZWIyYTQ5LTI1MjMtNDAyZS1iNjIzLTdhOTAxN2I4YmRlZi84Y2NkNDBhMjEzZWMyOTY0YWY0MTlmOWY3MjI2MzAyNy9kb3RuZXQtcnVudGltZS04LjAuMTEtb3N4LWFybTY0LnBrZyIsIk1hY1g2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci8zZjkyNmRkMi1kMjM0LTQzN2EtOGY2YS1lYTZkNzdjMzY4NGMvM2U4MzZhMzQ1YjEzNjA5MTcxM2E3NjliODdmMzQ5OTMvZG90bmV0LXJ1bnRpbWUtOC4wLjExLW9zeC14NjQucGtnIiwiV2luQVJNRG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByLzljZjYyYmI3LTAyZmEtNDA3Mi1iNzY1LTVlMDRhZDA4OTc4OC8zZjM0ZGQ1NjU5Zjk5MTcyYWVhN2M0Y2M5ZGM3YTk3NS9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLWFybTY0LmV4ZSIsIldpblg2NERvd25sb2FkVXJsIjoiaHR0cHM6Ly9kb3dubG9hZC52aXN1YWxzdHVkaW8ubWljcm9zb2Z0LmNvbS9kb3dubG9hZC9wci81M2U5ZTQxYy1iMzYyLTQ1OTgtOTk4NS00NWY5ODk1MTgwMTYvNTNjNWUxOTE5YmEyZmUyMzI3M2YyYWJhZmY2NTU5NWIvZG90bmV0LXJ1bnRpbWUtOC4wLjExLXdpbi14NjQuZXhlIiwiV2luWDg2RG93bmxvYWRVcmwiOiJodHRwczovL2Rvd25sb2FkLnZpc3VhbHN0dWRpby5taWNyb3NvZnQuY29tL2Rvd25sb2FkL3ByL2E4ZDFhNDg5LTYwZDYtNGU2My05M2VlLWFiOWM0NGQ3OGIwZC81NTE5Zjk5ZmY1MGRlNmUwOTZiYjFkMjY2ZGQwZTY2Ny9kb3RuZXQtcnVudGltZS04LjAuMTEtd2luLXg4Ni5leGUiLCJNYWNBUk1DaGVja3N1bSI6Im1kZUhHZFVWTllIM21IcW1FMGJMaG5mNUpqNWNVaUZvdHFVSUk3bXltVEZKTXkwYzNvNWZ2YlFJSFx1MDAyQlU4bHA2QVdWZllPeS9wbXFLREpZZ3lTN3gyNEE9PSIsIk1hY1g2NENoZWNrc3VtIjoiTUdaVmR6Z0xqbjlIWmFZU21OWi9oMDZibVNRWS9ZSVJQeTdhQzNkM0kveWtLTFx1MDAyQkNubmUweUtQd1h5TW9pSHpONEtqWGZIeGdwcW0wWHJuaDlNSE04Zz09IiwiV2luQVJNQ2hlY2tzdW0iOiJWMEs0bVZwbFx1MDAyQjkxd0FYMWlZWEZyV2EyTTdORldYSjAvT29KSjMzQklWRlV1WXRzSE14TUsydWxnaTdcdTAwMkJQc1QwY1paeFBORDlhZ2t0dWZXRnZwMDl0b1E9PSIsIldpblg2NENoZWNrc3VtIjoiM05UbUVqazRubEg2Tm5ra1RmS2N1L1E5M1FNRlZHUjUxa3hlSGFQQTlESXZZS0N2VmpkYUxUNEpVY2x6VkcyL2djQW1pXHUwMDJCVXlrYXJkV2piR1hEXHUwMDJCUUh3PT0iLCJXaW5YODZDaGVja3N1bSI6InREanNWcmljT3g4RkJ1TEFzUjFVTXd4d2tQUktLOHhVdURSVVQ0L0E1b3NrdjVKdE03UzFrejBuU2FFMXRzY2JtcDROeDZ3SUNPUmZxRkJINzNlUnF3PT0iLCJXb3Jrc3BhY2VJZCI6ImJmMGNlNDlkLTc3Y2YtNDcyMS1iZjcwLTU3Njg2MzgzYzlhYiIsIkxvZ05hbWUiOiJEb3ROZXRSdW50aW1lSW5zdGFsbGF0aW9uUmVwb3J0IiwiU2hhcmVkS2V5IjoialVJUy9UOUNSVkRlS3hZZzRVcjNhQ2hoV1F1Y1k3UFZ2d2cwekh1cUpzY3JUampRMkx3SzZVamZ1N2NBMk5wckFSMHIvU1JBWEpZWWxkUEtLRnlLS1E9PSJ9" 001Q300000RQmpbIAD
                                                                2⤵
                                                                  PID:1308
                                                                  • C:\Windows\SYSTEM32\cmd.exe
                                                                    "cmd.exe" /K "cd /d C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\" /
                                                                    3⤵
                                                                    • System Time Discovery
                                                                    PID:3908
                                                                    • C:\Program Files\dotnet\dotnet.exe
                                                                      dotnet --list-runtimes
                                                                      4⤵
                                                                      • System Time Discovery
                                                                      PID:4828
                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "c126076f-77e9-4c8c-bd31-9255eda85c66" agent-api.atera.com/Production 443 or8ixLi90Mf "probe" 001Q300000RQmpbIAD
                                                                  2⤵
                                                                    PID:1580
                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "2542d697-4ac6-4731-88b6-c26c4e091a41" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q300000RQmpbIAD
                                                                    2⤵
                                                                      PID:4748
                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "40acb29d-504a-4009-8dc8-860d07435c2b" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q300000RQmpbIAD
                                                                      2⤵
                                                                        PID:808
                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe
                                                                          "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe" -a "st-streamer://com.splashtop.streamer?rmm_code=hZCDFPhK75mJ&rmm_session_pwd=d1f1cedb31607f43ac73aa1b354f7c7d&rmm_session_pwd_ttl=86400"
                                                                          3⤵
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:436
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "a6b15e3c-ddae-49c7-93fc-671085009a56" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000RQmpbIAD
                                                                        2⤵
                                                                        • Writes to the Master Boot Record (MBR)
                                                                        • Drops file in Program Files directory
                                                                        PID:2688
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "ee117662-03d6-451b-9f36-b706cf804d3d" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000RQmpbIAD
                                                                        2⤵
                                                                        • Modifies registry class
                                                                        PID:4588
                                                                      • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                        "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "282afc65-5745-41b6-b8a2-64efc9945003" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000RQmpbIAD
                                                                        2⤵
                                                                          PID:872
                                                                          • C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe
                                                                            "C:\Windows\TEMP\AteraUpgradeAgentPackage\AgentPackageUpgradeAgent.exe" "fc76599c-9c1a-408c-bfcc-b08e651d49cb" "282afc65-5745-41b6-b8a2-64efc9945003" "agent-api.atera.com/Production" "443" "or8ixLi90Mf" "checkforupdates" "001Q300000RQmpbIAD"
                                                                            3⤵
                                                                              PID:3592
                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "7e589bb1-c07d-4bbc-b272-9579326d10e0" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RQmpbIAD
                                                                            2⤵
                                                                            • Modifies data under HKEY_USERS
                                                                            PID:5716
                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "f188481f-d1b9-43f6-ba01-f88e03abe5b2" agent-api.atera.com/Production 443 or8ixLi90Mf "getlistofallupdates" 001Q300000RQmpbIAD
                                                                            2⤵
                                                                            • Modifies data under HKEY_USERS
                                                                            PID:3120
                                                                          • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                            "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "7e589bb1-c07d-4bbc-b272-9579326d10e0" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RQmpbIAD
                                                                            2⤵
                                                                              PID:224
                                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "a6b15e3c-ddae-49c7-93fc-671085009a56" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000RQmpbIAD
                                                                              2⤵
                                                                              • Writes to the Master Boot Record (MBR)
                                                                              PID:756
                                                                            • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                              "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "7e589bb1-c07d-4bbc-b272-9579326d10e0" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RQmpbIAD
                                                                              2⤵
                                                                                PID:4004
                                                                              • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                                "C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "28f87a02-855e-4eb9-a8bd-bf3165b7e05d" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBcmd1bWVudHMiOiJ7XHUwMDIyQ29tbWFuZE5hbWVcdTAwMjI6XHUwMDIybWFpbnRlbmFuY2VcdTAwMjIsXHUwMDIyRW5hYmxlZFx1MDAyMjpmYWxzZSxcdTAwMjJSZXBlYXRJbnRlcnZhbE1pbnV0ZXNcdTAwMjI6MTAsXHUwMDIyRGF5c0ludGVydmFsXHUwMDIyOjEsXHUwMDIyUmVwZWF0RHVyYXRpb25EYXlzXHUwMDIyOjF9In0=" 001Q300000RQmpbIAD
                                                                                2⤵
                                                                                  PID:5460
                                                                                • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                  "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "c8742097-1e7b-4676-9d31-5240486f796d" agent-api.atera.com/Production 443 or8ixLi90Mf "pollAll" 001Q300000RQmpbIAD
                                                                                  2⤵
                                                                                    PID:1028
                                                                                  • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                                    "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "7e589bb1-c07d-4bbc-b272-9579326d10e0" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RQmpbIAD
                                                                                    2⤵
                                                                                      PID:6080
                                                                                    • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                                      "C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" fc76599c-9c1a-408c-bfcc-b08e651d49cb "7e589bb1-c07d-4bbc-b272-9579326d10e0" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000RQmpbIAD
                                                                                      2⤵
                                                                                        PID:1144
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                                      1⤵
                                                                                      • System Time Discovery
                                                                                      PID:4880
                                                                                      • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                                        "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                                        2⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • System Time Discovery
                                                                                        PID:1640
                                                                                        • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                                          "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250402015310.log"
                                                                                          3⤵
                                                                                          • System Time Discovery
                                                                                          PID:1892
                                                                                          • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                                            "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=520 -burn.filehandle.self=540 /quiet /norestart /burn.log.append "C:\Windows\TEMP\Microsoft_.NET_Runtime_-_8.0.11_(x64)_20250402015310.log"
                                                                                            4⤵
                                                                                            • Checks computer location settings
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • System Time Discovery
                                                                                            PID:4724
                                                                                            • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                                              "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -q -burn.elevated BurnPipe.{36ECEEB6-D716-4E17-88E1-54D71AA300DD} {DAA21A16-2FF8-49AC-B902-86D3161B1ADB} 4724
                                                                                              5⤵
                                                                                              • Adds Run key to start application
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • System Time Discovery
                                                                                              • Modifies registry class
                                                                                              PID:4376
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4428 -ip 4428
                                                                                      1⤵
                                                                                        PID:1952
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                                        1⤵
                                                                                        • System Time Discovery
                                                                                        PID:1548
                                                                                        • C:\Windows\System32\Conhost.exe
                                                                                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          2⤵
                                                                                            PID:1660
                                                                                          • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                                            "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" /burn.runonce
                                                                                            2⤵
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • System Time Discovery
                                                                                            PID:1392
                                                                                            • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                                              "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe"
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • System Time Discovery
                                                                                              PID:3624
                                                                                              • C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe
                                                                                                "C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{e883dae5-a63d-4a45-afb9-257f64d5a59b}\dotnet-runtime-8.0.11-win-x64.exe" -burn.filehandle.attached=536 -burn.filehandle.self=544
                                                                                                4⤵
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • System Time Discovery
                                                                                                PID:1132

                                                                                        Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Reconnaissance

                                                                                        Resource Development

                                                                                        Initial Access

                                                                                        Execution

                                                                                        Command and Scripting Interpreter

                                                                                        1
                                                                                        T1059

                                                                                        PowerShell

                                                                                        1
                                                                                        T1059.001

                                                                                        Persistence

                                                                                        Boot or Logon Autostart Execution

                                                                                        1
                                                                                        T1547

                                                                                        Registry Run Keys / Startup Folder

                                                                                        1
                                                                                        T1547.001

                                                                                        Event Triggered Execution

                                                                                        2
                                                                                        T1546

                                                                                        Component Object Model Hijacking

                                                                                        1
                                                                                        T1546.015

                                                                                        Installer Packages

                                                                                        1
                                                                                        T1546.016

                                                                                        Pre-OS Boot

                                                                                        1
                                                                                        T1542

                                                                                        Bootkit

                                                                                        1
                                                                                        T1542.003

                                                                                        Privilege Escalation

                                                                                        Boot or Logon Autostart Execution

                                                                                        1
                                                                                        T1547

                                                                                        Registry Run Keys / Startup Folder

                                                                                        1
                                                                                        T1547.001

                                                                                        Event Triggered Execution

                                                                                        2
                                                                                        T1546

                                                                                        Component Object Model Hijacking

                                                                                        1
                                                                                        T1546.015

                                                                                        Installer Packages

                                                                                        1
                                                                                        T1546.016

                                                                                        Defense Evasion

                                                                                        Modify Registry

                                                                                        2
                                                                                        T1112

                                                                                        Pre-OS Boot

                                                                                        1
                                                                                        T1542

                                                                                        Bootkit

                                                                                        1
                                                                                        T1542.003

                                                                                        Subvert Trust Controls

                                                                                        1
                                                                                        T1553

                                                                                        Install Root Certificate

                                                                                        1
                                                                                        T1553.004

                                                                                        System Binary Proxy Execution

                                                                                        1
                                                                                        T1218

                                                                                        Msiexec

                                                                                        1
                                                                                        T1218.007

                                                                                        Credential Access

                                                                                        Discovery

                                                                                        Peripheral Device Discovery

                                                                                        2
                                                                                        T1120

                                                                                        Query Registry

                                                                                        5
                                                                                        T1012

                                                                                        System Information Discovery

                                                                                        4
                                                                                        T1082

                                                                                        System Location Discovery

                                                                                        1
                                                                                        T1614

                                                                                        System Language Discovery

                                                                                        1
                                                                                        T1614.001

                                                                                        System Time Discovery

                                                                                        1
                                                                                        T1124

                                                                                        Lateral Movement

                                                                                        Collection

                                                                                        Command and Control

                                                                                        Exfiltration

                                                                                        Impact

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Config.Msi\e57af1d.rbs
                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          51318061ea0e21e563be61a810486373

                                                                                          SHA1

                                                                                          f31ab07381f6921d51ff844168185041d756e674

                                                                                          SHA256

                                                                                          60a295a683e40bb711859eec4dc8747cee933acd47f5c3d776beab94883aac55

                                                                                          SHA512

                                                                                          c08a3a8c57310109939634738bdaa2e78c0592e0e7211510726fb7b51d2b1e3caa900e0c492f44ad578fd0afd6ddd604b70d505ad3a13983a233d0336297a8d3

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af22.rbs
                                                                                          Filesize

                                                                                          74KB

                                                                                          MD5

                                                                                          96f59fe49c27bf2044d72369861b096d

                                                                                          SHA1

                                                                                          29f18985612deb9ae3240ef31b124163ca303dcc

                                                                                          SHA256

                                                                                          66cfe1670aeaebd493aaca9112e86e016269f12a8be7acec0180b07ed4f1bfa4

                                                                                          SHA512

                                                                                          2a311e5fe385422d6612229f7855d096eaf5ce488449dbbc1484e025f58d48dbfbaa18b7c008edee7c7e77d59848becf54133e0b7f91d22e445b099bbf929705

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af24.rbs
                                                                                          Filesize

                                                                                          464B

                                                                                          MD5

                                                                                          d2c22e269e22d60e89d544ea0b32e2da

                                                                                          SHA1

                                                                                          6c878ed66170bf00ecf3faef4e03f2853431560e

                                                                                          SHA256

                                                                                          27ce1fc532a96eea3c2d57ee12742af827bf92a492e6b8919e9ede4c74b9a40e

                                                                                          SHA512

                                                                                          484a214d1aac3d7c05c3a1a71f7229abf88aecdb53568232870bb74f3264e751791f2c414f37814b807b1aa03746b6b384830df0156978012c08f02133d8fcde

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af2a.rbs
                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          53ff9d6878a8fac4c3e702a10fdec11b

                                                                                          SHA1

                                                                                          4a13683df025f726c8ecabcdc424e54b8aca4d54

                                                                                          SHA256

                                                                                          edc554449b593dd9063981c09e810e6b4352df935d0aa73c2aef445fdcb4e146

                                                                                          SHA512

                                                                                          7c864a649817383c2070139502a140e9c2f92ee90f15d9364560bbe6782b6694562ea77111ed0413c90aa94a5d3aa72d91df71d0afd47528ff566aa2c89832c5

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af32.rbs
                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          5862e1eab72654c92a3e6bfda37e8ea5

                                                                                          SHA1

                                                                                          3e4331d550736bacefe6db98fcc2beb1b51d3f95

                                                                                          SHA256

                                                                                          69e6c45cbbe19c11e49e12a1811d5a09273cb659f1fff3bc9b268c744a3b7fea

                                                                                          SHA512

                                                                                          91f5ff65e442a92629f1b4a8c405900a9186fe9fa734b1d02d2617ae8e2de7dc88aa55831efa73ff2297339ce3859b0f28e03d3ddf71c6c027ed8cb9c7a1d845

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af37.rbs
                                                                                          Filesize

                                                                                          48KB

                                                                                          MD5

                                                                                          694e91836935ad4d056c141214a14696

                                                                                          SHA1

                                                                                          128acc15b36124fb0a96e7c1f8e9c40ab88855d0

                                                                                          SHA256

                                                                                          c8e023217d108ccf071613a5815c7dd4dc9f3e5ba882c6ba9e9ff155bb72ceac

                                                                                          SHA512

                                                                                          ab222a1e67eac421ef0f2b1a0495a651bdd86a8a88d1bd298ca8cc043261e758016089cf896b3c07d0b046a65db9d5d0978e01a43a11e6d4bd14f654fc6808ce

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af3b.rbs
                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          6375e90342541f913ca1399d26e5127f

                                                                                          SHA1

                                                                                          54a8d94c3c00aff63f45e69f86ac24f797c5881f

                                                                                          SHA256

                                                                                          5febbe145dc0dacf8997e057e6541b13f4194830ce282a95f718905c0c138f82

                                                                                          SHA512

                                                                                          8a8bab88971757d523d34961a082b544fec5121c811672ac110453f15e5813aaa344007ed1f08221f2cae5d599519ca12080d8ba44a1160b00ffa48fd8af1671

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af3f.rbs
                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          4a1c8d0d9b3e77eee72d345122bc6a97

                                                                                          SHA1

                                                                                          a315b8d6db0e46398f9147a9998bc6e3222b55a0

                                                                                          SHA256

                                                                                          df53094aec6d6074c2e80c58c7ae9b1d966986c325c1c92b04ce897d508cf12d

                                                                                          SHA512

                                                                                          cc6954dc346cd0c79712d1f3463a90a1fdc7746bfcbf574508e518146a9ca5a9ed4ccd609124cbd571cad2be9c58e177882589c66abe2c0852b3fd0b2d81ff7c

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af44.rbs
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          07c2497da9a7667b1e4d86413748e10b

                                                                                          SHA1

                                                                                          e0d030f3ad350623faf25cea6b8485c6f01a2ea0

                                                                                          SHA256

                                                                                          5d666888b5079fbe03f116bdb2a9e3bf2e31f1b1068e31c2baae1ae3d143f316

                                                                                          SHA512

                                                                                          1d3fe17db2442aca2f7de0c1bda4a8cff885bab825eda940c019bd8a0c32ed4b7902b58331d72737bdab6410d668ee13f8bb66349e8dc0f9b552264944067d1a

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af49.rbs
                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          a6e5bb6abd116e5820e1881f469da47e

                                                                                          SHA1

                                                                                          4087c160feaa091e8addcc2e2b6ca636f4bb676f

                                                                                          SHA256

                                                                                          fbee35c7f473d198510e20aaa383722481c24f9c16dbe20794a68e2f7b75ebab

                                                                                          SHA512

                                                                                          1f468dc179b3f546e21498e2f8682c5bc77dce3c72ce6379bd683392424e7de771feccbbb700bc96d770c56a1e8c8df9d774331b0221db62ee70a1b38d019d49

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af4a.rbf
                                                                                          Filesize

                                                                                          143KB

                                                                                          MD5

                                                                                          33b4c87f18b4c49114d7a8980241657a

                                                                                          SHA1

                                                                                          254c67b915e45ad8584434a4af5e06ca730baa3b

                                                                                          SHA256

                                                                                          587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

                                                                                          SHA512

                                                                                          42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

                                                                                          Download Submit

                                                                                        • C:\Config.Msi\e57af4b.rbf
                                                                                          Filesize

                                                                                          3B

                                                                                          MD5

                                                                                          21438ef4b9ad4fc266b6129a2f60de29

                                                                                          SHA1

                                                                                          5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                                          SHA256

                                                                                          13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                                          SHA512

                                                                                          37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          3840b31c383fdf49bfd6740d945c9032

                                                                                          SHA1

                                                                                          a6f50164a69718bcef4664d7c47534f0d721866a

                                                                                          SHA256

                                                                                          1f119f4fda8028b420e70ee1637c65e2b4198b41eb3eb44d911afa6f1a0bbc64

                                                                                          SHA512

                                                                                          f5315421d4bc5f08fef4e1449e5799ddf311f08eda317a9eaad8c88c2e7b7c26182bd586c0221ffe5f4112e5d6e05f5d45d2d0382b0ed51ca25aa94d4d95a84d

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                          Filesize

                                                                                          142KB

                                                                                          MD5

                                                                                          477293f80461713d51a98a24023d45e8

                                                                                          SHA1

                                                                                          e9aa4e6c514ee951665a7cd6f0b4a4c49146241d

                                                                                          SHA256

                                                                                          a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2

                                                                                          SHA512

                                                                                          23f3bd44a5fb66be7fea3f7d6440742b657e4050b565c1f8f4684722502d46b68c9e54dcc2486e7de441482fcc6aa4ad54e94b1d73992eb5d070e2a17f35de2f

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          b3bb71f9bb4de4236c26578a8fae2dcd

                                                                                          SHA1

                                                                                          1ad6a034ccfdce5e3a3ced93068aa216bd0c6e0e

                                                                                          SHA256

                                                                                          e505b08308622ad12d98e1c7a07e5dc619a2a00bcd4a5cbe04fe8b078bcf94a2

                                                                                          SHA512

                                                                                          fb6a46708d048a8f964839a514315b9c76659c8e1ab2cd8c5c5d8f312aa4fb628ab3ce5d23a793c41c13a2aa6a95106a47964dad72a5ecb8d035106fc5b7ba71

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
                                                                                          Filesize

                                                                                          210KB

                                                                                          MD5

                                                                                          c106df1b5b43af3b937ace19d92b42f3

                                                                                          SHA1

                                                                                          7670fc4b6369e3fb705200050618acaa5213637f

                                                                                          SHA256

                                                                                          2b5b7a2afbc88a4f674e1d7836119b57e65fae6863f4be6832c38e08341f2d68

                                                                                          SHA512

                                                                                          616e45e1f15486787418a2b2b8eca50cacac6145d353ff66bf2c13839cd3db6592953bf6feed1469db7ddf2f223416d5651cd013fb32f64dc6c72561ab2449ae

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
                                                                                          Filesize

                                                                                          693KB

                                                                                          MD5

                                                                                          2c4d25b7fbd1adfd4471052fa482af72

                                                                                          SHA1

                                                                                          fd6cd773d241b581e3c856f9e6cd06cb31a01407

                                                                                          SHA256

                                                                                          2a7a84768cc09a15362878b270371daad9872caacbbeebe7f30c4a7ed6c03ca7

                                                                                          SHA512

                                                                                          f7f94ec00435466db2fb535a490162b906d60a3cfa531a36c4c552183d62d58ccc9a6bb8bbfe39815844b0c3a861d3e1f1178e29dbcb6c09fa2e6ebbb7ab943a

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
                                                                                          Filesize

                                                                                          146KB

                                                                                          MD5

                                                                                          8d477b63bc5a56ae15314bda8dea7a3a

                                                                                          SHA1

                                                                                          3ca390584cd3e11172a014784e4c968e7cbb18f5

                                                                                          SHA256

                                                                                          9eec91cdd39cbb560ad5b1d063df67088f412da4b851ae41e71304fb8a444293

                                                                                          SHA512

                                                                                          44e3d91ad96b4cb919c06ccb91d3c3e31165b2412e1d78bfbaca0bee6f0c1a3253b3e3ddf19009cebf12c261a0392f6a0b7091cf8aba1d0cc4c1ed61c1b6dc42

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Software\Agent.Package.Software.exe
                                                                                          Filesize

                                                                                          145KB

                                                                                          MD5

                                                                                          c60634086b1089a70b346ee950f15ac4

                                                                                          SHA1

                                                                                          6dff40ea718abf6d79e36b75313aa71b635a8070

                                                                                          SHA256

                                                                                          1b38ea9c0c47942e724e98eb199768cdcc3dcab11840e52f5b7957ab459f926e

                                                                                          SHA512

                                                                                          188d5e3254c9bdb95c8398a860d274236325611a6b86df2f7392fa75c11d7bff804d7360e2faf571b9b6e2eff831f4d5f5702d0949cc5b772348dd8500f0cf72

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe
                                                                                          Filesize

                                                                                          145KB

                                                                                          MD5

                                                                                          2b9beb2fdbc41afc48d68d32ef41dd08

                                                                                          SHA1

                                                                                          4a9ea4cf8e02e34ef2dd0ef849ffc0cd9ea6f91c

                                                                                          SHA256

                                                                                          977d48979e30a146417937d7e11b26334edec2abddfae1369a9c4348e34857b1

                                                                                          SHA512

                                                                                          3e3c3e39ff2df0d1ed769e6c5acba6f7c5d2737d3c426fb4f0e19f3cf6c604707155917584e454a3f208524ed46766b7a3d2d861fa7419f8258c3b6022238e10

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe
                                                                                          Filesize

                                                                                          51KB

                                                                                          MD5

                                                                                          3180c705182447f4bcc7ce8e2820b25d

                                                                                          SHA1

                                                                                          ad6486557819a33d3f29b18d92b43b11707aae6e

                                                                                          SHA256

                                                                                          5b536eda4bff1fdb5b1db4987e66da88c6c0e1d919777623344cd064d5c9ba22

                                                                                          SHA512

                                                                                          228149e1915d8375aa93a0aff8c5a1d3417df41b46f5a6d9a7052715dbb93e1e0a034a63f0faad98d4067bcfe86edb5eb1ddf750c341607d33931526c784eb35

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.INI
                                                                                          Filesize

                                                                                          12B

                                                                                          MD5

                                                                                          cfce02553c4af9a201345d31962187fc

                                                                                          SHA1

                                                                                          16f0da42cf874c9c4a84d434eebd2dcf5031b553

                                                                                          SHA256

                                                                                          ed104ab4d69e5d34ccdebe12d317c4c8cbb7ddfd60b36f0461db0032a11d288f

                                                                                          SHA512

                                                                                          ece94642b88011429e106aa1b4cea75a606a03647e5dace481969946ba9a0d3b23162c9cb81200d12445fd4910ddc30135866c80b645a82df08e7e374c60a4cc

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                          Filesize

                                                                                          248KB

                                                                                          MD5

                                                                                          bf7f46a78bba38717dc1ccd5a48c9aa2

                                                                                          SHA1

                                                                                          30382066798876dc4e689bfcfad098910a213cda

                                                                                          SHA256

                                                                                          0f0425430b83a340883c9c4318cda20e91c8db1febcf0f1b731ae93f2d119020

                                                                                          SHA512

                                                                                          bbae0e9ce97d5db855799960778425bcd652d7e1507089211be8413fd56698845dc00c19bb4adafe6ea3ff3c00b0ad0a9a111bb00f7f57b1d59ea79b236163ab

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config
                                                                                          Filesize

                                                                                          1021B

                                                                                          MD5

                                                                                          51a41966b950af62998eee5043f543b0

                                                                                          SHA1

                                                                                          d4ce80134834a1f10d50a6cac3ca3a3e80ff1dc2

                                                                                          SHA256

                                                                                          f1461b023e02fac832979ebf9bfa59ee7043885c90fc8ee6f8077f07a1cb7097

                                                                                          SHA512

                                                                                          9c4ba08451116f92036ce24075a641eb5973b740bb876cb8ec7229dae10308364404f175b8abd1f0d6eefa73b9123fa857bf2c3b39577d767831444f99435936

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll
                                                                                          Filesize

                                                                                          109KB

                                                                                          MD5

                                                                                          f38140dca6604bb2fa225120ab64f1f9

                                                                                          SHA1

                                                                                          fb051bd98580efaa446af16dc45fbd296e2c6c5c

                                                                                          SHA256

                                                                                          e02d6383678b394db45f11dcd06f309745b30f9e94ffbc33c9c9433a6b211cca

                                                                                          SHA512

                                                                                          eb6310d2a02a642c634bdf1f0f6c74c530e995a125b1641732f086efd25c4ced0836562579a22445e5e1582b72707ccf3b22f1fdb50b970ebcb5a694c2f79ab5

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll
                                                                                          Filesize

                                                                                          693KB

                                                                                          MD5

                                                                                          a336fba63cbca9d841cd3188f59be1cb

                                                                                          SHA1

                                                                                          d486c67f142f8683bca8d5f487602bff599403ee

                                                                                          SHA256

                                                                                          e4ccf5985d2f5006d42cfe002b39651ef0c9f1b8db60453d0f682d6d62cac23f

                                                                                          SHA512

                                                                                          9f0c65170a7105bbbafe1ba69bbbc965c41bd009f8d8642542cc54af7520252307f4be9e09c8a7d0ccb6fee42370d80338ac6e83f993b5dc8a6275777e3cafe9

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
                                                                                          Filesize

                                                                                          27KB

                                                                                          MD5

                                                                                          797c9554ec56fd72ebb3f6f6bef67fb5

                                                                                          SHA1

                                                                                          40af8f7e72222ba9ec2ea2dd1e42ff51dc2eb1bb

                                                                                          SHA256

                                                                                          7138b6beda7a3f640871e232d93b4307065ab3cd9cfac1bd7964a6bec9e60f49

                                                                                          SHA512

                                                                                          4f461a8a25da59f47ced0c0dbf59318ddb30c21758037e22bbaa3b03d08ff769bfd1bfc7f43f0e020df8ae4668355ab4b9e42950dca25435c2dd3e9a341c4a08

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe
                                                                                          Filesize

                                                                                          214KB

                                                                                          MD5

                                                                                          01807774f043028ec29982a62fa75941

                                                                                          SHA1

                                                                                          afc25cf6a7a90f908c0a77f2519744f75b3140d4

                                                                                          SHA256

                                                                                          9d4727352bf6d1cca9cba16953ebd1be360b9df570fd7ba022172780179c251e

                                                                                          SHA512

                                                                                          33bd2b21db275dc8411da6a1c78effa6f43b34afd2f57959e2931aa966edea46c78d7b11729955879889cbe8b81a8e3fb9d3f7e4988e3b7f309cbd1037e0dc02

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe
                                                                                          Filesize

                                                                                          37KB

                                                                                          MD5

                                                                                          efb4712c8713cb05eb7fe7d87a83a55a

                                                                                          SHA1

                                                                                          c94d106bba77aecf88540807da89349b50ea5ae7

                                                                                          SHA256

                                                                                          30271d8a49c2547ab63a80bc170f42e9f240cf359a844b10bc91340444678e75

                                                                                          SHA512

                                                                                          3594955ad79a07f75c697229b0de30c60c2c7372b5a94186a705159a25d2e233e398b9e2dc846b8b47e295dcddd1765a8287b13456c0a3b3c4e296409a428ef8

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip
                                                                                          Filesize

                                                                                          3.5MB

                                                                                          MD5

                                                                                          723a7f489fb1861821fee5f5de0acba0

                                                                                          SHA1

                                                                                          ad76a8ec8cd52346c575894e08c458e1adf620b7

                                                                                          SHA256

                                                                                          0b1afe081f2e2aefdcf40cada67e79e287536999e99145748aeeb4f0010730f5

                                                                                          SHA512

                                                                                          b3ea87dd52d79b73b443154b71ea44da1ce86032bb4646d2a2813218e55113b3c1b854dc638229ecda370fa49863228dea1e86b6d455457095a9de865e25b0e1

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
                                                                                          Filesize

                                                                                          396KB

                                                                                          MD5

                                                                                          b5929e2ca0e402a373b633bb78d0414a

                                                                                          SHA1

                                                                                          38146d4f3ddca1b1e854bf638b7722356e5e2195

                                                                                          SHA256

                                                                                          d7b43a4807e1841b94353656fcfd45b69f7550adf137c56aefb85104883fb821

                                                                                          SHA512

                                                                                          65e02019656d61238b8fc784496eb6ccf238a5f6eff9b101893641cb45d9c63058cf67abb2bc75007e9e2726458115eb8e9ad9a4cf34a86435ea637dc78c3ea6

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                          Filesize

                                                                                          48KB

                                                                                          MD5

                                                                                          039bd1df4a6765d39d548cd9c2018cf2

                                                                                          SHA1

                                                                                          eafe6a5e77e444ba00e1d2970df2bac9b851a3e8

                                                                                          SHA256

                                                                                          03b8145731b6bdfef961635d5c77b22ce5cb905581bb6079ec666f5eac2cd03c

                                                                                          SHA512

                                                                                          54cc52b73b5ddd387e0604f9649912dbefe0e69bf028a24e648a5a35d811bbe79b4341fa28ead4993f71817e225918142b601063382506cfe9832281c8c25c3c

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe
                                                                                          Filesize

                                                                                          303KB

                                                                                          MD5

                                                                                          61e150b877b5e55cc72191d36e1ad9c6

                                                                                          SHA1

                                                                                          44c01d81d2b23add915c95ee5ea29f2c58c8ab59

                                                                                          SHA256

                                                                                          9a6fd72c5962ba94ab767c644b8162c6c28ea661ac66c4ce87fe408bee8d4e34

                                                                                          SHA512

                                                                                          b3cae2a1732e9eec11ba10630b41e0c23940fd37f4664d2dcb4a3599092fd2d400a919cb0c52b2852400f7f6c480e8960c5c2d0937ac7b6170e9c17534450013

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe
                                                                                          Filesize

                                                                                          53KB

                                                                                          MD5

                                                                                          8c105c1fdaac154d727df0ed34bca083

                                                                                          SHA1

                                                                                          3525fc304f7464876ec0bac3305d604e8a2340c9

                                                                                          SHA256

                                                                                          dd4b31b650621c6ee76bc65ef7d4a56901fc4d6629816e64c3fbe2539ea6d4e2

                                                                                          SHA512

                                                                                          47793671c67625a5595c09f87bcb592e403f9103a410a62d1e8d37b5d38ced47fb8efecb9fb7d55e5b41834923907af91aa8fbe884aecd73a888cfa7170fc9f4

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip
                                                                                          Filesize

                                                                                          333KB

                                                                                          MD5

                                                                                          745714d838c4d4f88c6e0db6a434f444

                                                                                          SHA1

                                                                                          90689ce709bf2464b678c7afa7b1e18f080d52bb

                                                                                          SHA256

                                                                                          e35302995dad1d5e4b7147d8763f7262500271cf01eac8edfa896b392ac7139f

                                                                                          SHA512

                                                                                          08cbfac0b604530108978c757ad8481c69ed62deac5520777bacee9751f3f260d2c3158609fd723819d8d6626c46b302fe7da7005efc09ab571871ac9d58a0ed

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                          Filesize

                                                                                          70KB

                                                                                          MD5

                                                                                          e9b3a59f67febdd7f8fbe68d71c5d0ab

                                                                                          SHA1

                                                                                          22bd3ec3f8e0be2f317ade9d553acdb3ea11f52e

                                                                                          SHA256

                                                                                          bff4de54dacec104e1e63659857ca99d3e9658dcc09d6e1cbf54dc7b22629cbf

                                                                                          SHA512

                                                                                          00e95ea600777025a30e23c755522b869320ca445ac5bd74f123306457d0793efa338220cba9d064e5d25cc3dcf19d66e4e48d3a1c72d196eeb77fb61e4b0688

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe
                                                                                          Filesize

                                                                                          50KB

                                                                                          MD5

                                                                                          5bb0687e2384644ea48f688d7e75377b

                                                                                          SHA1

                                                                                          44e4651a52517570894cfec764ec790263b88c4a

                                                                                          SHA256

                                                                                          963a4c7863beae55b1058f10f38b5f0d026496c28c78246230d992fd7b19b70a

                                                                                          SHA512

                                                                                          260b661f52287af95c5033b0a03ac2e182211d165cadb7c4a19e5a8ca765e76fc84b0daf298c3eccb4904504a204194a9bf2547fc91039c3ec2d41f9977ff650

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
                                                                                          Filesize

                                                                                          32KB

                                                                                          MD5

                                                                                          0308f32676d9211746048594a5bcb7c3

                                                                                          SHA1

                                                                                          5caf000789ba28a18de93a6ce536a352414fd871

                                                                                          SHA256

                                                                                          0c64ec6ff34865a8d2fc0e267ead43c8f70a6dc36ab476af6748797995f4bc43

                                                                                          SHA512

                                                                                          980248cf713fd9721f2a41aed19a227ad76c2bcbac928df70129b4e4441c62a00b5df5cda0a583cffd365424ea6a7625ded6132f89ed70aa61c851b90b2487d2

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
                                                                                          Filesize

                                                                                          60KB

                                                                                          MD5

                                                                                          99c72ae773f0e16818bc628e6c30272a

                                                                                          SHA1

                                                                                          901b18faa2eeb35946746bcf80a3ed7a67f6daab

                                                                                          SHA256

                                                                                          9159d0f626aebaca406d0ff9abfe19d6153f3d6eefbc1f831a48c17f4aea7a81

                                                                                          SHA512

                                                                                          f05b5884ab3f8b2c0960c2ccbb982555948d293fd37bd29df1157d40c138f1eed6fc94ac5a7d7a4fd098755e9d242d4da992d073ddffcc8f0c543e538b322633

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll
                                                                                          Filesize

                                                                                          588KB

                                                                                          MD5

                                                                                          17d74c03b6bcbcd88b46fcc58fc79a0d

                                                                                          SHA1

                                                                                          bc0316e11c119806907c058d62513eb8ce32288c

                                                                                          SHA256

                                                                                          13774cc16c1254752ea801538bfb9a9d1328f8b4dd3ff41760ac492a245fbb15

                                                                                          SHA512

                                                                                          f1457a8596a4d4f9b98a7dcb79f79885fa28bd7fc09a606ad3cd6f37d732ec7e334a64458e51e65d839ddfcdf20b8b5676267aa8ced0080e8cf81a1b2291f030

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt
                                                                                          Filesize

                                                                                          213B

                                                                                          MD5

                                                                                          747644ef4cae8e25335c0e00e192eed3

                                                                                          SHA1

                                                                                          212c09eb2a220232cafdb15e60ec538d1429571b

                                                                                          SHA256

                                                                                          3b9572ef6e0d7d9e199db7d35bf4bf8048678e2800bfffa244be60f47b4bfae0

                                                                                          SHA512

                                                                                          2664e3289f345a4ea787242fe1273af8be81bc9d8fbc7cb032a2ebfbb2e22d1813410e453e2972d71f0a61b9585fc1e31da2f6d85f91b1eaa2221d987460aedb

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe
                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          1ef7574bc4d8b6034935d99ad884f15b

                                                                                          SHA1

                                                                                          110709ab33f893737f4b0567f9495ac60c37667c

                                                                                          SHA256

                                                                                          0814aad232c96a4661081e570cf1d9c5f09a8572cfd8e9b5d3ead0fa0f5ca271

                                                                                          SHA512

                                                                                          947c306a3a1eec7fce29eaa9b8d4b5e00fd0918fe9d7a25e262d621fb3ee829d5f4829949e766a660e990d1ac14f87e13e5dbd5f7c8252ae9b2dc82e2762fb73

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          f512536173e386121b3ebd22aac41a4e

                                                                                          SHA1

                                                                                          74ae133215345beaebb7a95f969f34a40dda922a

                                                                                          SHA256

                                                                                          a993872ad05f33cb49543c00dfca036b32957d2bd09aaa9dafe33b934b7a3e4a

                                                                                          SHA512

                                                                                          1efa432ef2d61a6f7e7fc3606c5c982f1b95eabc4912ea622d533d540ddca1a340f8a5f4652af62a9efc112ca82d4334e74decf6ddbc88b0bd191060c08a63b9

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe
                                                                                          Filesize

                                                                                          76KB

                                                                                          MD5

                                                                                          b40fe65431b18a52e6452279b88954af

                                                                                          SHA1

                                                                                          c25de80f00014e129ff290bf84ddf25a23fdfc30

                                                                                          SHA256

                                                                                          800e396be60133b5ab7881872a73936e24cbebd7a7953cee1479f077ffcf745e

                                                                                          SHA512

                                                                                          e58cf187fd71e6f1f5cf7eac347a2682e77bc9a88a64e79a59e1a480cac20b46ad8d0f947dd2cb2840a2e0bb6d3c754f8f26fcf2d55b550eea4f5d7e57a4d91d

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe
                                                                                          Filesize

                                                                                          80KB

                                                                                          MD5

                                                                                          3904d0698962e09da946046020cbcb17

                                                                                          SHA1

                                                                                          edae098e7e8452ca6c125cf6362dda3f4d78f0ae

                                                                                          SHA256

                                                                                          a51e25acc489948b31b1384e1dc29518d19b421d6bc0ced90587128899275289

                                                                                          SHA512

                                                                                          c24ab680981d8d6db042b52b7b5c5e92078df83650cad798874fc09ce8c8a25462e1b69340083f4bcad20d67068668abcfa8097e549cfa5ad4f1ee6a235d6eea

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                                          Filesize

                                                                                          120KB

                                                                                          MD5

                                                                                          fb0a86b4e018a8940a1abe11815b0002

                                                                                          SHA1

                                                                                          0fab7b68629d7c8c6700eccbd960cc047f27dc04

                                                                                          SHA256

                                                                                          f79b1cb9679f8840e9c338fe17e06414da2dfc06a9becd2462ecf9fb5b212945

                                                                                          SHA512

                                                                                          6ac5976afab4bffdc4ee59b98557c95968528a70eacd4156313992e026869b358d6dd065af86bdf20a3bf71bded258303e4331519407513ec05b11c70abcb5bc

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\db\SRAgent.sqlite3
                                                                                          Filesize

                                                                                          120KB

                                                                                          MD5

                                                                                          206b8175acdee3abb7e171b371f7f722

                                                                                          SHA1

                                                                                          2c14edab42ae725002022eda5419bcad7d0584b2

                                                                                          SHA256

                                                                                          01b8f70be73a18a3b0e06c13f370dd2048b8550ef160a818630a5b29e494dc4f

                                                                                          SHA512

                                                                                          5822b7767934cde8ee3a7f062555389afa632d2294fa50917d842847df0a2902c24a4f87cdcd93d469853d9775f857598bfd07a293b96a4c5ed1e7bebbefc4ff

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                                                                          Filesize

                                                                                          433B

                                                                                          MD5

                                                                                          cf5f69533151675ab4f248fbc8cdedeb

                                                                                          SHA1

                                                                                          eb736e17118ac79e341b49eb29ea04433e65e66f

                                                                                          SHA256

                                                                                          e774620005d8e57306dcad1f2b427044f0be3da21897de56258fed1f8c565486

                                                                                          SHA512

                                                                                          e9954bab77bc76a3b85bcd988f05356c8dfa1f109c5fd58e5f2d214ed266ddbc520159a416fbfb0a4e24133b143e873ee3d9e88d62db4c486403215d76394f84

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.InstallState
                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          362ce475f5d1e84641bad999c16727a0

                                                                                          SHA1

                                                                                          6b613c73acb58d259c6379bd820cca6f785cc812

                                                                                          SHA256

                                                                                          1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

                                                                                          SHA512

                                                                                          7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
                                                                                          Filesize

                                                                                          1.3MB

                                                                                          MD5

                                                                                          40df7f2a02cdfa70ae76d70d21473428

                                                                                          SHA1

                                                                                          4baddbc082fdb197c77bc1c232be2881a82a7ec8

                                                                                          SHA256

                                                                                          f037309cf6b0174ba282106da31c141e3912486c69c438a53afe7ff589743dc2

                                                                                          SHA512

                                                                                          2522483e9d1b9fc20f14ffab3dcb2a9e5735a260e08e7196a05319076ad9b4d7a9fe94b28c52559022f003d2fe55ec5e4abcecb1b11f4000e804dae5b1c0126f

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Software.zip
                                                                                          Filesize

                                                                                          1.6MB

                                                                                          MD5

                                                                                          5a4e8afa72440e71885687f74b9d85b9

                                                                                          SHA1

                                                                                          66cdc62bafee248a532399bd8f92284d919298df

                                                                                          SHA256

                                                                                          a6272c89fd837dffa2b7366e6e56379e0634b451497e46109846b8013958a022

                                                                                          SHA512

                                                                                          9a48119141d39941e02a80e94e76ccb403f6350ec66fed4ab65d7c0d4f35ab4a0b1550ce279c585170cfa82663f2da75ea7d63a155b9ae733cfa01ed8a8028c5

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip
                                                                                          Filesize

                                                                                          1.8MB

                                                                                          MD5

                                                                                          5ed9543e9f5826ead203316ef0a8863d

                                                                                          SHA1

                                                                                          8235c0e7568ec42d6851c198adc76f006883eb4b

                                                                                          SHA256

                                                                                          33583a8e2dcf039382e80bfa855944407bcba71976ec41c52810cb8358f42043

                                                                                          SHA512

                                                                                          5b4318ddc6953f31531ee8163463259da5546f1018c0fe671280337751f1c57398a5fd28583afba85e93d70167494b8997c23fee121e67bf2f6fb4ca076e9d9f

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.ini
                                                                                          Filesize

                                                                                          13B

                                                                                          MD5

                                                                                          f9769bb20bc8a0f137207ac2fa70e73a

                                                                                          SHA1

                                                                                          13a5ade4adc04d610cefd3bace0b749e33f6faee

                                                                                          SHA256

                                                                                          f117e5835146fcdf2013c5554138c304b5376a1f3e3f1b6c6d1db0dcd6c998c4

                                                                                          SHA512

                                                                                          be47552f6b063fff51102ec421b3860773fa9f51800f6c2988c5c67ba56db8e374c2fb048ef6bb0d988620fdc04a2a6adfbf2a06465e4d4f34ba623b92e5f01b

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.runtimeconfig.json
                                                                                          Filesize

                                                                                          375B

                                                                                          MD5

                                                                                          e8d9109bd15637b1fbf349f9c7ff776f

                                                                                          SHA1

                                                                                          19762daa20afc8085ba6417a7215f1fe2d619f60

                                                                                          SHA256

                                                                                          c4a84cdd787cb31aaa46e8282f7d288f0641fdaa4252ac78979340131c8b9110

                                                                                          SHA512

                                                                                          5cc792c0cdf32c4c893eebc6651aabed7428d2f467b58d3b58ad21dfce9dd4ee0924257b4699297f6d41069f27829ce8b8a711642f3208981761b48382d68b74

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip
                                                                                          Filesize

                                                                                          1.1MB

                                                                                          MD5

                                                                                          9a9b1fd85b5f1dcd568a521399a0d057

                                                                                          SHA1

                                                                                          34ed149b290a3a94260d889ba50cb286f1795fa6

                                                                                          SHA256

                                                                                          88d5a5a4a1b56963d509989b9be1a914afe3e9ee25c2d786328df85da4a7820d

                                                                                          SHA512

                                                                                          7c1259dddff406fdaadb236bf4c7dfb734c9da34fd7bad9994839772e298ebf3f19f02eb0655e773ba82702aa9175337ba4416c561dc2cb604d08e271cc74776

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip
                                                                                          Filesize

                                                                                          673KB

                                                                                          MD5

                                                                                          8a190dfd824e864942a13b01e100ee1d

                                                                                          SHA1

                                                                                          0938bc28ad8b133a7c27635f6eebb268b116bc0c

                                                                                          SHA256

                                                                                          66c414c255ef75c6ffe9955b4d27cb84704e187b1997a8d6cb3734c94967190a

                                                                                          SHA512

                                                                                          53c03e3f525211e93c3b0b86aa6ee0c49e7c6162b7c830519a4dd4073495f08fb148dcadb7ee08634dc72505c4cdce65228e480262e2e527e9bf29a35ab31aa4

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip
                                                                                          Filesize

                                                                                          321KB

                                                                                          MD5

                                                                                          d3901e62166e9c42864fe3062cb4d8d5

                                                                                          SHA1

                                                                                          c9c19eec0fa04514f2f8b20f075d8f31b78bae70

                                                                                          SHA256

                                                                                          dbc0e52e6de93a0567a61c7b1e86daa51fbef725a4a31eef4c9bbff86f43671c

                                                                                          SHA512

                                                                                          ae33e57759e573773b9bb79944b09251f0dc4e07cdb8f373ec06963abfc1e6a6326df7f3b5fecf90bd2b060e3cb5a48b913b745cc853ac32d2558a8651c76111

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip
                                                                                          Filesize

                                                                                          814KB

                                                                                          MD5

                                                                                          9b1f97a41bfb95f148868b49460d9d04

                                                                                          SHA1

                                                                                          768031d5e877e347a249dfdeab7c725df941324b

                                                                                          SHA256

                                                                                          09491858d849212847e4718d6cc8f2b1bc3caa671ceb165cf522290b960262e4

                                                                                          SHA512

                                                                                          9c8929a78cb459f519ace48db494d710efd588a19a7dbea84f46d02563cc9615db8aa78a020f08eca6fa2b99473d15c8192a513b4df8073aef595040d8962ae4

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\log.txt
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          29a58df210abaec0744b2043f0168652

                                                                                          SHA1

                                                                                          e147473bae6b0cd6e95865ab85ed4cde95f949a9

                                                                                          SHA256

                                                                                          32ac5efddeb2cdadf3d9ead45c1fc3714dfc4fd1acc48c23389175919c71e35d

                                                                                          SHA512

                                                                                          e230ca3347fedaf965a3f7eda0738cdb70f8eaaf1f509945aec983a7dc19fbfb830131e0ae3e09a8899f9f3725fcd6d83832a62e288b6429335218734c98f51a

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip
                                                                                          Filesize

                                                                                          1.2MB

                                                                                          MD5

                                                                                          e74d2a16da1ddb7f9c54f72b8a25897c

                                                                                          SHA1

                                                                                          32379af2dc1c1cb998dc81270b7d6be054f7c1a0

                                                                                          SHA256

                                                                                          a0c2f9479b5e3da9d7a213ebc59f1dd983881f4fc47a646ffc0a191e07966f46

                                                                                          SHA512

                                                                                          52b8de90dc9ca41388edc9ae637d5b4ce5c872538c87cc3e7d45edcf8eff78b0f5743ab4927490abda1cff38f2a19983b7ccc0fe3f854b0eacca9c9ce28eda75

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini
                                                                                          Filesize

                                                                                          12B

                                                                                          MD5

                                                                                          b2d5d511002960697118598e9233b21d

                                                                                          SHA1

                                                                                          9f0c9252594d590e47027d9fb6afc34abbd3d6f1

                                                                                          SHA256

                                                                                          a7a70e5be36672e698230c01904255958bf3e5d81bb5655ffc8dc9221b6134be

                                                                                          SHA512

                                                                                          d773d1c77c59c51270ec4f1357ae227e81ca599a98798001ad2c587f1b54877501128a9895ebdc47a5d0a0372a2804ecdc9fb9b47f1ea53607c54eb74a4a7dd7

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                          Filesize

                                                                                          48KB

                                                                                          MD5

                                                                                          b4a865268d5aca5f93bab91d7d83c800

                                                                                          SHA1

                                                                                          95ac9334096f5a38ca1c92df31b1e73ae4586930

                                                                                          SHA256

                                                                                          5cbf60b0873660b151cf8cd62e326fe8006d1d0cbde2fad697e7f8ad3f284203

                                                                                          SHA512

                                                                                          c46ee29861f7e2a1e350cf32602b4369991510804b4b87985465090dd7af64cf6d8dbfa2300f73b2f90f6af95fc0cb5fd1e444b5ddb41dbc89746f04dca6137b

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                          Filesize

                                                                                          48KB

                                                                                          MD5

                                                                                          31ed02c74a75c5952f83c6e74440ed38

                                                                                          SHA1

                                                                                          c7aeeaebce27b1e59b54ad1530fea1e983eb3704

                                                                                          SHA256

                                                                                          9383a143e8a164ba0ab5a2dcfa8f4f02f31f5f99070a0b7dd83eda53e45d9d7d

                                                                                          SHA512

                                                                                          c2442ccb69f5c82260b27c64af5915cbe0e31e5978f1f0ceaf8f5ebe7dcc2167485408e49c37fbf9acb8df1ddccc69d2ab2e84f268f0f407c05431ece044cf45

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                          Filesize

                                                                                          48KB

                                                                                          MD5

                                                                                          c415f379d659149981574dcb401a0e68

                                                                                          SHA1

                                                                                          b38f96a5c531322640992150454d3d222ee14a83

                                                                                          SHA256

                                                                                          97f3a58b2d799389a70ab40491aaf7c5d7b78f519e28d1dc42cae2bd3a05e120

                                                                                          SHA512

                                                                                          546dd59f374650ba4d13952832917dec8f74f66c537566cca321c06df5ed2244408f20b344ba2634344157afab0ea265cb5e7db1e5b3967de86531a915f4f489

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\package_2.db
                                                                                          Filesize

                                                                                          48KB

                                                                                          MD5

                                                                                          ccf80943cb30e2306734f4e673ccf519

                                                                                          SHA1

                                                                                          88bbc579361218f00d97f29b31a39b6ace51ecce

                                                                                          SHA256

                                                                                          ac1aeb69ac7c8625fdb74c6f57535bb88c98273ceb3cb93914eae2de8824caa4

                                                                                          SHA512

                                                                                          cc630ae5488941da360583c91f3906b37fb9ba29f50721f202db18cc15192b3958ace72d4f7b9bc933a3cb67bf34dbfb1a2a1453277e113c96f7f547958da831

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip
                                                                                          Filesize

                                                                                          2.8MB

                                                                                          MD5

                                                                                          f9be3b3adeabb9f05d58996b24f30da5

                                                                                          SHA1

                                                                                          61efff2663c0d80288045a64c11e6ecbfeefae0c

                                                                                          SHA256

                                                                                          0bc15337f9b4ef987bbeb2254db86e1b498e21c729dbba645e658f7a0e6c644a

                                                                                          SHA512

                                                                                          d61f5a7a76298da645001857833fcd970c2717447028321e46bde50d581d2d3f26ffbf0b5bfb323f8e357a5e2b5a1181aa10bb74cf4e9809133186479c1bfb3b

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip
                                                                                          Filesize

                                                                                          1.1MB

                                                                                          MD5

                                                                                          bccad70b35abf4bdd51d2cabe9e2a114

                                                                                          SHA1

                                                                                          2d255cb7170b6b592b4849fb9f00b0add0a99c48

                                                                                          SHA256

                                                                                          6d25105508b5e94af634d97f1751b9926adcbc5ad86f3bc2d79d26c4712d1c06

                                                                                          SHA512

                                                                                          394de4ffe8a9fcf9e4ca6038b3579dc04a6f1c15e8cb3428b10540726aaf563073a893efb14dba1d109af15994a0bf1370a0cd53de5a8c759ee123ed362e0b29

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config
                                                                                          Filesize

                                                                                          541B

                                                                                          MD5

                                                                                          d0efb0a6d260dbe5d8c91d94b77d7acd

                                                                                          SHA1

                                                                                          e33a8c642d2a4b3af77e0c79671eab5200a45613

                                                                                          SHA256

                                                                                          7d38534766a52326a04972a47caca9c05e95169725d59ab4a995f8a498678102

                                                                                          SHA512

                                                                                          a3f1cff570201b8944780cf475b58969332c6af9bea0a6231e59443b05fc96df06a005ff05f78954dbe2fec42da207f6d26025aa558d0a30a36f0df23a44a35c

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini
                                                                                          Filesize

                                                                                          12B

                                                                                          MD5

                                                                                          880d31390a25de6a9cd34463b46c75e6

                                                                                          SHA1

                                                                                          837af65938c9606b5de3c6f2195fc3e855554cd7

                                                                                          SHA256

                                                                                          425adf50cf113d68bd6aa8dc1015db43422bbc1c977933d5f8c1ecaabf18eb2e

                                                                                          SHA512

                                                                                          8e9dd066ff73625a5a55d1ece5ba1e4fb248ab14a32880a3d4d86266176cb4f1c61f8301e1ff49839c283affe877b9fbcd3bc2b9763c08b0b63ba56023c2282b

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip
                                                                                          Filesize

                                                                                          670KB

                                                                                          MD5

                                                                                          96e50bbca30d75af7b8b40acf8dda817

                                                                                          SHA1

                                                                                          4b1255280dff8de8b7be47def58f83f6ec39ded6

                                                                                          SHA256

                                                                                          a3ad00ccb61bc87d58eb7977f68130b78a0b95e74d61e6a4624ac114ccde5736

                                                                                          SHA512

                                                                                          0034c08cb878b703f272e3fd2734bb928ff1bdba85cf79a151519b019c83bd4d199c80af0aa30db28ef82f7ee68a9d59dcaede92f83bfe8787f6a5d4d5e9817c

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip
                                                                                          Filesize

                                                                                          3.1MB

                                                                                          MD5

                                                                                          9c8eb5e114c1446f78f1312256ab61e4

                                                                                          SHA1

                                                                                          6b820d9158359687e52878d72b6121b295ad6ffd

                                                                                          SHA256

                                                                                          3f5eef6b6777c84ebd4d957bf7c0ab096614554453339327286f7535dcc480f5

                                                                                          SHA512

                                                                                          2f8c831a7e75ce92fdbe005cd5bd7213850a4f8937ded0712210c69b8e1748732a6222ba5ec26ce9c2ee73b2a3b6e391551bf09b3db2914be5c7096ae7565c9c

                                                                                          Download Submit

                                                                                        • C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip
                                                                                          Filesize

                                                                                          571KB

                                                                                          MD5

                                                                                          dec72136e998b6a5b71eefa2b6e8d68b

                                                                                          SHA1

                                                                                          a2cdaf23bb441e493fceb7d380730008da5593ee

                                                                                          SHA256

                                                                                          106fa7ff5a149f345af041964b7339814b08bf3a26fa922908b94bc806f53662

                                                                                          SHA512

                                                                                          b99fa42bf18436d26071f48dd921145fbd8a54f5c62f01204bfb454ccd56aa336fe5147502deea7200b5fbdadbf774af2f0171374de964c8ed5877a30a37b3fc

                                                                                          Download Submit

                                                                                        • C:\Program Files\dotnet\dotnet.exe
                                                                                          Filesize

                                                                                          143KB

                                                                                          MD5

                                                                                          71026b098f8fb39c88b003df746d9fa0

                                                                                          SHA1

                                                                                          013ca259f551ad6f33db53fff0e121e74408e20e

                                                                                          SHA256

                                                                                          11058e8c2cd05f30dcf1775644bf19d2913c9a6d674c12f91d1896d95d9cc5c2

                                                                                          SHA512

                                                                                          9830be3444225a4b2f9fa4aedbc8af4f45fdb2548f0b6a2eba2a2a407ea3c7d8fd78c0e37fac66cafbdfad781ae78b076d225fd5c836a451f57a54053ccef9ad

                                                                                          Download Submit

                                                                                        • C:\ProgramData\Splashtop\Splashtop Remote Server\Credential\5653b21680f26264df2ddf45f540df1f
                                                                                          Filesize

                                                                                          16KB

                                                                                          MD5

                                                                                          b2e89027a140a89b6e3eb4e504e93d96

                                                                                          SHA1

                                                                                          f3b1b34874b73ae3032decb97ef96a53a654228f

                                                                                          SHA256

                                                                                          5f97b3a9d3702d41e15c0c472c43bea25f825401adbc6e0e1425717e75174982

                                                                                          SHA512

                                                                                          93fc993af1c83f78fd991cc3d145a81ee6229a89f2c70e038c723032bf5ad12d9962309005d94cdbe0ef1ab11dc5205f57bcf1bc638ee0099fedf88977b99a19

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                          Filesize

                                                                                          471B

                                                                                          MD5

                                                                                          072e329403c1fd4de11a63651d866833

                                                                                          SHA1

                                                                                          cabc351df595fbadadd041a22f1db751d4684c31

                                                                                          SHA256

                                                                                          83152651dae6008408f0760a1674006d74a6fa6b33ee91278a3a386d411dd547

                                                                                          SHA512

                                                                                          68fe3505926f697902d97ad95457c4f40ec586f65a4af842ecb30bb0dd862542d72d6135c5759574ab08b4cacabc8cef57a41e509d63cb6dc9001f171c04452c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                                          Filesize

                                                                                          727B

                                                                                          MD5

                                                                                          740aba26756c2e67fe1d1448dd06982e

                                                                                          SHA1

                                                                                          62e2192c8bfa95a244813d0cb500b494d8a4a646

                                                                                          SHA256

                                                                                          65a67fbc4a20cc9c3cbfc6035f144589e85dbd31d05bccdeabb5d63b43b8c104

                                                                                          SHA512

                                                                                          9324cc00ea9cac8b68c328432e07398af81a0454f2f140f03b836b7b4d167c6dc506853edf68327b49b9315639e6b18bd52ce3a6572d0a938084f4883587a913

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                          Filesize

                                                                                          727B

                                                                                          MD5

                                                                                          265da4547fc57c9b732837e09cd30d8e

                                                                                          SHA1

                                                                                          422b0b6e88c6ee8a58c9f8db2f9f4fa8c45c3a75

                                                                                          SHA256

                                                                                          a5033d6bba7f36ff40321b82b37292077c41cacbe53e208d455cdb530199906e

                                                                                          SHA512

                                                                                          e04a351a97ba121a42dcd5e9d8123235b1c9b98a5b29e4db3ea885cb467d2f848ae811274b2ab1ea4657432a4fedc198bb5c7bb44fb6055b934712f57fda63c7

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                          Filesize

                                                                                          400B

                                                                                          MD5

                                                                                          4dace937bbfce551c3d34f07b21395b6

                                                                                          SHA1

                                                                                          15db83662f9a885c32391b22c814e40a2462878e

                                                                                          SHA256

                                                                                          160805c7966a5bfeee281f58299013c8c1f479f1146f973a78c345aa51292179

                                                                                          SHA512

                                                                                          35e5d083ceee08534ae2c5f0b5712f03f845da8c51450728967fa6e11e63333d97dd769548e182649fa5bd1e9be82478eecf408671c12d8c32a6cb047196c4f5

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC
                                                                                          Filesize

                                                                                          412B

                                                                                          MD5

                                                                                          d7a16ead26a337b0799fa7363a4f1dda

                                                                                          SHA1

                                                                                          6fbb16a4a488988a932fc761139788f859ab7b62

                                                                                          SHA256

                                                                                          d77e6376ed7861be1813981a12604431e4bf0686f478c89b3760925209fd2fe6

                                                                                          SHA512

                                                                                          0a00aa978c3692c56939e504a59aee990e36c5fe54efb4a3b26f95a4ae8d665d36ac20101e7fcff5367db5e12d90392164b752378b97d5986c6b5e0fd0df5a54

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                          Filesize

                                                                                          412B

                                                                                          MD5

                                                                                          1a617a953c322c232fff0b0d8334e502

                                                                                          SHA1

                                                                                          3f77554ec2359308a50bef848575dd9688cec163

                                                                                          SHA256

                                                                                          b91c230666077ae921d6ebc94051d2ac3ae63749f5521e230af5a7e987791712

                                                                                          SHA512

                                                                                          cd888c2e29e896ef0c4b1e4b76810f1110a238b5423290d03f9431d2ca47abb0ee3396680905c9735a342ee8323f3dea1f215489ea8333991a6d5c6b35cb2b83

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
                                                                                          Filesize

                                                                                          651B

                                                                                          MD5

                                                                                          9bbfe11735bac43a2ed1be18d0655fe2

                                                                                          SHA1

                                                                                          61141928bb248fd6e9cd5084a9db05a9b980fb3a

                                                                                          SHA256

                                                                                          549953bd4fc8acc868a9374ec684ebd9e7b23939adf551016f3433b642697b74

                                                                                          SHA512

                                                                                          a78c52b2ddc057dabf260eeb744b9f55eab3374ad96e1938a291d2b17f204a0d6e1aa02802de75f0b2cd6d156540d2ddee15e889b89d5e619207054df4c1d483

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSI1825.tmp
                                                                                          Filesize

                                                                                          4.5MB

                                                                                          MD5

                                                                                          44847d135643b605547af3b50a89413f

                                                                                          SHA1

                                                                                          79835757c6e826f1407ad2f5c0b956d5a921b2bb

                                                                                          SHA256

                                                                                          123d2dd064fd5e4ccb10cc689da5a064b9cf00b2e216d824c2d0dc2c9b5dc707

                                                                                          SHA512

                                                                                          030274fecd976283aa06fddf936304576ede10c8cc318c68466125d972baa6ed7ea26ebd9a5972c4cbdec97e03710ad1f76eeb9b419b0888d5efb02c4b937616

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSI6EA6.tmp-\System.Management.dll
                                                                                          Filesize

                                                                                          60KB

                                                                                          MD5

                                                                                          878e361c41c05c0519bfc72c7d6e141c

                                                                                          SHA1

                                                                                          432ef61862d3c7a95ab42df36a7caf27d08dc98f

                                                                                          SHA256

                                                                                          24de61b5cab2e3495fe8d817fb6e80094662846f976cf38997987270f8bbae40

                                                                                          SHA512

                                                                                          59a7cbb9224ee28a0f3d88e5f0c518b248768ff0013189c954a3012463e5c0ba63a7297497131c9c0306332646af935dd3a1acf0d3e4e449351c28ec9f1be1fa

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSIAFA9.tmp
                                                                                          Filesize

                                                                                          509KB

                                                                                          MD5

                                                                                          88d29734f37bdcffd202eafcdd082f9d

                                                                                          SHA1

                                                                                          823b40d05a1cab06b857ed87451bf683fdd56a5e

                                                                                          SHA256

                                                                                          87c97269e2b68898be87b884cd6a21880e6f15336b1194713e12a2db45f1dccf

                                                                                          SHA512

                                                                                          1343ed80dccf0fa4e7ae837b68926619d734bc52785b586a4f4102d205497d2715f951d9acacc8c3e5434a94837820493173040dc90fb7339a34b6f3ef0288d0

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSIAFA9.tmp-\AlphaControlAgentInstallation.dll
                                                                                          Filesize

                                                                                          25KB

                                                                                          MD5

                                                                                          aa1b9c5c685173fad2dabebeb3171f01

                                                                                          SHA1

                                                                                          ed756b1760e563ce888276ff248c734b7dd851fb

                                                                                          SHA256

                                                                                          e44a6582cd3f84f4255d3c230e0a2c284e0cffa0ca5e62e4d749e089555494c7

                                                                                          SHA512

                                                                                          d3bfb4bd7e7fdb7159fbfc14056067c813ce52cdd91e885bdaac36820b5385fb70077bf58ec434d31a5a48245eb62b6794794618c73fe7953f79a4fc26592334

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSIAFA9.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                                                                          Filesize

                                                                                          179KB

                                                                                          MD5

                                                                                          1a5caea6734fdd07caa514c3f3fb75da

                                                                                          SHA1

                                                                                          f070ac0d91bd337d7952abd1ddf19a737b94510c

                                                                                          SHA256

                                                                                          cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca

                                                                                          SHA512

                                                                                          a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSIB547.tmp-\CustomAction.config
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          bc17e956cde8dd5425f2b2a68ed919f8

                                                                                          SHA1

                                                                                          5e3736331e9e2f6bf851e3355f31006ccd8caa99

                                                                                          SHA256

                                                                                          e4ff538599c2d8e898d7f90ccf74081192d5afa8040e6b6c180f3aa0f46ad2c5

                                                                                          SHA512

                                                                                          02090daf1d5226b33edaae80263431a7a5b35a2ece97f74f494cc138002211e71498d42c260395ed40aee8e4a40474b395690b8b24e4aee19f0231da7377a940

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSIB547.tmp-\Newtonsoft.Json.dll
                                                                                          Filesize

                                                                                          695KB

                                                                                          MD5

                                                                                          715a1fbee4665e99e859eda667fe8034

                                                                                          SHA1

                                                                                          e13c6e4210043c4976dcdc447ea2b32854f70cc6

                                                                                          SHA256

                                                                                          c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

                                                                                          SHA512

                                                                                          bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSIBC10.tmp
                                                                                          Filesize

                                                                                          211KB

                                                                                          MD5

                                                                                          a3ae5d86ecf38db9427359ea37a5f646

                                                                                          SHA1

                                                                                          eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                                          SHA256

                                                                                          c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                                          SHA512

                                                                                          96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\MSIBF07.tmp
                                                                                          Filesize

                                                                                          219KB

                                                                                          MD5

                                                                                          928f4b0fc68501395f93ad524a36148c

                                                                                          SHA1

                                                                                          084590b18957ca45b4a0d4576d1cc72966c3ea10

                                                                                          SHA256

                                                                                          2bf33a9b9980e44d21d48f04cc6ac4eed4c68f207bd5990b7d3254a310b944ae

                                                                                          SHA512

                                                                                          7f2163f651693f9b73a67e90b5c820af060a23502667a5c32c3beb2d6b043f5459f22d61072a744089d622c05502d80f7485e0f86eb6d565ff711d5680512372

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\e57af1c.msi
                                                                                          Filesize

                                                                                          2.9MB

                                                                                          MD5

                                                                                          8570a2dc7b26b6a69b4ee3bb3c5a0c0f

                                                                                          SHA1

                                                                                          a5780fa5fdd9deb29e701b22860f04c8c961d090

                                                                                          SHA256

                                                                                          b283c5d9f50a5d59325b3fdf56043d0d656e2d3d78ef7c27c62d68f38998786c

                                                                                          SHA512

                                                                                          81b9ef38f469fff4284b3aaf669392445d2963da21db4634d08d7ee389f9047d3b0b13b1973a0e9b42f90e34561a018b2f5c99a4a782a2ccfc285630f52661be

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\e57af38.msi
                                                                                          Filesize

                                                                                          26.3MB

                                                                                          MD5

                                                                                          b9c6d23462adef092b8a5b7880531b03

                                                                                          SHA1

                                                                                          9e8c4f7f48d38fb54a93789a583852869c074f2d

                                                                                          SHA256

                                                                                          2e23da54aa1ff64de09021ab089c1be6d4a323bdf0d8f46f78b5c6a33df83109

                                                                                          SHA512

                                                                                          18623991c5690e516541eaf867f22b3a1a02317392178943143bedc7f7eda5e02e69665c3c4a5fa50ade516a191bbbf16fd71e60f3225f660fb10ebc25cd01a5

                                                                                          Download Submit

                                                                                        • C:\Windows\Installer\e57af3c.msi
                                                                                          Filesize

                                                                                          772KB

                                                                                          MD5

                                                                                          d73de5788ab129f16afdd990d8e6bfa9

                                                                                          SHA1

                                                                                          88cb87af50ea4999e2079d9269ce64c8eb1a584e

                                                                                          SHA256

                                                                                          4f9ac5a094e9b1b4f0285e6e69c2e914e42dcc184dfe6fe93894f8e03ca6c193

                                                                                          SHA512

                                                                                          bfc32f9a20e30045f5207446c6ab6e8ef49a3fd7a5a41491c2242e10fee8efd2f82f81c3ff3bf7681e5e660fde065a315a89d87e9f488c863421fe1d6381ba3b

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{23bbe909-93fd-8748-aaa9-78ec0c745fb9}\lci_proxywddm.cat
                                                                                          Filesize

                                                                                          12KB

                                                                                          MD5

                                                                                          8e16d54f986dbe98812fd5ec04d434e8

                                                                                          SHA1

                                                                                          8bf49fa8e12f801559cc2869365f0b184d7f93fe

                                                                                          SHA256

                                                                                          7c772fb24326e90d6e9c60a08495f32f7d5def1c52037d78cbd0436ad70549cd

                                                                                          SHA512

                                                                                          e1da797044663ad6362641189fa78116cc4b8e611f9d33c89d6c562f981d5913920acb12a4f7ef6c1871490563470e583910045378bda5c7a13db25f987e9029

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{23bbe909-93fd-8748-aaa9-78ec0c745fb9}\lci_proxywddm.inf
                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          0315a579f5afe989154cb7c6a6376b05

                                                                                          SHA1

                                                                                          e352ff670358cf71e0194918dfe47981e9ccbb88

                                                                                          SHA256

                                                                                          d10fa136d6ae9a15216202e4dd9f787b3a148213569e438da3bf82b618d8001d

                                                                                          SHA512

                                                                                          c7ce8278bc5ee8f8b4738ef8bb2c0a96398b40dc65eea1c28688e772ae0f873624311146f4f4ec8971c91df57983d2d8cdbec1fe98eaa7f9d15a2c159d80e0af

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{23bbe909-93fd-8748-aaa9-78ec0c745fb9}\x64\lci_proxyumd.dll
                                                                                          Filesize

                                                                                          179KB

                                                                                          MD5

                                                                                          4dc11547a5fc28ca8f6965fa21573481

                                                                                          SHA1

                                                                                          d531b0d8d2f8d49d81a4c17fbaf3bc294845362c

                                                                                          SHA256

                                                                                          e9db5cd21c8d709a47fc0cfb2c6ca3bb76a3ed8218bed5dc37948b3f9c7bd99d

                                                                                          SHA512

                                                                                          bd0f0a3bbc598480a9b678aa1b35728b2380bf57b195b0249936d0eaaa014f219031a563f486871099bf1c78ccc758f6b25b97cfc5296a73fc60b6caff9877f6

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{23bbe909-93fd-8748-aaa9-78ec0c745fb9}\x64\lci_proxyumd32.dll
                                                                                          Filesize

                                                                                          135KB

                                                                                          MD5

                                                                                          67ae7b2c36c9c70086b9d41b4515b0a8

                                                                                          SHA1

                                                                                          ba735d6a338c8fdfa61c98f328b97bf3e8e48b8b

                                                                                          SHA256

                                                                                          79876f242b79269fe0fe3516f2bdb0a1922c86d820ce1dd98500b385511dac69

                                                                                          SHA512

                                                                                          4d8320440f3472ee0e9bd489da749a738370970de07b0920b535642723c92de848f4b3d7f898689c817145ce7b08f65128abe91d816827aeb7e5e193d7027078

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{23bbe909-93fd-8748-aaa9-78ec0c745fb9}\x64\lci_proxywddm.sys
                                                                                          Filesize

                                                                                          119KB

                                                                                          MD5

                                                                                          b9b0e9b4d93b18b99ece31a819d71d00

                                                                                          SHA1

                                                                                          2be1ad570f3ccb2e6f2e2b16d1e0002ca4ec8d9e

                                                                                          SHA256

                                                                                          0f1c64c0fa08fe45beac15dc675d3b956525b8f198e92e0ccac21d2a70ce42cf

                                                                                          SHA512

                                                                                          465e389806f3b87a544ab8b0b7b49864feeba2eeef4fb51628d40175573ed1ba00b26d6a2abebc74c31369194206ed31d32c68471dddcf817fdd2d26e3da7a53

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{5ffc9132-ed35-434c-8ef5-1b3a47e2b31b}\lci_iddcx.cat
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          62458e58313475c9a3642a392363e359

                                                                                          SHA1

                                                                                          e63a3866f20e8c057933ba75d940e5fd2bf62bc6

                                                                                          SHA256

                                                                                          85620d87874f27d1aaf1743c0ca47e210c51d9afd0c9381fc0cd8acca3854562

                                                                                          SHA512

                                                                                          49fb8ca58aecf97a6ab6b97de7d367accb7c5be76fbcd324af4ce75efe96642e8c488f273c0363250f7a5bcea7f7055242d28fd4b1f130b68a1a5d9a078e7fad

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{5ffc9132-ed35-434c-8ef5-1b3a47e2b31b}\lci_iddcx.inf
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          1cec22ca85e1b5a8615774fca59a420b

                                                                                          SHA1

                                                                                          049a651751ef38321a1088af6a47c4380f9293fc

                                                                                          SHA256

                                                                                          60a018f46d17b7640fc34587667cd852a16fa8e82f957a69522637f22e5fe5cf

                                                                                          SHA512

                                                                                          0f24fe3914aef080a0d109df6cfac548a880947fb85e7490f0d8fa174a606730b29dc8d2ae10525dba4d1ca05ac9b190e4704629b86ac96867188df4ca3168bb

                                                                                          Download Submit

                                                                                        • C:\Windows\System32\DriverStore\Temp\{5ffc9132-ed35-434c-8ef5-1b3a47e2b31b}\x64\lci_iddcx.dll
                                                                                          Filesize

                                                                                          52KB

                                                                                          MD5

                                                                                          01e8bc64139d6b74467330b11331858d

                                                                                          SHA1

                                                                                          b6421a1d92a791b4d4548ab84f7140f4fc4eb829

                                                                                          SHA256

                                                                                          148359a84c637d05c20a58f5038d8b2c5390f99a5a229be8eccbb5f85e969438

                                                                                          SHA512

                                                                                          4099e8038d65d95d3f00fd32eba012f55ae16d0da3828e5d689ef32e20352fdfcc278cd6f78536dc7f28fb97d07185e654fe6eee610822ea8d9e9d5af696dff5

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-01-52-34.dat
                                                                                          Filesize

                                                                                          601B

                                                                                          MD5

                                                                                          d5327f0d45e76f1dcf13a62a0732a8b8

                                                                                          SHA1

                                                                                          fec2cc335f3e783a4fddb42e5fc6ac5a7def2062

                                                                                          SHA256

                                                                                          45135a7b6ca64f88f30d103b9688b73191f80d0354fbb0d9252ab0287ece9075

                                                                                          SHA512

                                                                                          88e14034687796f077b9f1c68c96ec14fa5d7f651982ac04aabd407e5e6a0a904379dd28f4ff60181384372680b536f5322e43553ea0381bd0174ee5697bafef

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          c714353c0c127b5cd17e0098f7be9cb5

                                                                                          SHA1

                                                                                          67102d8058f99d39d0f4c842efea66fcf8a625d7

                                                                                          SHA256

                                                                                          c2ae2e19ef4bc4b152a236181ae5de0d3149b6e24ed43c615e63d6f04737bbef

                                                                                          SHA512

                                                                                          9efbdcf9a2652ff549835e0c99adf7784e07308deaa77df0f0a0449ec5f3a4f7a96e46954047e358a31d2ea8b5f6a30b3951471144fd09066a18e0eb766cb430

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                                          Filesize

                                                                                          976B

                                                                                          MD5

                                                                                          60d523ae698c6108b72f173ac79f0f9d

                                                                                          SHA1

                                                                                          eae78855606fbb200047ffa1391e70c105c99a19

                                                                                          SHA256

                                                                                          efc83234a352dea601d51f884dd1cbc0e0dcebf203eb172fe1ab2188dea6c432

                                                                                          SHA512

                                                                                          2629816f42795ea7aad7d36f3a372f519028111b047f73d6220e451735114be5ed7ad7a8ff8e3f9a08034d8e26957a2d1f3d4a64d2eafda87ef59dc9381638f0

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\InstallUtil.log
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          8c92b53ca3b5ea9fe7c97557604e8846

                                                                                          SHA1

                                                                                          7375e274a6efcd501a4c721d8fd6cb5765d1bb5b

                                                                                          SHA256

                                                                                          6992429e1d557965c5ce65c29cab8f2abb1e81b7db77ebca15a6c064e67a8c1d

                                                                                          SHA512

                                                                                          b07716acd0986306763259d46330a479d0be4919e46f6119bd6ac95825b67b333a2579eaa82f01281efe4712cfb8dbd2e3043b118964895d5c9360747ffbe7fe

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\__PSScriptPolicyTest_d2mdko4g.pcl.ps1
                                                                                          Filesize

                                                                                          60B

                                                                                          MD5

                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                          SHA1

                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                          SHA256

                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                          SHA512

                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\unpack.log
                                                                                          Filesize

                                                                                          2KB

                                                                                          MD5

                                                                                          a02a31b2296c8ea5b885b1d8552781f0

                                                                                          SHA1

                                                                                          3f51bad4c3ceea891853a541e9cd97a0b626bde3

                                                                                          SHA256

                                                                                          b9c1f5abde8b66cc14a361d41e3aadb4fce847a87abe645774b96fe5c980c0e6

                                                                                          SHA512

                                                                                          fd70926638faccb8d25477f3a8706ea8b1cbada7196056efac80b50094072a543ab6ac9aa39e3a6517599c0855822285a701e1bd80cb0391d36c97193758a193

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\unpack.log
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          341d8d913103e0d0bb922986e87bee6d

                                                                                          SHA1

                                                                                          2bbf27d38ed87f077a2870fc340725fa57854c66

                                                                                          SHA256

                                                                                          5372ae51776bb2ad7a845d63ce25d9aac101b30ff98eeb7ab642cea33e846cd8

                                                                                          SHA512

                                                                                          97d9e089d1b5edefb05af67f80fed2bc8a1cf001d4f02c0ce08d2377d543ce77be1441b0d4329a639700eb76f584e281783e71d522b75fe329dcee5b082a948a

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                          Filesize

                                                                                          3.1MB

                                                                                          MD5

                                                                                          9fbbc6a967c7d7aa66a147a8869a7e61

                                                                                          SHA1

                                                                                          32d51b895eab8f27d6461b03596e1976e7b18662

                                                                                          SHA256

                                                                                          cabef7f11cccbe5c27912f2edd1b5459c82830decd59a0cff3379c50eb709573

                                                                                          SHA512

                                                                                          1ff6fbea2a06a3c293ed78ac35956d746898b2dc851a0bba15cb4fd2856a33f57a828308de102122367b2f7b55f7fc9f12fdbafa08987d9b2e62b3e35df27388

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{160C6B8E-9C4E-49DB-857A-C420876C6213}\IsConfig.ini
                                                                                          Filesize

                                                                                          571B

                                                                                          MD5

                                                                                          767f95cf60761dcc9084dad20935eafa

                                                                                          SHA1

                                                                                          c1d07d3a15ab833994daaa4bc315423ec0c534cf

                                                                                          SHA256

                                                                                          1d65c1d7395f27700188d45d0f272b7a890e49dc67721ce967001d7a5a3e5867

                                                                                          SHA512

                                                                                          eed616d1399e3244241555108bb713f63f14009863c42b0c4886024ff6e51d2523b3c9386645279d7a7de128b22ef98bbf1868d32adf6de4fb5cc7299a85668f

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{160C6B8E-9C4E-49DB-857A-C420876C6213}\String1033.txt
                                                                                          Filesize

                                                                                          182KB

                                                                                          MD5

                                                                                          c65eef249713ebc6cbc87ab20059a15b

                                                                                          SHA1

                                                                                          b49f507dd09321f0a47ffa99cf3c42def1d792f5

                                                                                          SHA256

                                                                                          e91cb497a2979f143de829bf5229d44c2c430e9a7f87f30984e2bcc588418c0d

                                                                                          SHA512

                                                                                          8e211d1fd0f4eab91ba944162dc379b61c99e18cdf560c6e1e7d75c0feff09bad79df9585949a9f10786e34f53e38e1b0c98c6213f8ff69fe93b0aae2785850b

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{160C6B8E-9C4E-49DB-857A-C420876C6213}\_is859.exe
                                                                                          Filesize

                                                                                          179KB

                                                                                          MD5

                                                                                          7a1c100df8065815dc34c05abc0c13de

                                                                                          SHA1

                                                                                          3c23414ae545d2087e5462a8994d2b87d3e6d9e2

                                                                                          SHA256

                                                                                          e46c768950aad809d04c91fb4234cb4b2e7d0b195f318719a71e967609e3bbed

                                                                                          SHA512

                                                                                          bbec114913bc2f92e8de7a4dd9513bff31f6b0ef4872171b9b6b63fef7faa363cf47e63e2d710dd32e9fc84c61f828e0fae3d48d06b76da023241bee9d4a6327

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{160C6B8E-9C4E-49DB-857A-C420876C6213}\setup.inx
                                                                                          Filesize

                                                                                          345KB

                                                                                          MD5

                                                                                          9bf97345a1353805b2bd365c1e1dc5a4

                                                                                          SHA1

                                                                                          e635791fe60afa117de2219d9c5e14464de8d52b

                                                                                          SHA256

                                                                                          0c600ed7e75e6cd87519faa51955a143e21328ff13e9573cacbe6022a28e194b

                                                                                          SHA512

                                                                                          d92a1532c15e18bbd78279a45c830899760f046990b2bfaee4e38ccf02c16e8072874cb901d68a2d845905691b80130d10bfcc9089fa70b14cac4ed0283352e6

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{82DDA6F4-2E34-498E-966A-099FDCFAB1A8}\.ba\1033\thm.wxl
                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          34d0c531eed48550be3d877290ad2553

                                                                                          SHA1

                                                                                          7983955032f9e7d2ee72cabc644a14c892a92289

                                                                                          SHA256

                                                                                          0d2abde2e4974cc8b7231f017975180d67592ee6d3418cd6dc52e2bc4bf03e50

                                                                                          SHA512

                                                                                          0c9d916ac420c6a27e723d8bab2db80372cc6303c79a6e1c3b2bd462711b711f2cc45fae43ceb2ce603708c884b0ec6bb7217981ef2a03e0fc3e6c6916716e7a

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{82DDA6F4-2E34-498E-966A-099FDCFAB1A8}\.ba\wixstdba.dll
                                                                                          Filesize

                                                                                          190KB

                                                                                          MD5

                                                                                          f1919c6bd85d7a78a70c228a5b227fbe

                                                                                          SHA1

                                                                                          71647ebf4e7bed3bc1663d520419ac550fe630ff

                                                                                          SHA256

                                                                                          dcea15f3710822ffc262e62ec04cc7bbbf0f33f5d1a853609fbfb65cb6a45640

                                                                                          SHA512

                                                                                          c7ff9b19c9bf320454a240c6abbc382950176a6befce05ea73150eeb0085d0b6ed5b65b2dcb4b04621ef9cca1d5c4e59c6682b9c85d1d5845e5ce3e5eedfd2eb

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{AA4A101F-1216-45CB-8F4B-D8ED608A99A9}\.ba\BootstrapperApplicationData.xml
                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          4487aea1acc637f079c0b95cc52556ce

                                                                                          SHA1

                                                                                          dc4dcc5bd9824e212ab4439632f8d79e5bfcb34f

                                                                                          SHA256

                                                                                          062c872144b676d3557be20f17acaf98eb0015b135576f3b30a966bc9e0df4ff

                                                                                          SHA512

                                                                                          8f8915bbc50e14df1969b3e20df22dc968847e0a15aa6a85b7f1d6dbb2f3fbc87c1018d0605292d64d4d3405d74ea6e904bcea04ec060f3589443005ec997311

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{AA4A101F-1216-45CB-8F4B-D8ED608A99A9}\.ba\thm.xml
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          03cf60952e7b59460fd22807e8cb28e1

                                                                                          SHA1

                                                                                          5f4454019c5f33059ae53522ffb534eef815a5f5

                                                                                          SHA256

                                                                                          af7c42ac777b45751763bceaf8604fa5b842b096da4d1370158a1c3422713555

                                                                                          SHA512

                                                                                          bfb3c642759522cd4fd8c784909e97c38e6c44cced11d70167d0e243d8da12555a94aa2cd9978745849fa5233a1915485d3e1cb011d985c92a115e44a11b7140

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{B3D6AB3A-12E7-42F2-8E25-F452459F1852}\.ba\bg.png
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                                          SHA1

                                                                                          eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                                          SHA256

                                                                                          9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                                          SHA512

                                                                                          9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{B3D6AB3A-12E7-42F2-8E25-F452459F1852}\.be\dotnet-runtime-8.0.11-win-x64.exe
                                                                                          Filesize

                                                                                          607KB

                                                                                          MD5

                                                                                          669de3ab32955e69decfe13a3c89891e

                                                                                          SHA1

                                                                                          ab2e90613c8b9261f022348ca11952a29f9b2c73

                                                                                          SHA256

                                                                                          2240e6318171b3cddcee6a801488f59145c1f54ca123068c2a73564535954677

                                                                                          SHA512

                                                                                          be5d737a7d25cc779736b60b1ea59982593f0598e207340219a13fd9572d140cfbcd112e3cf93e3be6085fe284a54d4458563e6f6e4e1cfe7c919685c9ee5442

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{D4017EDE-2075-4205-A564-C48F5EFC2765}\ISRT.dll
                                                                                          Filesize

                                                                                          427KB

                                                                                          MD5

                                                                                          85315ad538fa5af8162f1cd2fce1c99d

                                                                                          SHA1

                                                                                          31c177c28a05fa3de5e1f934b96b9d01a8969bba

                                                                                          SHA256

                                                                                          70735b13f629f247d6af2be567f2da8112039fbced5fbb37961e53a2a3ec1ec7

                                                                                          SHA512

                                                                                          877eb3238517eeb87c2a5d42839167e6c58f9ca7228847db3d20a19fb13b176a6280c37decda676fa99a6ccf7469569ddc0974eccf4ad67514fdedf9e9358556

                                                                                          Download Submit

                                                                                        • C:\Windows\Temp\{D4017EDE-2075-4205-A564-C48F5EFC2765}\_isres_0x0409.dll
                                                                                          Filesize

                                                                                          1.8MB

                                                                                          MD5

                                                                                          befe2ef369d12f83c72c5f2f7069dd87

                                                                                          SHA1

                                                                                          b89c7f6da1241ed98015dc347e70322832bcbe50

                                                                                          SHA256

                                                                                          9652ffae3f5c57d1095c6317ab6d75a9c835bb296e7c8b353a4d55d55c49a131

                                                                                          SHA512

                                                                                          760631b05ef79c308570b12d0c91c1d2a527427d51e4e568630e410b022e4ba24c924d6d85be6462ba7f71b2f0ba05587d3ec4b8f98fcdb8bb4f57949a41743b

                                                                                          Download Submit

                                                                                        • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                          Filesize

                                                                                          412B

                                                                                          MD5

                                                                                          9cb762b3f4854de4f5a5e8d88d6402c0

                                                                                          SHA1

                                                                                          1ff1590e5124e3e3f3af171492d7b17cec662e48

                                                                                          SHA256

                                                                                          773b68b3056eae6cc2bdfdd00d395e0ec190f6faf17e24db3aef0ff817945748

                                                                                          SHA512

                                                                                          7bf245d797dd1fdd40d812a7cbb124511ef1a69c05e63609a279fca358dd7c9a2cda854390adc5eacf6555ce286244b21db7453b7dd2fc87c042996e0ed1829b

                                                                                          Download Submit

                                                                                        • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                                          Filesize

                                                                                          24.1MB

                                                                                          MD5

                                                                                          a5507ed3fd09daaea3cca743470da8d8

                                                                                          SHA1

                                                                                          46dfbd254e91016040b257c48b6693f5ed304af7

                                                                                          SHA256

                                                                                          67f31f6a5068135f662408893c58383dbdc59a4252bc85703de1f0fbd7779352

                                                                                          SHA512

                                                                                          76ff8eab642cde4c7e08b5bbd103eac104c38d4ca3ca57344e0261d9964d28c439d0b9af6009dfc79e78fb5b4f94396dba446f290cec2a7ebbd58fd82e8226f5

                                                                                          Download Submit

                                                                                        • \??\Volume{28d8005c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{41f14274-5a52-4dd3-81fe-10ccf3a6f383}_OnDiskSnapshotProp
                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          a377c8c5146f36ef3159053070aa9851

                                                                                          SHA1

                                                                                          461bbca92f851694b4803699add4c7f213df8093

                                                                                          SHA256

                                                                                          2500db6a516cf50af21cce2d3c3c195ba8ac1baf8db7dc6b6024a75f0a439c4b

                                                                                          SHA512

                                                                                          043dc011d41f598866af002b572015db93608637b2d7f85624fb893dfeafecbe310ead23a8102e76f7b95c49c4d71f14a11d14fba014488591fbbd47c788d23c

                                                                                          Download Submit

                                                                                        • memory/660-1961-0x000001D35AC10000-0x000001D35AC64000-memory.dmp

                                                                                          Filesize

                                                                                          336KB

                                                                                          Download

                                                                                        • memory/660-1925-0x000001D3733C0000-0x000001D373472000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/660-1924-0x000001D35A580000-0x000001D35A59C000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/660-1922-0x000001D35A1C0000-0x000001D35A1D2000-memory.dmp

                                                                                          Filesize

                                                                                          72KB

                                                                                          Download

                                                                                        • memory/1016-41-0x0000000003210000-0x000000000323E000-memory.dmp

                                                                                          Filesize

                                                                                          184KB

                                                                                          Download

                                                                                        • memory/1016-45-0x0000000003250000-0x000000000325C000-memory.dmp

                                                                                          Filesize

                                                                                          48KB

                                                                                          Download

                                                                                        • memory/1116-112-0x0000000004A60000-0x0000000004AC6000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1440-1912-0x000002AC39FF0000-0x000002AC3A008000-memory.dmp

                                                                                          Filesize

                                                                                          96KB

                                                                                          Download

                                                                                        • memory/1440-1914-0x000002AC527F0000-0x000002AC528A2000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/1440-1910-0x000002AC396A0000-0x000002AC396AC000-memory.dmp

                                                                                          Filesize

                                                                                          48KB

                                                                                          Download

                                                                                        • memory/1440-1917-0x000002AC3A010000-0x000002AC3A030000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                          Download

                                                                                        • memory/1748-1948-0x00000152DA7A0000-0x00000152DA7B0000-memory.dmp

                                                                                          Filesize

                                                                                          64KB

                                                                                          Download

                                                                                        • memory/1748-1949-0x00000152DAFD0000-0x00000152DAFF0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                          Download

                                                                                        • memory/1748-1950-0x00000152F3920000-0x00000152F39D2000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/1748-1954-0x00000152DB140000-0x00000152DB154000-memory.dmp

                                                                                          Filesize

                                                                                          80KB

                                                                                          Download

                                                                                        • memory/1748-1953-0x00000152F39E0000-0x00000152F3A46000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1856-1947-0x000001DC39910000-0x000001DC399C0000-memory.dmp

                                                                                          Filesize

                                                                                          704KB

                                                                                          Download

                                                                                        • memory/1856-1904-0x000001DC38DD0000-0x000001DC38DDC000-memory.dmp

                                                                                          Filesize

                                                                                          48KB

                                                                                          Download

                                                                                        • memory/1856-1964-0x000001DC521D0000-0x000001DC522AC000-memory.dmp

                                                                                          Filesize

                                                                                          880KB

                                                                                          Download

                                                                                        • memory/1856-1905-0x000001DC392A0000-0x000001DC392EA000-memory.dmp

                                                                                          Filesize

                                                                                          296KB

                                                                                          Download

                                                                                        • memory/1856-1907-0x000001DC39180000-0x000001DC3919C000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/2404-1943-0x000002A0F9000000-0x000002A0F904A000-memory.dmp

                                                                                          Filesize

                                                                                          296KB

                                                                                          Download

                                                                                        • memory/2404-1956-0x000002A0F9B70000-0x000002A0F9C4C000-memory.dmp

                                                                                          Filesize

                                                                                          880KB

                                                                                          Download

                                                                                        • memory/2404-1940-0x000002A0F87A0000-0x000002A0F87B0000-memory.dmp

                                                                                          Filesize

                                                                                          64KB

                                                                                          Download

                                                                                        • memory/2404-1963-0x000002A0F9C50000-0x000002A0F9D02000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/2404-1944-0x000002A0F8FD0000-0x000002A0F8FEC000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/2648-1187-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/2648-1269-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/2648-1270-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/2648-1194-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/2700-82-0x0000000004F90000-0x00000000052E4000-memory.dmp

                                                                                          Filesize

                                                                                          3.3MB

                                                                                          Download

                                                                                        • memory/2700-81-0x0000000004E60000-0x0000000004E82000-memory.dmp

                                                                                          Filesize

                                                                                          136KB

                                                                                          Download

                                                                                        • memory/2700-78-0x0000000004ED0000-0x0000000004F82000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/3600-1899-0x000002C84DF90000-0x000002C84DFCA000-memory.dmp

                                                                                          Filesize

                                                                                          232KB

                                                                                          Download

                                                                                        • memory/3600-1913-0x000002C8671A0000-0x000002C867252000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/3600-1923-0x000002C867130000-0x000002C867178000-memory.dmp

                                                                                          Filesize

                                                                                          288KB

                                                                                          Download

                                                                                        • memory/3600-1916-0x000002C84E8A0000-0x000002C84E8BC000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/3852-514-0x0000000003680000-0x0000000003847000-memory.dmp

                                                                                          Filesize

                                                                                          1.8MB

                                                                                          Download

                                                                                        • memory/3852-937-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/3852-1117-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/3852-1080-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/3852-547-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/3852-511-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/3852-1024-0x0000000010000000-0x0000000010114000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/3852-940-0x00000000036C0000-0x0000000003887000-memory.dmp

                                                                                          Filesize

                                                                                          1.8MB

                                                                                          Download

                                                                                        • memory/4304-359-0x0000025EBECE0000-0x0000025EBECF6000-memory.dmp

                                                                                          Filesize

                                                                                          88KB

                                                                                          Download

                                                                                        • memory/4304-1965-0x0000026CFDA60000-0x0000026CFDB12000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/4304-1941-0x0000026CE4F60000-0x0000026CE4F7C000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/4304-1939-0x0000026CFD7E0000-0x0000026CFD82A000-memory.dmp

                                                                                          Filesize

                                                                                          296KB

                                                                                          Download

                                                                                        • memory/4304-1938-0x0000026CE4710000-0x0000026CE4722000-memory.dmp

                                                                                          Filesize

                                                                                          72KB

                                                                                          Download

                                                                                        • memory/4304-363-0x0000025EBF650000-0x0000025EBF66C000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/4304-361-0x0000025ED7E50000-0x0000025ED7F02000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/4452-382-0x000001F2562A0000-0x000001F25637C000-memory.dmp

                                                                                          Filesize

                                                                                          880KB

                                                                                          Download

                                                                                        • memory/4452-386-0x000001F23D7A0000-0x000001F23D7A8000-memory.dmp

                                                                                          Filesize

                                                                                          32KB

                                                                                          Download

                                                                                        • memory/4452-365-0x000001F255FA0000-0x000001F255FEC000-memory.dmp

                                                                                          Filesize

                                                                                          304KB

                                                                                          Download

                                                                                        • memory/4452-366-0x000001F256020000-0x000001F256068000-memory.dmp

                                                                                          Filesize

                                                                                          288KB

                                                                                          Download

                                                                                        • memory/4452-367-0x000001F23D6F0000-0x000001F23D6F8000-memory.dmp

                                                                                          Filesize

                                                                                          32KB

                                                                                          Download

                                                                                        • memory/4452-368-0x000001F23D700000-0x000001F23D70A000-memory.dmp

                                                                                          Filesize

                                                                                          40KB

                                                                                          Download

                                                                                        • memory/4452-385-0x000001F256380000-0x000001F256432000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/4452-360-0x000001F23CE30000-0x000001F23CE96000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/4452-387-0x000001F23D7B0000-0x000001F23D7B8000-memory.dmp

                                                                                          Filesize

                                                                                          32KB

                                                                                          Download

                                                                                        • memory/4452-388-0x000001F255FF0000-0x000001F255FF8000-memory.dmp

                                                                                          Filesize

                                                                                          32KB

                                                                                          Download

                                                                                        • memory/4452-389-0x000001F256230000-0x000001F256298000-memory.dmp

                                                                                          Filesize

                                                                                          416KB

                                                                                          Download

                                                                                        • memory/4452-390-0x000001F2561F0000-0x000001F25621A000-memory.dmp

                                                                                          Filesize

                                                                                          168KB

                                                                                          Download

                                                                                        • memory/4452-391-0x000001F2570A0000-0x000001F2570DA000-memory.dmp

                                                                                          Filesize

                                                                                          232KB

                                                                                          Download

                                                                                        • memory/4452-392-0x000001F2561C0000-0x000001F2561E6000-memory.dmp

                                                                                          Filesize

                                                                                          152KB

                                                                                          Download

                                                                                        • memory/4452-362-0x000001F23D740000-0x000001F23D78A000-memory.dmp

                                                                                          Filesize

                                                                                          296KB

                                                                                          Download

                                                                                        • memory/4452-364-0x000001F23D260000-0x000001F23D27C000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/4688-243-0x00000262E9890000-0x00000262E98C8000-memory.dmp

                                                                                          Filesize

                                                                                          224KB

                                                                                          Download

                                                                                        • memory/4688-195-0x00000262E9390000-0x00000262E9442000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/4688-203-0x00000262E9180000-0x00000262E91A2000-memory.dmp

                                                                                          Filesize

                                                                                          136KB

                                                                                          Download

                                                                                        • memory/4868-167-0x00000235ED660000-0x00000235ED69C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/4868-150-0x00000235D3240000-0x00000235D3268000-memory.dmp

                                                                                          Filesize

                                                                                          160KB

                                                                                          Download

                                                                                        • memory/4868-166-0x00000235D3660000-0x00000235D3672000-memory.dmp

                                                                                          Filesize

                                                                                          72KB

                                                                                          Download

                                                                                        • memory/4868-162-0x00000235ED8A0000-0x00000235ED938000-memory.dmp

                                                                                          Filesize

                                                                                          608KB

                                                                                          Download

                                                                                        • memory/5400-1255-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/5400-1256-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/5400-2130-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/5400-1722-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/5400-2129-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/5400-1721-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/5400-1170-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/5400-1171-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/5600-2479-0x0000000070E90000-0x0000000072372000-memory.dmp

                                                                                          Filesize

                                                                                          20.9MB

                                                                                          Download

                                                                                        • memory/5600-1933-0x0000000073E60000-0x0000000073F05000-memory.dmp

                                                                                          Filesize

                                                                                          660KB

                                                                                          Download

                                                                                        • memory/5600-1937-0x0000000070E90000-0x0000000072372000-memory.dmp

                                                                                          Filesize

                                                                                          20.9MB

                                                                                          Download

                                                                                        • memory/5600-1210-0x0000000073E60000-0x0000000073F05000-memory.dmp

                                                                                          Filesize

                                                                                          660KB

                                                                                          Download

                                                                                        • memory/5600-1209-0x0000000070E90000-0x0000000072372000-memory.dmp

                                                                                          Filesize

                                                                                          20.9MB

                                                                                          Download

                                                                                        • memory/5600-2480-0x0000000073E60000-0x0000000073F05000-memory.dmp

                                                                                          Filesize

                                                                                          660KB

                                                                                          Download

                                                                                        • memory/5656-1955-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/5688-1951-0x000002BF1EF90000-0x000002BF1EFDA000-memory.dmp

                                                                                          Filesize

                                                                                          296KB

                                                                                          Download

                                                                                        • memory/5688-1946-0x000002BF06770000-0x000002BF0677C000-memory.dmp

                                                                                          Filesize

                                                                                          48KB

                                                                                          Download

                                                                                        • memory/5688-1942-0x000002BF067A0000-0x000002BF067BC000-memory.dmp

                                                                                          Filesize

                                                                                          112KB

                                                                                          Download

                                                                                        • memory/5688-1945-0x000002BF067C0000-0x000002BF067D8000-memory.dmp

                                                                                          Filesize

                                                                                          96KB

                                                                                          Download

                                                                                        • memory/5688-1928-0x000002BF05DF0000-0x000002BF05E40000-memory.dmp

                                                                                          Filesize

                                                                                          320KB

                                                                                          Download

                                                                                        • memory/5688-1936-0x000002BF1EEF0000-0x000002BF1EF3A000-memory.dmp

                                                                                          Filesize

                                                                                          296KB

                                                                                          Download

                                                                                        • memory/5808-298-0x0000020026050000-0x0000020026070000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                          Download

                                                                                        • memory/5808-293-0x00000200257B0000-0x00000200257F2000-memory.dmp

                                                                                          Filesize

                                                                                          264KB

                                                                                          Download

                                                                                        • memory/5808-296-0x000002003E980000-0x000002003EA32000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/5984-1934-0x0000015A7ECE0000-0x0000015A7F208000-memory.dmp

                                                                                          Filesize

                                                                                          5.2MB

                                                                                          Download

                                                                                        • memory/5984-1897-0x0000015A7D3F0000-0x0000015A7D3FA000-memory.dmp

                                                                                          Filesize

                                                                                          40KB

                                                                                          Download

                                                                                        • memory/5984-1898-0x0000015A7D7B0000-0x0000015A7D7CA000-memory.dmp

                                                                                          Filesize

                                                                                          104KB

                                                                                          Download

                                                                                        • memory/5984-1903-0x0000015A7E6F0000-0x0000015A7E7A2000-memory.dmp

                                                                                          Filesize

                                                                                          712KB

                                                                                          Download

                                                                                        • memory/6092-2476-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/6092-1199-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download

                                                                                        • memory/6092-2475-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/6092-1277-0x0000000072750000-0x000000007286C000-memory.dmp

                                                                                          Filesize

                                                                                          1.1MB

                                                                                          Download

                                                                                        • memory/6092-1278-0x0000000072380000-0x000000007274D000-memory.dmp

                                                                                          Filesize

                                                                                          3.8MB

                                                                                          Download